Astra Linux – Vulnerability in Subversion

Apache Subversion SVN’s “authz” feature prevents the display of “copyfrom” paths that should be hidden according to configured path-based authorization rules. When a node is copied from a protected location, users with access to the copy can see the “copyfrom” path of the original node. This also...

CVE-2026-47223

NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the Android Verified Boot AVB vbmeta image parser in NanaZip via the upstream 7-Zip AvbHandler. A 32-bit unsigned integer overflow ...

EUVD-2026-36508

NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the Android Verified Boot AVB vbmeta image parser in NanaZip via the upstream 7-Zip AvbHandler. A 32-bit unsigned integer overflow ...

CLSA-2026-1778894989 subversion: Fix of CVE-2021-28544

CVE-2021-28544: fix authz copyfrom path information leak in svn log -v...

EUVD-2021-15220

Malware in sbrugna...

EUVD-2023-56743

Malicious code in bioql PyPI...

BIT-SUBVERSION-2021-28544 Apache Subversion SVN authz protected copyfrom paths regression

Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization authz rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom...

WUZHI CMS Security Vulnerabilities

WUZHI CMS is an open source content management system CMS based on PHP and MySQL by WUZHI. A security vulnerability exists in WUZHI CMS, which originates from an SQL injection vulnerability in the $keywords parameter in /core/admin/copyfrom.php...

PT-2023-36038 · Icu · Icu

Name of the Vulnerable Software and Affected Versions: icu 74 affected versions not specified Description: The issue is related to a crash in the icu 74 library, specifically in the UnicodeString class. The crash occurs when the copyFrom function is called, leading to a segmentation fault on an...

CVE-2020-36763

Cross Site Scripting XSS vulnerability in DuxCMS 2.1 allows remote attackers to run arbitrary code via the content, time, copyfrom parameters when adding or editing a post...

DuxCMS 跨站脚本漏洞

DuxCMS is an open source content management system. A cross-site scripting vulnerability exists in DuxCMS version 2.1, which originates from allowing remote attackers to run arbitrary code via the content, time, and copyfrom parameters when adding or editing posts...

CBL Mariner 2.0 Security Update: subversion (CVE-2021-28544)

The version of subversion installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-28544 advisory. - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' pat...

SUSE CVE-2021-28544

Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization authz rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom...

UBUNTU-CVE-2023-22464

ViewVC is a browser interface for CVS and Subversion version control repositories. Versions prior to 1.2.3 and 1.1.30 are vulnerable to cross-site scripting. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by a...

CVE-2023-22464 ViewVC XSS vulnerability in revision view changed path "copyfrom" locations

ViewVC is a browser interface for CVS and Subversion version control repositories. Versions prior to 1.2.3 and 1.1.30 are vulnerable to cross-site scripting. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by a...

Huawei EulerOS: Security Advisory for subversion (EulerOS-SA-2022-2172)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for subversion (EulerOS-SA-2022-2147)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : subversion (EulerOS-SA-2022-1952)

According to the versions of the subversion packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according t...

GHSA-342C-F869-5M44 Apache Sling POST Servlets Denial of Service Vulnerability

The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service infinite loop via a crafted HTTP request...

Apache Sling POST Servlets Denial of Service Vulnerability

The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service infinite loop via a crafted HTTP request...