Download
| Alert*
oval:org.secpod.oval:def:34614
The host is installed with Apache Subversion 1.7.x, 1.8.x before 1.8.15 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to handle a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow. Successful exploita ... oval:org.secpod.oval:def:1600359 It was found that when an SVN server searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable . An integer overflow was discovered allowing remote attackers to execute arbitrary code via an svn:// protocol string, whi ... oval:org.secpod.oval:def:51870 subversion: Advanced version control system Several security issues were fixed in Subversion. oval:org.secpod.oval:def:53116 Several problems were discovered in Subversion, a centralised version control system. CVE-2017-9800 Joern Schneeweisz discovered that Subversion did not correctly handle maliciously constructed svn+ssh:// URLs. This allowed an attacker to run an arbitrary shell command, for instance via svn:external ... oval:org.secpod.oval:def:1800422 Subversion"s mod_dontdothat module and clients using are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack, otherwise known as the "billion laughs attack", targets XML parsers and can cause the targeted process to consume an excessive amount of CPU resou ... |