VYPR

rpm package

opensuse/fossil&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/fossil&distro=openSUSE%20Tumbleweed

Vulnerabilities (3)

  • CVE-2020-24614Aug 25, 2020
    affected < 2.16-1.2fixed 2.16-1.2

    Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository.

  • CVE-2017-17459HigDec 7, 2017
    affected < 2.16-1.2fixed 2.16-1.2

    http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017

  • CVE-2014-3566LowOct 15, 2014
    affected < 1.35-1.3fixed 1.35-1.3

    The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.