SUSE-SU-2021:0424-1 Security update for subversion

This update for subversion fixes the following issues: - CVE-2020-17525: A null-pointer-dereference has been found in modauthzsvn that results in a remote unauthenticated Denial-of-Service in some server configurations bsc1181687...

CVE-2020-17525

Subversion's modauthzsvn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in...

UBUNTU-CVE-2020-17525

Subversion's modauthzsvn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in...

Apache Subversion 代码问题漏洞

Apache Subversion is the United States Apache Apache Foundation of a set of open source version control system. The system is compatible with Concurrent Versions System CVS. Apache Subversion there is a denial of service vulnerability , an attacker can exploit the vulnerability through mod authz...

Huawei EulerOS: Security Advisory for subversion (EulerOS-SA-2021-1235)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : subversion (EulerOS-SA-2021-1235)

According to the version of the subversion packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed...

jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks

A flaw was found in the subversion Jenkins plugin. The XML parser is not properly configured to prevent XML external entity XXE attacks allowing an attacker the ability to control an agent process and have Jenkins parse a crafted changelog file that uses external entities for extraction of secret...

CentOS 8 : subversion:1.10 (CESA-2020:4712)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:4712 advisory. - subversion: remotely triggerable DoS vulnerability in svnserve 'get-deleted-rev' CVE-2018-11782 Note that Nessus has not tested for this issue but has instead...

IBM Security Network Protection / IBM QRadar Network Security / XGS Technote Index

Question What Technotes exist for the IBM Security Network Protection / IBM QRadar Network Security XGS sensor? Answer The content below includes a list of all technical notes published under IBM Security Network Protection / IBM QRadar Network Security by category and sorted by popularity. Users...

XML External Entity (XXE)

jenkins-2-plugins is vulnerable to XML external entity XXE attacks. The vulnerability exists because of a flaw was found in the subversion Jenkins plugin that was not configured properly to prevent XML external entity XXE attacks allowing an attacker the ability to control an agent process and ha...

jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks

A flaw was found in the subversion Jenkins plugin. The XML parser is not properly configured to prevent XML external entity XXE attacks allowing an attacker the ability to control an agent process and have Jenkins parse a crafted changelog file that uses external entities for extraction of secret...

RHEL 7 : OpenShift Container Platform 4.5.27 (RHSA-2021:0034)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0034 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

EulerOS 2.0 SP3 : subversion (EulerOS-SA-2021-1124)

According to the version of the subversion packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed...

Huawei EulerOS: Security Advisory for subversion (EulerOS-SA-2021-1124)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks

A flaw was found in the subversion Jenkins plugin. The XML parser is not properly configured to prevent XML external entity XXE attacks allowing an attacker the ability to control an agent process and have Jenkins parse a crafted changelog file that uses external entities for extraction of secret...

Denial Of Service (DoS)

subversion is vulnerable to denial of service. Dereferencing of an uninitialized pointer when the client omits the root path in a recursive directory listing operation results in an application crash...

CVE-2020-28348

HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8...

CVE-2020-28348

HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8...

CVE-2020-28348

HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8...

Design/Logic Flaw

HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8...