Oracle Linux 8 : subversion:1.10 (ELSA-2020-4712)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-4712 advisory. - In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request...

Advisory ROSA-SA-2023-2216

software: subversion 1.14.2 OS: ROSA-CHROME packageevrstring: subversion-1.14.2-1.src.rpm CVE-ID: CVE-2020-17525 BDU-ID: 2022-00306 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the modauthzsvn module of the Subversion centralized version control system is related to incorrect handling of reques...

Hacking Pickleball

My latest book, A Hackers Mind, has a lot of sports stories. Sports are filled with hacks, as players look for every possible advantage that doesnt explicitly break the rules. Heres an example from pickleball, which nicely explains the dilemma between hacking as a subversion and hacking as...

FreeBSD : py39-py -- Regular expression Denial of Service vulnerability (28a37df6-ba1a-4eed-bb64-623fc8e8dfd0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 28a37df6-ba1a-4eed-bb64-623fc8e8dfd0 advisory. - The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS Regular expressio...

Important: subversion

Issue Overview: A flaw was found in Subversion. When using path-based authorization authz, the helper function detectchanged does not omit potentially sensitive information from log messages. In particular, if a node is copied from a protected location, its copyfrom path the path to the protected...

Amazon Linux 2023 : python3-subversion, subversion, subversion-devel (ALAS2023-2023-011)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-011 advisory. A flaw was found in Subversion. When using path-based authorization authz, the helper function detectchanged does not omit potentially sensitive information from log messages. In particular, if...

CBL Mariner 2.0 Security Update: subversion (CVE-2022-24070)

The version of subversion installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-24070 advisory. - Subversion's moddavsvn is vulnerable to memory corruption. While looking up path-based authorization...

CBL Mariner 2.0 Security Update: subversion (CVE-2021-28544)

The version of subversion installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-28544 advisory. - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' pat...

Debian: Security Advisory (DLA-428-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-448-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-119-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-293-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-207-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

K17453: Subversion vulnerabilities CVE-2015-0248, CVE-2015-0251, and CVE-2015-3187

Security Advisory Description CVE-2015-0248 The 1 moddavsvn and 2 svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service assertion failure and abort via crafted parameter combinations related to dynamically evaluated revisi...

K53556508: Apache mod_authz_svn vulnerability CVE-2015-3184

Security Advisory Description modauthzsvn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. CVE-2015-3184 Impact There is no...

K45625134: Apache Subversion vulnerability CVE-2017-9800

Security Advisory Description A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a...

FreeBSD-SA-23:02.openssh

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-23:02.openssh Security Advisory The FreeBSD Project Topic: OpenSSH pre-authentication double free Category: contrib Module: openssh Announced: 2023-02-16...

SUSE CVE-2004-0179

Multiple format string vulnerabilities in 1 neon 0.24.4 and earlier, and other products that use neon including 2 Cadaver, 3 Subversion, and 4 OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code...

SUSE CVE-2004-0397

Stack-based buffer overflow during the aprtimet data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a 1 DAV2 REPORT query or 2 get-dated-rev svn-protocol command...

SUSE CVE-2004-0413

libsvnrasvn in Subversion 1.0.4 trusts the length field of 1 svn://, 2 svn+ssh://, and 3 other svn protocol URL strings, which allows remote attackers to cause a denial of service memory consumption and possibly execute arbitrary code via an integer overflow that leads to a heap-based buffer...