72 matches found
EUVD-2021-15220
Malware in sbrugna...
EUVD-2022-28983
Malicious code in bioql PyPI...
ROS-20250814-04
Vulnerability in the moddavsvn module of the Subversion centralized version control system is related to a bug in the path-based authorization rule lookup. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service. remotely to cause a denial of service...
Linux Distros Unpatched Vulnerability : CVE-2021-28544
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured...
Important: subversion
Issue Overview: A flaw was found in Subversion. When using path-based authorization authz, the helper function detectchanged does not omit potentially sensitive information from log messages. In particular, if a node is copied from a protected location, its copyfrom path the path to the protected...
Debian: Security Advisory (DLA-293-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE CVE-2015-3187
The svnrepostracenodelocations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path...
SUSE CVE-2021-32779
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy incorrectly handled a URI 'fragment' element as part of the path element. Envoy is configured with an RBAC filter for authorization or similar mechanism with...
SUSE CVE-2022-24070
Subversion's moddavsvn is vulnerable to memory corruption. While looking up path-based authorization rules, moddavsvn servers may attempt to use memory which has already been freed. Affected Subversion moddavsvn servers 1.10.0 through 1.14.1 inclusive. Servers that do not use moddavsvn are not...
Amazon Linux 2022 : python3-subversion, subversion, subversion-devel (ALAS2022-2022-149)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-149 advisory. A flaw was found in Subversion. When using path-based authorization authz, the helper function detectchanged does not omit potentially sensitive information from log messages. In particular, if...
Huawei EulerOS: Security Advisory for subversion (EulerOS-SA-2022-2172)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP9 : subversion (EulerOS-SA-2022-1983)
According to the versions of the subversion packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according t...
Security Bulletin: A security vulnerability has been identified in Apache Subversion shipped with IBM Tivoli Netcool Impact (CVE-2021-28544)
Summary Apache Subversion is shipped with IBM Tivoli Netcool Impact. Information about a security vulnerability affecting Apache Subversion has been published in a security bulletin. Vulnerability Details CVEID: CVE-2021-28544 DESCRIPTION: Apache Subversion could allow a remote authenticated...
subversion: Subversion's mod_dav_svn is vulnerable to memory corruption
A use-after-free vulnerability was found in Subversion in the moddavsvn Apache HTTP server HTTPd module. While looking up path-based authorization authz rules, multiple calls to the postconfig hook can invalidate cached pointers to object-pools, which Subversion subsequently uses. This issue...
USN-5450-1: Subversion vulnerabilities
Evgeny Kotkov discovered that subversion servers did not properly follow path-based authorization rules in certain cases. An attacker could potentially use this issue to retrieve information about private paths. CVE-2021-28544 Thomas Weißschuh discovered that subversion servers did not properly...
Ubuntu 22.04 LTS : Subversion vulnerabilities (USN-5450-1)
The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5450-1 advisory. Evgeny Kotkov discovered that subversion servers did not properly follow path-based authorization rules in certain cases. An attacker could potentially u...
subversion: Subversion's mod_dav_svn is vulnerable to memory corruption
A use-after-free vulnerability was found in Subversion in the moddavsvn Apache HTTP server HTTPd module. While looking up path-based authorization authz rules, multiple calls to the postconfig hook can invalidate cached pointers to object-pools, which Subversion subsequently uses. This issue...
openSUSE: Security Advisory for subversion (SUSE-SU-2022:1162-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
subversion: Subversion's mod_dav_svn is vulnerable to memory corruption
A use-after-free vulnerability was found in Subversion in the moddavsvn Apache HTTP server HTTPd module. While looking up path-based authorization authz rules, multiple calls to the postconfig hook can invalidate cached pointers to object-pools, which Subversion subsequently uses. This issue...
subversion: Subversion's mod_dav_svn is vulnerable to memory corruption
A use-after-free vulnerability was found in Subversion in the moddavsvn Apache HTTP server HTTPd module. While looking up path-based authorization authz rules, multiple calls to the postconfig hook can invalidate cached pointers to object-pools, which Subversion subsequently uses. This issue...