VYPR
Vendor

Fossil Scm

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2017-17459HigDec 7, 2017
    risk 0.57cvss 8.8epss 0.03

    http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976,…

  • CVE-2020-24614Aug 25, 2020
    risk 0.01cvss epss 0.03

    Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository.

  • CVE-2022-34009Jul 27, 2022
    risk 0.00cvss epss 0.00

    Fossil 2.18 on Windows allows attackers to cause a denial of service (daemon crash) via an XSS payload in a ticket. This occurs because the ticket data is stored in a temporary file, and the product does not properly handle the absence of this file after Windows Defender has…

  • CVE-2021-36377Jul 12, 2021
    risk 0.00cvss epss 0.01

    Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation.