SUSE CVE-2013-4246

libsvnfsfs/fsfs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive information by editing packed revision properties...

SUSE CVE-2017-12148

A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project SCM repository definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that...

GHSA-R5C7-QCC9-5V7M Jenkins Pipeline Classpath Step plugin allowed Script Security sandbox bypass

It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permission in Jenkins...

Authorization Bypass

subversion is vulnerable to authorization bypass. The vulnerability exists as through the way Subversion handled file names with newline characters when the FSFS repository format was used. An attacker with commit access to an SVN repository could corrupt a revision by committing a specially...

CVE-2019-10330

Jenkins Gitea Plugin 1.1.1 and earlier did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted...

PT-2019-11730 · Jenkins · Jenkins Git Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Gitea Plugin versions 1.1.1 and earlier Description: The issue allows attackers without commit access to the Git repository to change Jenkinsfiles, even if Jenkins is configured to consider them untrusted. This is due to the lack of...

Arbitrary Code Execution

Ansible Tower's interface is vulnerable to arbitrary code execution. If a Tower project SCM repo definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repo could create a trojan playbook that, when executed by Tower, modifies...

CVE-2018-20235

There was an argument injection vulnerability in Atlassian Sourcetree for Windows from version 0.5a before version 3.0.15 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue t...

CVE-2018-20234

There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories. A remote attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain...

CVE-2017-2650

It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permission in Jenkins...

CVE-2017-2650

It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permission in Jenkins...

Design/Logic Flaw

It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permission in Jenkins...

CVE-2017-2650

It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permission in Jenkins...

CVE-2018-13385

There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. Versions of Sourcetree...

CVE-2013-4246

libsvnfsfs/fsfs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive information by editing packed revision properties...

Scientific Linux Security Update : subversion on SL5.x, SL6.x i386/x86_64 (20140305)

A flaw was found in the way the moddavsvn module handled OPTIONS requests. A remote attacker with read access to an SVN repository served via HTTP could use this flaw to cause the httpd process that handled such a request to crash. CVE-2014-0032 A flaw was found in the way Subversion handled file...

MGASA-2013-0244 Updated subversion packages fixes security vulnerability

Subversion's moddavsvn Apache HTTPD server module will trigger an assertion on some requests made against a revision root. This can lead to a DoS. If assertions are disabled it will trigger a read overflow which may cause a SEGFAULT or equivalent or undefined behavior. Commit access is required t...

subversion -- remotely triggerable "Assertion failed" DoS vulnerability or read overflow.

Subversion Project reports: Subversion's moddavsvn Apache HTTPD server module will trigger an assertion on some requests made against a revision root. This can lead to a DoS. If assertions are disabled it will trigger a read overflow which may cause a SEGFAULT or equivalent or undefined behavior...

Cross site scripting

Cross-site scripting XSS vulnerability in the "extra" details in the DiffSource.getrow function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" lin...

CVE-2012-4533

Cross-site scripting XSS vulnerability in the "extra" details in the DiffSource.getrow function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" lin...