Jira Subversion ALM for Enterprise <8.8.2 - Cross-Site Scripting

Jira Subversion ALM for Enterprise before 8.8.2 contains a cross-site scripting vulnerability at multiple locations. id: CVE-2020-9344 info: name: Jira Subversion ALM for Enterprise 8.8.2 - Cross-Site Scripting author: madrobot severity: medium description: Jira Subversion ALM for Enterprise befo...

Astra Linux - уязвимость в subversion

Apache Subversion SVN’s “authz” feature prevents the display of “copyfrom” paths that should be hidden according to configured path-based authorization rules. When a node is copied from a protected location, users with access to the copy can see the “copyfrom” path of the original node. This also...

Astra Linux - уязвимость в subversion

The Subversion’s modauthzsvn module will crash if the server uses in-repository authz rules with the AuthzSVNReposRelativeAccessFile option, and a client sends a request for a non-existent repository URL. This can cause disruptions for users of the service. This issue has been fixed in...

CLSA-2026-1778946135 subversion: Fix of CVE-2018-11782

CVE-2018-11782: fix svnserve DoS via well-formed read-only get-deleted-rev request...

subversion: Fix of CVE-2018-11782

CVE-2018-11782: fix svnserve DoS via well-formed read-only get-deleted-rev request...

CLSA-2026-1778894989 subversion: Fix of CVE-2021-28544

CVE-2021-28544: fix authz copyfrom path information leak in svn log -v...

CLSA-2026-1778495013 subversion: Fix of CVE-2024-46901

CVE-2024-46901: fix moddavsvn denial-of-service via control characters in paths...

Unity Linux 20.1060e / 20.1070e Security Update: subversion (UTSA-2026-017632)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017632 advisory. Subversion's modauthzsvn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a...

RHCOS 4 : OpenShift Container Platform 4.4.z jenkins-2-plugins (RHSA-2020:2737)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2737 advisory. - jenkins-script-security-plugin: sandbox protection bypass leads to execute arbitrary code in sandboxed scripts CVE-2019-16538 -...

RHCOS 4 : OpenShift Container Platform 4.9.33 (RHSA-2022:2205)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:2205 advisory. - credentials: Stored XSS vulnerabilities in jenkins plugin CVE-2022-29036 - Jira: Stored XSS vulnerabilities in Jenkins Jira plugin...

RHCOS 4 : OpenShift Container Platform 4.3.35 jenkins-2-plugins (RHSA-2020:3616)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3616 advisory. - jenkins-script-security-plugin: sandbox protection bypass leads to execute arbitrary code in sandboxed scripts CVE-2019-16538 -...

RHCOS 4 : OpenShift Container Platform 4.10.12 (RHSA-2022:1600)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1600 advisory. - cri-o: Default inheritable capabilities for linux container should be empty CVE-2022-27652 - credentials: Stored XSS vulnerabiliti...

RHCOS 3 : OpenShift Container Platform 3.11 jenkins-2-plugins (RHSA-2020:2478)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2478 advisory. - jenkins-git-client-plugin: OS command injection via 'git ls-remote' CVE-2019-10392 - jenkins-script-security-plugin: sandbox...

SUSE CVE-2026-29169

A NULL pointer dereference in moddavlock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.moddavlock is not used internally by moddav or moddavfs. The only known use-case for moddavlock was moddavsvn from Apache Subversion earlier than...

CVE-2026-29169

A NULL pointer dereference in moddavlock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.moddavlock is not used internally by moddav or moddavfs. The only known use-case for moddavlock was moddavsvn from Apache Subversion earlier than...

CVE-2026-29169

A NULL pointer dereference in moddavlock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.moddavlock is not used internally by moddav or moddavfs. The only known use-case for moddavlock was moddavsvn from Apache Subversion earlier than...

RHCOS 3 : OpenShift Container Platform 3.11.705 (RHSA-2022:2280)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:2280 advisory. - prometheus/clientgolang: Denial of service using InstrumentHandlerCounter CVE-2022-21698 - credentials: Stored XSS vulnerabilities...

Astra Linux - уязвимость в ansible

A flaw was discovered in Ansible 2.7.16 and earlier versions, as well as 2.8.8 and earlier, and 2.9.5 and earlier. When a password is set using the “password” argument of the svn module, it is used in the svn command line, thereby exposing it to other users within the same node. An attacker could...

Astra Linux - уязвимость в subversion

Subversion’s moddavsvn is vulnerable to memory corruption. When checking path-based authorization rules, moddavsvn servers may attempt to use memory that has already been freed. Affected Subversion moddavsvn servers include versions 1.10.0 through 1.14.1 including those versions. Servers that do...

Astra Linux - уязвимость в subversion

Insufficient validation of filenames against control characters in Apache Subversion repositories served via moddavsvn allows authenticated users with commit access to commit a corrupted revision, causing disruption for users of the repository. All versions of Subversion, including Subversion...