Download
| Alert*
oval:org.secpod.oval:def:1600359
It was found that when an SVN server searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable . An integer overflow was discovered allowing remote attackers to execute arbitrary code via an svn:// protocol string, whi ... oval:org.secpod.oval:def:1600198 The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. oval:org.secpod.oval:def:203065 mod_dav_svn is installed oval:org.secpod.oval:def:1600255 The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service via a certain COPY, DELETE, or MOVE request against a revision root. oval:org.secpod.oval:def:204624 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Security Fix: * A shell command injection flaw related to the handling of "svn+ssh" U ... oval:org.secpod.oval:def:4501280 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Security Fix: * subversion: Remote unauthenticated denial of service in mod_authz_svn For more ... oval:org.secpod.oval:def:2500337 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. oval:org.secpod.oval:def:1200111 A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash. ... oval:org.secpod.oval:def:1600413 The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository ... oval:org.secpod.oval:def:1600253 A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled PROPFIND requests on activity URLs. A remote attacker could use this flaw to cause the httpd process serving the request to crash. A flaw was found in the way the mod_dav_svn module handled large numbers of propertie ... oval:org.secpod.oval:def:1600007 A flaw was found in the way the mod_dav_svn module handled OPTIONS requests oval:org.secpod.oval:def:1200095 The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes. An assertion failure flaw was found in the way the SVN server processed certain requests with d ... oval:org.secpod.oval:def:1600503 An authenticated remote attacker can cause denial-of-service conditions on the server using mod_dontdothat by sending a specially crafted REPORT request. The attack does not require access to a particular repository. oval:org.secpod.oval:def:1600761 Command injection through clients via malicious svn+ssh URLsA shell command injection flaw related to the handling of "svn+ssh" URLs has been discovered in Subversion. An attacker could use this flaw to execute shell commands with the privileges of the user running the Subversion client, f ... oval:org.secpod.oval:def:1505320 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:205647 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Security Fix: * subversion: remotely triggerable DoS vulnerability in svnserve "get-deleted-rev ... oval:org.secpod.oval:def:5800049 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Security Fix: * subversion: Subversion"s mod_dav_svn is vulnerable to memory corruption For mo ... oval:org.secpod.oval:def:506993 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Security Fix: * subversion: Subversion"s mod_dav_svn is vulnerable to memory corruption For mo ... oval:org.secpod.oval:def:4500913 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Security Fix: * subversion: Subversion"s mod_dav_svn is vulnerable to memory corruption For mo ... oval:org.secpod.oval:def:1505873 [1.14.1-5] - Fix for CVE-2022-24070 oval:org.secpod.oval:def:506968 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Security Fix: * subversion: Subversion"s mod_dav_svn is vulnerable to memory corruption For mo ... oval:org.secpod.oval:def:1505759 subversion [1.14.1-2] - add fix for CVE-2022-24070 oval:org.secpod.oval:def:1600224 The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service via a relative URL in a REPORT request.The get_parent_resource function in repos.c in ... |