K45625134: Apache Subversion vulnerability CVE-2017-9800

Security Advisory Description A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a...

SUSE CVE-2011-0715

The moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a request that contains a lock token...

SUSE CVE-2014-3522

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate...

SUSE CVE-2014-3580

The moddavsvn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service NULL pointer dereference and server crash via a REPORT request for a resource that does not exist...

SUSE CVE-2015-3187

The svnrepostracenodelocations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path...

Amazon Linux 2022 : python3-subversion, subversion, subversion-devel (ALAS2022-2022-149)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-149 advisory. A flaw was found in Subversion. When using path-based authorization authz, the helper function detectchanged does not omit potentially sensitive information from log messages. In particular, if...

Huawei EulerOS: Security Advisory for subversion (EulerOS-SA-2022-2147)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for subversion (EulerOS-SA-2022-2172)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : subversion (EulerOS-SA-2022-2147)

According to the versions of the subversion packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according t...

Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities.

Summary IBM QRadar Network Security has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2018-11782 DESCRIPTION: Apache Subversion svnserve servers is vulnerable to a denial of service, caused by an error in the svnserve 'get-deleted-rev' process. By sending a...

EulerOS 2.0 SP9 : subversion (EulerOS-SA-2022-1983)

According to the versions of the subversion packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according t...

Security Bulletin: A security vulnerability has been identified in Apache Subversion shipped with IBM Tivoli Netcool Impact (CVE-2021-28544)

Summary Apache Subversion is shipped with IBM Tivoli Netcool Impact. Information about a security vulnerability affecting Apache Subversion has been published in a security bulletin. Vulnerability Details CVEID: CVE-2021-28544 DESCRIPTION: Apache Subversion could allow a remote authenticated...

Security Bulletin: A security vulnerability has been identified in Apache Subversion shipped with IBM Tivoli Netcool Impact (CVE-2022-24070)

Summary Apache Subversion is shipped with IBM Tivoli Netcool Impact. Information about a security vulnerability affecting Apache Subversion has been published in a security bulletin. Vulnerability Details CVEID: CVE-2022-24070 DESCRIPTION: Apache Subversion is vulnerable to a denial of service,...

Ubuntu 22.04 LTS : Subversion vulnerabilities (USN-5450-1)

The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5450-1 advisory. Evgeny Kotkov discovered that subversion servers did not properly follow path-based authorization rules in certain cases. An attacker could potentially u...

Ubuntu 18.04 LTS / 20.04 LTS : Subversion vulnerabilities (USN-5445-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5445-1 advisory. Ace Olszowka discovered that Subversion incorrectly handled certain svnserve requests. A remote attacker could possibly use this issue to cau...

SUSE SLES12 Security Update : subversion (SUSE-SU-2022:1483-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1483-1 advisory. - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden...

EulerOS 2.0 SP8 : subversion (EulerOS-SA-2022-1588)

According to the versions of the subversion packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed...

Apache Subversion mod_dav_svn is vulnerable to memory corruption

...

Apache Subversion Resource Management Error Vulnerability

Apache Subversion is an open source version control system from the Apache Foundation. Apache Subversion is vulnerable to a resource management error that originates from a post-release reuse error in moddavsvn. A remote attacker could use this vulnerability to send a specially crafted HTTP reque...

SUSE SLED15 / SLES15 Security Update : subversion (SUSE-SU-2022:1162-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1162-1 advisory. - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths...