Download
| Alert*
|
oval:org.secpod.oval:def:1800025
CVE-2016-2167: svnserve/sasl may authenticate users using the wrong realm. svnserve, the svn:// protocol server, can optionally use the Cyrus SASL library for authentication, integrity protection, and encryption.Due to a programming oversight, authentication against Cyrus SASL would permit the remot ... oval:org.secpod.oval:def:34612 The host is installed with Apache Subversion 1.0.x before 1.8.15 and is prone to a null pointer dereference vulnerability. A flaw is present in the application, which fails to handle a crafted header in a MOVE or COPY request. Successful exploitation could allow remote attackers to cause a denial of ... oval:org.secpod.oval:def:1600414 The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository ... oval:org.secpod.oval:def:602484 Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-2167 Daniel Shahaf and James McCoy discovered that an implementation error in the authentication against the Cyrus SASL librar ... oval:org.secpod.oval:def:51870 subversion: Advanced version control system Several security issues were fixed in Subversion. oval:org.secpod.oval:def:53116 Several problems were discovered in Subversion, a centralised version control system. CVE-2017-9800 Joern Schneeweisz discovered that Subversion did not correctly handle maliciously constructed svn+ssh:// URLs. This allowed an attacker to run an arbitrary shell command, for instance via svn:external ... oval:org.secpod.oval:def:34613 The host is installed with Apache Subversion 1.5.x before 1.8.15 and is prone to an intended access restriction bypass vulnerability. A flaw is present in the application, which fails to handle a realm string that is a prefix of an expected repository realm string. Successful exploitation could allo ... oval:org.secpod.oval:def:1800422 Subversion"s mod_dontdothat module and clients using are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack, otherwise known as the "billion laughs attack", targets XML parsers and can cause the targeted process to consume an excessive amount of CPU resou ... oval:org.secpod.oval:def:703756 subversion: Advanced version control system Several security issues were fixed in Subversion. |
