[Forgot Password]
Login  Register Subscribe

24436

 
 

131815

 
 

115228

 
 

909

 
 

90122

 
 

140

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:1800422
Subversion"s mod_dontdothat module and clients using are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack, otherwise known as the "billion laughs attack", targets XML parsers and can cause the targeted process to consume an excessive amount of CPU resou ...

oval:org.secpod.oval:def:42148
The host is missing a security update according to Apple advisory, APPLE-SA-2016-09-13-2. The update is required to fix multiple memory corruption vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation allows attackers to execute arb ...

oval:org.secpod.oval:def:42147
The host is installed with Xcode before 9.0 on Apple Mac OS X 10.12.6 or later and is prone to arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle input validation. Successful exploitation may lead to arbitrary code execution

oval:org.secpod.oval:def:41756
subversion: Advanced version control system Several security issues were fixed in Subversion.

oval:org.secpod.oval:def:1800180
A Subversion client sometimes connects to URLs provided by the repository.This happens in two primary cases: during "checkout", "export", "update", and"switch", when the tree being downloaded contains svn:externals properties;and when using "svnsync sync" with one URL argument. A maliciously constru ...

oval:org.secpod.oval:def:1600761
Command injection through clients via malicious svn+ssh URLsA shell command injection flaw related to the handling of "svn+ssh" URLs has been discovered in Subversion. An attacker could use this flaw to execute shell commands with the privileges of the user running the Subversion client, f ...

oval:org.secpod.oval:def:113052
Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subvers ...

oval:org.secpod.oval:def:1800244
A Subversion client sometimes connects to URLs provided by the repository.This happens in two primary cases: during "checkout", "export", "update", and"switch", when the tree being downloaded contains svn:externals properties;and when using "svnsync sync" with one URL argument. A maliciously constru ...

oval:org.secpod.oval:def:1800003
A Subversion client sometimes connects to URLs provided by the repository.This happens in two primary cases: during "checkout", "export", "update", and"switch", when the tree being downloaded contains svn:externals properties;and when using "svnsync sync" with one URL argument. A maliciously constru ...

oval:org.secpod.oval:def:703756
subversion: Advanced version control system Several security issues were fixed in Subversion.

oval:org.secpod.oval:def:113087
Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subvers ...

oval:org.secpod.oval:def:1800051
A Subversion client sometimes connects to URLs provided by the repository.This happens in two primary cases: during "checkout", "export", "update", and"switch", when the tree being downloaded contains svn:externals properties; and when using "svnsync sync" with one URL argument. A maliciously constr ...

oval:org.secpod.oval:def:603050
Several problems were discovered in Subversion, a centralised version control system. CVE-2017-9800 Joern Schneeweisz discovered that Subversion did not correctly handle maliciously constructed svn+ssh:// URLs. This allowed an attacker to run an arbitrary shell command, for instance via svn:external ...

oval:org.secpod.oval:def:110243
Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subvers ...

oval:org.secpod.oval:def:1600359
It was found that when an SVN server searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable . An integer overflow was discovered allowing remote attackers to execute arbitrary code via an svn:// protocol string, whi ...

oval:org.secpod.oval:def:33818
The host is installed with Apache Subversion 1.9.x before 1.9.3 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to handle a svn:// protocol string which triggers a heap-based buffer overflow and an out-of-bounds read. Successful exploitation could ...

oval:org.secpod.oval:def:34612
The host is installed with Apache Subversion 1.0.x before 1.8.15 and is prone to a null pointer dereference vulnerability. A flaw is present in the application, which fails to handle a crafted header in a MOVE or COPY request. Successful exploitation could allow remote attackers to cause a denial of ...

oval:org.secpod.oval:def:1800025
CVE-2016-2167: svnserve/sasl may authenticate users using the wrong realm. svnserve, the svn:// protocol server, can optionally use the Cyrus SASL library for authentication, integrity protection, and encryption.Due to a programming oversight, authentication against Cyrus SASL would permit the remot ...

oval:org.secpod.oval:def:1600414
The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository ...

oval:org.secpod.oval:def:602484
Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-2167 Daniel Shahaf and James McCoy discovered that an implementation error in the authentication against the Cyrus SASL librar ...

oval:org.secpod.oval:def:34613
The host is installed with Apache Subversion 1.5.x before 1.8.15 and is prone to an intended access restriction bypass vulnerability. A flaw is present in the application, which fails to handle a realm string that is a prefix of an expected repository realm string. Successful exploitation could allo ...

oval:org.secpod.oval:def:34614
The host is installed with Apache Subversion 1.7.x, 1.8.x before 1.8.15 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to handle a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow. Successful exploita ...

oval:org.secpod.oval:def:1501998
The advisory is missing the security advisory description. For more information please visit the reference link

CVE    6
CVE-2016-8734
CVE-2015-5259
CVE-2016-2168
CVE-2016-2167
...
*CPE
cpe:/a:apache:subversion:1.9.1

© SecPod Technologies