Download
| Alert*
|
oval:org.secpod.oval:def:22276
The host is installed with Apache Subversion 1.7.x before 1.7.19 or 1.8.x before 1.8.11 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a request for a URI that triggers a lookup for a virtual transaction name that does not exis ... oval:org.secpod.oval:def:24061 The host is installed with Apache Subversion 1.5.0 through 1.7.19 or 1.8.0 through 1.8.11 and is prone to svn:author property spoofing vulnerability. A flaw is present in the application, which fails to handle crafted v1 HTTP protocol request sequences. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:24063 The host is installed with Apache Subversion 1.6.0 through 1.7.19 or 1.8.0 through 1.8.11 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle crafted parameter combinations related to dynamically evaluated revision numbers. Successful exploi ... oval:org.secpod.oval:def:1600359 It was found that when an SVN server searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable . An integer overflow was discovered allowing remote attackers to execute arbitrary code via an svn:// protocol string, whi ... oval:org.secpod.oval:def:501653 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ... oval:org.secpod.oval:def:52558 subversion: Advanced version control system Several security issues were fixed in Subversion. oval:org.secpod.oval:def:602191 Several security issues have been found in the server components of the version control system subversion. CVE-2015-3184 Subversion"s mod_authz_svn does not properly restrict anonymous access in some mixed anonymous/authenticated environments when using Apache httpd 2.4. The result is that anonymous ... oval:org.secpod.oval:def:34614 The host is installed with Apache Subversion 1.7.x, 1.8.x before 1.8.15 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to handle a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow. Successful exploita ... oval:org.secpod.oval:def:1500911 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ... oval:org.secpod.oval:def:110243 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subvers ... oval:org.secpod.oval:def:15918 The host is installed with Apache Subversion 1.4.0 through 1.7.12 or 1.8.0 through 1.8.1 and is prone to local privilege escalation vulnerability. The flaw is present in Svnserve in Apache Subversion, which fails to properly handle a symlink attack on the file specified by the --pid-file option. Suc ... oval:org.secpod.oval:def:203728 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ... oval:org.secpod.oval:def:1600198 The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. oval:org.secpod.oval:def:16222 The host is installed with Apache Subversion 1.4.0 through 1.7.13 or 1.8.0 through 1.8.4 and is prone to security bypass vulnerability. The flaw is present in is_this_legal function in mod_dontdothat in Apache Subversion, which fails to properly handle a relative URL in a REPORT request. Successful ... oval:org.secpod.oval:def:203558 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ... oval:org.secpod.oval:def:702721 subversion: Advanced version control system Several security issues were fixed in Subversion. oval:org.secpod.oval:def:1600255 The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service via a certain COPY, DELETE, or MOVE request against a revision root. oval:org.secpod.oval:def:26232 subversion: Advanced version control system Several security issues were fixed in Subversion. oval:org.secpod.oval:def:26234 The host is installed with Apache Subversion before 1.7.21, 1.8.x before 1.8.14 or Apache HTTP Server 2.4.x through 2.4.12 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to properly restrict anonymous access. Successful exploitation could a ... oval:org.secpod.oval:def:105789 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subvers ... oval:org.secpod.oval:def:105940 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subvers ... oval:org.secpod.oval:def:1500910 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ... oval:org.secpod.oval:def:26231 subversion: Advanced version control system Several security issues were fixed in Subversion. oval:org.secpod.oval:def:26792 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposit ... oval:org.secpod.oval:def:108279 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subvers ... oval:org.secpod.oval:def:501499 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ... oval:org.secpod.oval:def:203559 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ... oval:org.secpod.oval:def:108277 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subvers ... oval:org.secpod.oval:def:1501151 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposit ... oval:org.secpod.oval:def:203700 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ... oval:org.secpod.oval:def:501500 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ... oval:org.secpod.oval:def:501628 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ... oval:org.secpod.oval:def:1200111 A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash. ... oval:org.secpod.oval:def:22277 The host is installed with Apache Subversion 1.7.x before 1.7.19 or 1.8.x before 1.8.11 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a REPORT request for a resource that does not exist. Successful exploitation could allow rem ... oval:org.secpod.oval:def:202664 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ... oval:org.secpod.oval:def:202663 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ... oval:org.secpod.oval:def:1500145 Updated subversion packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, a ... oval:org.secpod.oval:def:1500146 Updated subversion packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, a ... oval:org.secpod.oval:def:1600253 A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled PROPFIND requests on activity URLs. A remote attacker could use this flaw to cause the httpd process serving the request to crash. A flaw was found in the way the mod_dav_svn module handled large numbers of propertie ... oval:org.secpod.oval:def:20713 The host is installed with Subversion 1.7.0 through 1.7.8 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a log REPORT request with an invalid limit. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:20714 The host is installed with Subversion 1.6.x through 1.6.20 or 1.7.0 through 1.7.8 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a PROPFIND request for an activity URL. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:106544 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subvers ... oval:org.secpod.oval:def:20712 The host is installed with Subversion before 1.6.23 or 1.7.0 before 1.7.10 and is prone to a fsfs repository corruption vulnerability. A flaw is present in the application, which fails to properly handle a newline character in a file name. Successful exploitation could allow attackers to crash the s ... oval:org.secpod.oval:def:20710 The host is installed with Subversion before 1.6.23 or 1.7.0 before 1.7.10 and is prone to a denial of service vulnerability. A flaw is present in the application, which improperly treats aborted connections as critical errors. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:601049 Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1968 Subversion repositories with the FSFS repository data store format can be corrupted by newline characters in filenames. A ... oval:org.secpod.oval:def:1600007 A flaw was found in the way the mod_dav_svn module handled OPTIONS requests oval:org.secpod.oval:def:20717 The host is installed with Subversion 1.0.0 through 1.6.20 or 1.7.0 through 1.7.8 and is prone to memory consumption vulnerability. A flaw is present in the application, which fails to handle (1) setting or (2) deleting a large number of properties for a file or directory. Successful exploitation co ... oval:org.secpod.oval:def:20715 The host is installed with Subversion 1.6.x through 1.6.20 or 1.7.0 through 1.7.8 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle an anonymous LOCK for a URL that does not exist. Successful exploitation could allow attackers to crash the ... oval:org.secpod.oval:def:20913 The host is installed with Apache Subversion 1.4.0 through 1.7.x before 1.7.18 or 1.8.x before 1.8.10 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the application, which fails to handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certific ... oval:org.secpod.oval:def:20716 The host is installed with Subversion 1.0.0 through 1.6.20 or 1.7.0 through 1.7.8 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle an anonymous LOCK for a URL that does not exist. Successful exploitation could allow attackers to crash the ... oval:org.secpod.oval:def:20914 The host is installed with Apache Subversion 1.0.0 through 1.7.x before 1.7.18 or 1.8.x before 1.8.10 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle a crafted authentication realm. Successful exploitation could allow remote serv ... oval:org.secpod.oval:def:602054 Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-0248 Subversion mod_dav_svn and svnserve were vulnerable to a remotely triggerable assertion DoS vulnerability for certain req ... oval:org.secpod.oval:def:1500402 Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:107396 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subvers ... oval:org.secpod.oval:def:106532 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subvers ... oval:org.secpod.oval:def:107425 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subvers ... oval:org.secpod.oval:def:21799 The host is installed with Apache Subversion 1.0.0 through 1.7.x before 1.7.17 or 1.8.x before 1.8.10 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle a crafted authentication realm. Successful exploitation makes it easier ... oval:org.secpod.oval:def:20709 The host is installed with Subversion 1.7.0 through 1.7.10 or 1.8.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root. Successful exploitation could allow remote u ... oval:org.secpod.oval:def:52157 subversion: Advanced version control system Several security issues were fixed in Subversion. oval:org.secpod.oval:def:1200095 The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes. An assertion failure flaw was found in the way the SVN server processed certain requests with d ... oval:org.secpod.oval:def:109357 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subvers ... oval:org.secpod.oval:def:17040 The host is installed with Apache Subversion before 1.7.15 or 1.8.x before 1.8.6 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle vectors related to the server root and request methods other than GET. Successful exploitation could allow a ... oval:org.secpod.oval:def:1300285 This advisory provides the latest version of subversion which is not vulnerable to this issue. oval:org.secpod.oval:def:501198 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ... oval:org.secpod.oval:def:501039 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion reposi ... oval:org.secpod.oval:def:1500393 Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:702159 subversion: Advanced version control system Several security issues were fixed in Subversion. oval:org.secpod.oval:def:53116 Several problems were discovered in Subversion, a centralised version control system. CVE-2017-9800 Joern Schneeweisz discovered that Subversion did not correctly handle maliciously constructed svn+ssh:// URLs. This allowed an attacker to run an arbitrary shell command, for instance via svn:external ... oval:org.secpod.oval:def:1800422 Subversion"s mod_dontdothat module and clients using are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack, otherwise known as the "billion laughs attack", targets XML parsers and can cause the targeted process to consume an excessive amount of CPU resou ... oval:org.secpod.oval:def:51870 subversion: Advanced version control system Several security issues were fixed in Subversion. oval:org.secpod.oval:def:106260 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subvers ... oval:org.secpod.oval:def:1600224 The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service via a relative URL in a REPORT request.The get_parent_resource function in repos.c in ... oval:org.secpod.oval:def:106168 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subvers ... |
