PT-2026-24128

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-16 ImageMagick versions prior to 6.9.13-41 Description ImageMagick is software used for editing and manipulating digital images. Before versions 7.1.2-16 and 6.9.13-41, the authorization check for the path...

SUSE CVE-2010-3315

authz.c in the moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz shortcircuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass...

USN-5450-1 subversion vulnerabilities

Evgeny Kotkov discovered that subversion servers did not properly follow path-based authorization rules in certain cases. An attacker could potentially use this issue to retrieve information about private paths. CVE-2021-28544 Thomas Weißschuh discovered that subversion servers did not properly...

CVE-2022-24070

Subversion's moddavsvn is vulnerable to memory corruption. While looking up path-based authorization rules, moddavsvn servers may attempt to use memory which has already been freed. Affected Subversion moddavsvn servers 1.10.0 through 1.14.1 inclusive. Servers that do not use moddavsvn are not...

SUSE-SU-2022:1162-1 Security update for subversion

This update for subversion fixes the following issues: - CVE-2022-24070: Fixed a memory corruption issue in moddavsvn as used by Apache HTTP server. This could be exploited by a remote attacker to cause a denial of service bsc1197940. - CVE-2021-28544: Fixed an information leak issue where...

CVE-2021-32779

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy incorrectly handled a URI 'fragment' element as part of the path element. Envoy is configured with an RBAC filter for authorization or similar mechanism with...

PT-2021-22413 · Istio · Istio

Name of the Vulnerable Software and Affected Versions: Istio versions 1.11.0, 1.10.3 and below, and 1.9.7 and below Istio versions prior to 1.11.1, 1.10.4, and 1.9.8 Description: Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across...

PT-2021-19924 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.16.5 Envoy versions 1.16.5 through 1.19.0 Envoy version 1.18.0 with path normalization=false Description: The issue arises from Envoy's incorrect handling of a URI 'fragment' element as part of the path element. This...

Envoy 安全漏洞

Envoy is an open source distributed proxy server. Envoy suffers from a security vulnerability that stems from incorrectly evaluating HTTP requests containing URI fragments when an authorization policy based on URI paths is specified. An attacker could use this vulnerability to bypass the...

UBUNTU-CVE-2022-24070

Subversion's moddavsvn is vulnerable to memory corruption. While looking up path-based authorization rules, moddavsvn servers may attempt to use memory which has already been freed. Affected Subversion moddavsvn servers 1.10.0 through 1.14.1 inclusive. Servers that do not use moddavsvn are not...

DEBIAN-CVE-2011-1921

The moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz shortcircuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to...

Subversion: Access restriction bypass by checkout of the root of the repository

authz.c in the moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz shortcircuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass...