126 matches found
Denial Of Service (DoS)
subversion is vulnerable to denial of service. An unauthenticated remote attacker attacker is able to crash the application via the modauthzsvn module by requesting for a non-existing repository URL, if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option...
CVE-2020-17525
A null-pointer-dereference flaw was found in modauthzsvn of subversion. This flaw allows a remote, unauthenticated attacker to cause a denial of service in some server configurations. The highest threat from this vulnerability is to system availability. Mitigation As per upstream "As a workaround...
CVE-2020-17525
Subversion's modauthzsvn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in...
mod_dav_svn -- server crash
Subversion project reports: Subversion's modauthzsvn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL...
Authorization
A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role...
CVE-2020-25711
A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role...
@architect-io/cli (>=0.3.13 <=0.5.2-rc.7), @mishguru/logview-cli (>=4.0.0 <=4.6.0) +8 more potentially affected by CVE-2020-15125 via auth0 (>=0.8.5 <=2.25.1)
auth0 NPM version =0.8.5, =0.3.13, =4.0.0, =0.0.34, =3.1.0, =0.0.0, =0.1.0, =0.2.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1 Source cves: CVE-2020-15125 Source advisory: OSV:GHSA-5JPF-PJ32-XX53...
CVE-2018-16398
In Twistlock AuthZ Broker 0.1, regular expressions are mishandled, as demonstrated by containers/aa/pause?aaa=/start to bypass a policy in which "docker start" is allowed but "docker pause" is not allowed...
Code injection
In Twistlock AuthZ Broker 0.1, regular expressions are mishandled, as demonstrated by containers/aa/pause?aaa=/start to bypass a policy in which "docker start" is allowed but "docker pause" is not allowed...
CVE-2018-16398
In Twistlock AuthZ Broker 0.1, regular expressions are mishandled, as demonstrated by containers/aa/pause?aaa=/start to bypass a policy in which "docker start" is allowed but "docker pause" is not allowed...
CVE-2018-16398
The CVE-2018-16398 entry covers Twistlock AuthZ Broker 0.1, where regular expressions are mishandled, enabling a policy bypass via crafted URLs such as containers/aa/pause?aaa=/start. The vulnerability stems from weak URL-regex handling that allows a command like 'docker start' to be permitted wh...
httpd security and bug fix update
2.4.6-45.0.1.4 - replace index.html with Oracle's index page oracleindex.html 2.4.6-45.4 - Resolves: 1396197 - Backport: modproxywstunnel - AH02447: err/hup on backconn 2.4.6-45.3 - prefork: fix delay completing graceful restart 1327624 - modldap: fix authz regression, failing to rebind 1415257...
UBUNTU-CVE-2016-2168
The reqcheckaccess function in the modauthzsvn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service NULL pointer dereference and crash via a crafted header in a 1 MOVE or 2 COPY request, involving an...
Fedora 22 : subversion-1.8.15-1.fc22 (2015-6efa349a85)
This update includes the latest stable release of Apache Subversion 1.8, version 1.8.15. This update fixes two security issues: CVE-2015-3184: Subversion's modauthzsvn does not properly restrict anonymous access in some mixed anonymous/authenticated environments when using Apache httpd 2.4...
openSUSE Security Update : subversion (openSUSE-2015-948)
This update for subversion fixes the following issues : - Apache Subversion 1.8.15 This release fixes one security issue: Remotely triggerable heap overflow and out-of-bounds read in moddavsvn caused by integer overflow when parsing skel-encoded request bodies. CVE-2015-5343 boo958300 - fix a...
Apache Subversion 1.7.x < 1.7.21 / 1.8.x < 1.8.14 Multiple Vulnerabilities
Binary data 8973.prm...
subversion: svn_repos_trace_node_locations() reveals paths hidden by authz
It was found that when an SVN server both svnserve and httpd with the moddavsvn module searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable for example, if it had been moved...
Apache Subversion Multiple Vulnerabilities (Aug 2015)
Apache Subversion is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:subversion";...
[SECURITY] [DSA 3331-1] subversion security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3331-1 [email protected] https://www.debian.org/security/ Stefan Fritsch August 10, 2015 https://www.debian.org/security/faq -...
openSUSE Security Update : viewvc (openSUSE-SU-2012:0831-1)
update to 1.1.15 bnc768680 : - security fix: complete authz support for remote SVN views CVE-2012-3356 - security fix: log msg leak in SVN revision view with unreadable copy source CVE-2012-3357 Additionally the following non-security issues have been addressed : - fix several instances of...