Lucene search
K

20 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Subversion

The Subversion’s modauthzsvn module will crash if the server uses in-repository authz rules with the AuthzSVNReposRelativeAccessFile option, and a client sends a request for a non-existent repository URL. This can cause disruptions for users of the service. This issue has been fixed in...

7.5CVSS7.2AI score0.37516EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2022/05/11 9:36 p.m.5 views

subversion: Subversion's mod_dav_svn is vulnerable to memory corruption

A use-after-free vulnerability was found in Subversion in the moddavsvn Apache HTTP server HTTPd module. While looking up path-based authorization authz rules, multiple calls to the postconfig hook can invalidate cached pointers to object-pools, which Subversion subsequently uses. This issue...

7.5CVSS5.7AI score0.09254EPSS
Exploits0References5
CNVD
CNVD
added 2022/04/15 12:0 a.m.6 views

Apache Subversion Information Disclosure Vulnerability

Apache Subversion is an open source version control system from the Apache Foundation. The system is compatible with the Concurrent Versioning System CVS, and an information disclosure vulnerability exists in Apache Subversion, which stems from a server exposing a "copyfrom" path that should be...

4.3CVSS2.7AI score0.02788EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2022/04/13 5:37 a.m.36 views

CVE-2022-24070

A use-after-free vulnerability was found in Subversion in the moddavsvn Apache HTTP server HTTPd module. While looking up path-based authorization authz rules, multiple calls to the postconfig hook can invalidate cached pointers to object-pools, which Subversion subsequently uses. This issue...

7.5CVSS7.5AI score0.09254EPSS
Exploits0References4
OSV
OSV
added 2022/04/12 6:15 p.m.3 views

ALPINE-CVE-2021-28544

Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization authz rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom...

4.3CVSS6.9AI score0.02788EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2022/04/12 12:0 a.m.39 views

Ubuntu 20.04 LTS : Subversion vulnerabilities (USN-5372-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5372-1 advisory. Evgeny Kotkov discovered that Subversion servers did not properly follow path-based authorization rules in certain cases. An attacker could potentially u...

7.5CVSS6.3AI score0.09254EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2021/05/04 12:0 a.m.24 views

Debian DLA-2646-1 : subversion security update

One security issue has been discovered in subversion : CVE-2020-17525 : Subversion's modauthzsvn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to...

7.5CVSS7.2AI score0.37516EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2021/04/12 12:0 a.m.36 views

CVE-2021-28544

Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization authz rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom...

4.3CVSS6.4AI score0.02788EPSS
Exploits1References3
NVD
NVD
added 2021/03/17 10:15 a.m.22 views

CVE-2020-17525

Subversion's modauthzsvn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in...

7.5CVSS0.37516EPSS
Exploits1References2
Prion
Prion
added 2021/03/17 10:15 a.m.27 views

Design/Logic Flaw

Subversion's modauthzsvn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in...

4.3CVSS7.2AI score0.37516EPSS
Exploits1References2Affected Software2
Cvelist
Cvelist
added 2021/03/17 9:20 a.m.26 views

CVE-2020-17525 Remote unauthenticated denial-of-service in Subversion mod_authz_svn

Subversion's modauthzsvn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in...

7.5AI score0.37516EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2021/03/17 9:20 a.m.33 views

CVE-2020-17525

Subversion's modauthzsvn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in...

7.5CVSS7.6AI score0.37516EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2021/03/17 9:20 a.m.56 views

CVE-2020-17525

Subversion's modauthzsvn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in...

7.5CVSS7.5AI score0.37516EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2021/02/22 12:0 a.m.30 views

Fedora 32 : subversion (2021-16e51e39a6)

The remote Fedora 32 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2021-16e51e39a6 advisory. - Subversion's modauthzsvn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client...

7.5CVSS7.5AI score0.37516EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2021/02/20 12:0 a.m.43 views

Oracle Linux 8 : subversion:1.10 (ELSA-2021-0507)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-0507 advisory. subversion 1.10.2-4 - add security fix for CVE-2020-17525 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...

7.5CVSS7.5AI score0.37516EPSS
Exploits1References2
Veracode
Veracode
added 2021/02/11 5:23 p.m.35 views

Denial Of Service (DoS)

subversion is vulnerable to denial of service. An unauthenticated remote attacker attacker is able to crash the application via the modauthzsvn module by requesting for a non-existing repository URL, if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option...

7.5CVSS5.1AI score0.37516EPSS
Exploits1References4Affected Software2
RedhatCVE
RedhatCVE
added 2021/02/10 9:36 p.m.38 views

CVE-2020-17525

A null-pointer-dereference flaw was found in modauthzsvn of subversion. This flaw allows a remote, unauthenticated attacker to cause a denial of service in some server configurations. The highest threat from this vulnerability is to system availability. Mitigation As per upstream "As a workaround...

7.5CVSS7AI score0.37516EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2021/02/10 12:0 p.m.28 views

CVE-2020-17525

Subversion's modauthzsvn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in...

7.5CVSS7.1AI score0.37516EPSS
Exploits1References3
FreeBSD
FreeBSD
added 2021/01/29 12:0 a.m.32 views

mod_dav_svn -- server crash

Subversion project reports: Subversion's modauthzsvn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL...

7.5CVSS7.5AI score0.37516EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2020/07/29 4:26 p.m.3 views

@architect-io/cli (>=0.3.13 <=0.5.2-rc.7), @mishguru/logview-cli (>=4.0.0 <=4.6.0) +8 more potentially affected by CVE-2020-15125 via auth0 (>=0.8.5 <=2.25.1)

auth0 NPM version =0.8.5, =0.3.13, =4.0.0, =0.0.34, =3.1.0, =0.0.0, =0.1.0, =0.2.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1 Source cves: CVE-2020-15125 Source advisory: OSV:GHSA-5JPF-PJ32-XX53...

7.7CVSS7.1AI score0.01539EPSS
Exploits0
Rows per page
Query Builder