Lucene search
K

126 matches found

Veracode
Veracode
added 2021/02/11 5:23 p.m.36 views

Denial Of Service (DoS)

subversion is vulnerable to denial of service. An unauthenticated remote attacker attacker is able to crash the application via the modauthzsvn module by requesting for a non-existing repository URL, if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option...

7.5CVSS5.1AI score0.40075EPSS
Exploits1References4Affected Software2
RedhatCVE
RedhatCVE
added 2021/02/10 9:36 p.m.38 views

CVE-2020-17525

A null-pointer-dereference flaw was found in modauthzsvn of subversion. This flaw allows a remote, unauthenticated attacker to cause a denial of service in some server configurations. The highest threat from this vulnerability is to system availability. Mitigation As per upstream "As a workaround...

7.5CVSS7AI score0.40075EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2021/02/10 12:0 p.m.28 views

CVE-2020-17525

Subversion's modauthzsvn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in...

7.5CVSS7.1AI score0.40075EPSS
Exploits1References3
FreeBSD
FreeBSD
added 2021/01/29 12:0 a.m.33 views

mod_dav_svn -- server crash

Subversion project reports: Subversion's modauthzsvn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL...

7.5CVSS7.5AI score0.40075EPSS
Exploits1References1
Prion
Prion
added 2020/12/03 5:15 p.m.18 views

Authorization

A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role...

4.9CVSS6.7AI score0.01067EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2020/12/03 12:0 a.m.27 views

CVE-2020-25711

A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role...

6.5AI score0.01067EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2020/07/29 4:26 p.m.4 views

@architect-io/cli (>=0.3.13 <=0.5.2-rc.7), @mishguru/logview-cli (>=4.0.0 <=4.6.0) +8 more potentially affected by CVE-2020-15125 via auth0 (>=0.8.5 <=2.25.1)

auth0 NPM version =0.8.5, =0.3.13, =4.0.0, =0.0.34, =3.1.0, =0.0.0, =0.1.0, =0.2.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1 Source cves: CVE-2020-15125 Source advisory: OSV:GHSA-5JPF-PJ32-XX53...

7.7CVSS7.1AI score0.01539EPSS
Exploits0
NVD
NVD
added 2018/09/03 7:29 p.m.13 views

CVE-2018-16398

In Twistlock AuthZ Broker 0.1, regular expressions are mishandled, as demonstrated by containers/aa/pause?aaa=/start to bypass a policy in which "docker start" is allowed but "docker pause" is not allowed...

7.5CVSS7.5AI score0.0139EPSS
Exploits0References2
Prion
Prion
added 2018/09/03 7:29 p.m.12 views

Code injection

In Twistlock AuthZ Broker 0.1, regular expressions are mishandled, as demonstrated by containers/aa/pause?aaa=/start to bypass a policy in which "docker start" is allowed but "docker pause" is not allowed...

5CVSS7.5AI score0.0139EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/09/03 7:0 p.m.15 views

CVE-2018-16398

In Twistlock AuthZ Broker 0.1, regular expressions are mishandled, as demonstrated by containers/aa/pause?aaa=/start to bypass a policy in which "docker start" is allowed but "docker pause" is not allowed...

7.5AI score0.0139EPSS
Exploits0References2
CVE
CVE
added 2018/09/03 7:0 p.m.31 views

CVE-2018-16398

The CVE-2018-16398 entry covers Twistlock AuthZ Broker 0.1, where regular expressions are mishandled, enabling a policy bypass via crafted URLs such as containers/aa/pause?aaa=/start. The vulnerability stems from weak URL-regex handling that allows a command like 'docker start' to be permitted wh...

7.5CVSS7.4AI score0.0139EPSS
Exploits0References2Affected Software1
Oracle linux
Oracle linux
added 2017/04/12 12:0 a.m.122 views

httpd security and bug fix update

2.4.6-45.0.1.4 - replace index.html with Oracle's index page oracleindex.html 2.4.6-45.4 - Resolves: 1396197 - Backport: modproxywstunnel - AH02447: err/hup on backconn 2.4.6-45.3 - prefork: fix delay completing graceful restart 1327624 - modldap: fix authz regression, failing to rebind 1415257...

7.5CVSS0.7AI score0.49024EPSS
Exploits4
OSV
OSV
added 2016/05/05 12:0 a.m.5 views

UBUNTU-CVE-2016-2168

The reqcheckaccess function in the modauthzsvn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service NULL pointer dereference and crash via a crafted header in a 1 MOVE or 2 COPY request, involving an...

6.5CVSS6.8AI score0.19628EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.39 views

Fedora 22 : subversion-1.8.15-1.fc22 (2015-6efa349a85)

This update includes the latest stable release of Apache Subversion 1.8, version 1.8.15. This update fixes two security issues: CVE-2015-3184: Subversion's modauthzsvn does not properly restrict anonymous access in some mixed anonymous/authenticated environments when using Apache httpd 2.4...

9CVSS7.1AI score0.57037EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2015/12/29 12:0 a.m.28 views

openSUSE Security Update : subversion (openSUSE-2015-948)

This update for subversion fixes the following issues : - Apache Subversion 1.8.15 This release fixes one security issue: Remotely triggerable heap overflow and out-of-bounds read in moddavsvn caused by integer overflow when parsing skel-encoded request bodies. CVE-2015-5343 boo958300 - fix a...

8CVSS7.5AI score0.30216EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/10/13 12:0 a.m.58 views

Apache Subversion 1.7.x < 1.7.21 / 1.8.x < 1.8.14 Multiple Vulnerabilities

Binary data 8973.prm...

5CVSS8.2AI score0.10607EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2015/09/08 1:9 p.m.10 views

subversion: svn_repos_trace_node_locations() reveals paths hidden by authz

It was found that when an SVN server both svnserve and httpd with the moddavsvn module searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable for example, if it had been moved...

4CVSS7.3AI score0.06464EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2015/08/18 12:0 a.m.31 views

Apache Subversion Multiple Vulnerabilities (Aug 2015)

Apache Subversion is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:subversion";...

5CVSS7.3AI score0.10607EPSS
Exploits0References5
Debian
Debian
added 2015/08/10 6:21 p.m.26 views

[SECURITY] [DSA 3331-1] subversion security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3331-1 [email protected] https://www.debian.org/security/ Stefan Fritsch August 10, 2015 https://www.debian.org/security/faq -...

5CVSS8.2AI score0.10607EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.25 views

openSUSE Security Update : viewvc (openSUSE-SU-2012:0831-1)

update to 1.1.15 bnc768680 : - security fix: complete authz support for remote SVN views CVE-2012-3356 - security fix: log msg leak in SVN revision view with unreadable copy source CVE-2012-3357 Additionally the following non-security issues have been addressed : - fix several instances of...

5CVSS5.5AI score0.02025EPSS
Exploits0References4
Rows per page
Query Builder