Skip to main content

Fossil

4 CVEs product

Monthly

CVE-2022-34009 MEDIUM POC This Month

Fossil 2.18 on Windows allows attackers to cause a denial of service (daemon crash) via an XSS payload in a ticket. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft XSS Denial Of Service Fossil
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-36377 HIGH This Week

Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fossil Fedora
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-24614 HIGH This Week

Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Authentication Bypass Fossil Fedora Backports Sle +1
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2017-17459 HIGH PATCH This Week

http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Fossil
NVD
CVSS 3.0
8.8
EPSS
1.6%
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Fossil 2.18 on Windows allows attackers to cause a denial of service (daemon crash) via an XSS payload in a ticket. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft XSS Denial Of Service +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fossil Fedora
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Authentication Bypass Fossil +3
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Fossil
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy