Lucene search
K

172 matches found

OSV
OSV
added 2022/04/12 6:15 p.m.2 views

ALPINE-CVE-2022-24070

Subversion's moddavsvn is vulnerable to memory corruption. While looking up path-based authorization rules, moddavsvn servers may attempt to use memory which has already been freed. Affected Subversion moddavsvn servers 1.10.0 through 1.14.1 inclusive. Servers that do not use moddavsvn are not...

7.5CVSS7AI score0.09254EPSS
Exploits0References1
OSV
OSV
added 2022/04/12 6:15 p.m.40 views

CVE-2021-28544

Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization authz rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom...

4.3CVSS2.4AI score0.02788EPSS
Exploits1References6
Prion
Prion
added 2022/04/12 6:15 p.m.26 views

Memory corruption

Subversion's moddavsvn is vulnerable to memory corruption. While looking up path-based authorization rules, moddavsvn servers may attempt to use memory which has already been freed. Affected Subversion moddavsvn servers 1.10.0 through 1.14.1 inclusive. Servers that do not use moddavsvn are not...

5CVSS7.3AI score0.09254EPSS
Exploits0References8Affected Software4
Cvelist
Cvelist
added 2022/04/12 5:50 p.m.25 views

CVE-2022-24070 Apache Subversion mod_dav_svn is vulnerable to memory corruption

Subversion's moddavsvn is vulnerable to memory corruption. While looking up path-based authorization rules, moddavsvn servers may attempt to use memory which has already been freed. Affected Subversion moddavsvn servers 1.10.0 through 1.14.1 inclusive. Servers that do not use moddavsvn are not...

7.8AI score0.09254EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2022/04/12 5:50 p.m.28 views

CVE-2021-28544

Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization authz rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom...

4.3CVSS6AI score0.02788EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2022/04/12 5:50 p.m.64 views

CVE-2021-28544

Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization authz rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom...

4.3CVSS6AI score0.02788EPSS
Exploits1
OSV
OSV
added 2022/04/12 5:8 p.m.4 views

USN-5372-1 subversion vulnerabilities

Evgeny Kotkov discovered that Subversion servers did not properly follow path-based authorization rules in certain cases. An attacker could potentially use this issue to retrieve information about private paths. CVE-2021-28544 Thomas Weißschuh discovered that Subversion servers did not properly...

7.5CVSS6.9AI score0.09254EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/04/12 12:0 a.m.1 views

Apache Subversion 信息泄露漏洞

Apache Subversion is an open source version control system from the Apache Foundation. The system is compatible with the Concurrent Versioning System CVS, and an information disclosure vulnerability exists in Apache Subversion, which stems from a server exposing a "copyfrom" path that should be...

4.3CVSS6.5AI score0.02788EPSS
Exploits1References24
FreeBSD
FreeBSD
added 2022/04/12 12:0 a.m.29 views

Subversion -- Multiple vulnerabilities in server code

Subversion project reports: Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization authz rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also...

7.5CVSS6.3AI score0.09254EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.47 views

Mageia: Security Advisory (MGASA-2015-0231)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.1AI score0.50129EPSS
Exploits4References5
RedHat Linux
RedHat Linux
added 2021/08/25 9:37 a.m.1 views

envoyproxy/envoy: HTTP request with a URL fragment in the URI can bypass authorization policies

An authorization bypass vulnerability was found in envoyproxy/envoy. When a URI path-based authorization policy is specified, envoy incorrectly evaluates the HTTP request which contains a URI fragment. This flaw allows an attacker to bypass the authorization policy and access downstream services...

8.6CVSS5.8AI score0.00948EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2021/08/25 9:37 a.m.2 views

envoyproxy/envoy: HTTP request with a URL fragment in the URI can bypass authorization policies

An authorization bypass vulnerability was found in envoyproxy/envoy. When a URI path-based authorization policy is specified, envoy incorrectly evaluates the HTTP request which contains a URI fragment. This flaw allows an attacker to bypass the authorization policy and access downstream services...

8.6CVSS5.8AI score0.00948EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2021/08/24 10:14 p.m.61 views

CVE-2021-32779

An authorization bypass vulnerability was found in envoyproxy/envoy. When a URI path-based authorization policy is specified, envoy incorrectly evaluates the HTTP request which contains a URI fragment. This flaw allows an attacker to bypass the authorization policy and access downstream services...

8.6CVSS2.4AI score0.00948EPSS
Exploits0References4
OSV
OSV
added 2021/08/24 9:15 p.m.18 views

CVE-2021-32779

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy incorrectly handled a URI 'fragment' element as part of the path element. Envoy is configured with an RBAC filter for authorization or similar mechanism with...

8.3CVSS8.7AI score
Exploits0References2
OSV
OSV
added 2021/05/27 5:15 a.m.21 views

CVE-2021-31920

Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters %2F or %5C could potentially bypass an Istio authorization policy when path based authorization rules are used...

6.5CVSS6.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/04/12 12:0 a.m.3 views

PT-2021-7366 · Apache +10 · Subversion +11

Name of the Vulnerable Software and Affected Versions: Subversion mod dav svn versions 1.10.0 through 1.14.1 Description: The issue is related to memory corruption in Subversion's mod dav svn. It occurs when mod dav svn servers attempt to use memory that has already been freed while looking up...

8.2CVSS5.2AI score0.09254EPSS
Exploits2References90
UbuntuCve
UbuntuCve
added 2021/04/12 12:0 a.m.32 views

CVE-2022-24070

Subversion's moddavsvn is vulnerable to memory corruption. While looking up path-based authorization rules, moddavsvn servers may attempt to use memory which has already been freed. Affected Subversion moddavsvn servers 1.10.0 through 1.14.1 inclusive. Servers that do not use moddavsvn are not...

7.5CVSS6.8AI score0.09254EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2021/04/12 12:0 a.m.36 views

CVE-2021-28544

Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization authz rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom...

4.3CVSS6.4AI score0.02788EPSS
Exploits1References3
Hacker One
Hacker One
added 2021/04/09 6:10 p.m.12 views

U.S. Dept Of Defense: [www.█████] Path-based reflected Cross Site Scripting

Description: The www.██████ endpoint is vulnerable to path-based reflected XSS which allows attackers to pass rogue JavaScript to unsuspecting users. Impact This flaw allows attackers to pass rogue JavaScript to unsuspecting users. Since the user’s browser has no way to know the script should not...

0.6AI score
Exploits0
Snyk
Snyk
added 2020/10/13 12:45 p.m.7 views

Prototype Pollution

Overview json8 is a JSON toolkit for JavaScript Affected versions of this package are vulnerable to Prototype Pollution. The function adds in the target object the property specified in the path, however it does not properly check the key being set, leading to a prototype pollution. Details...

9.8CVSS9AI score0.0187EPSS
Exploits1References2
Rows per page
Query Builder