CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

66 matches found

Prion•added 2022/04/12 6:15 p.m.•25 views

Memory corruption

Subversion's moddavsvn is vulnerable to memory corruption. While looking up path-based authorization rules, moddavsvn servers may attempt to use memory which has already been freed. Affected Subversion moddavsvn servers 1.10.0 through 1.14.1 inclusive. Servers that do not use moddavsvn are not...

5CVSS7.3AI score0.08757EPSS

Exploits0References8Affected Software4

Cvelist•added 2022/04/12 5:50 p.m.•25 views

CVE-2022-24070 Apache Subversion mod_dav_svn is vulnerable to memory corruption

7.8AI score0.08757EPSS

Exploits0References8

Debian CVE•added 2022/04/12 5:50 p.m.•27 views

CVE-2021-28544

Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization authz rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom...

4.3CVSS6AI score0.02696EPSS

Exploits1

AlpineLinux•added 2022/04/12 5:50 p.m.•63 views

CVE-2021-28544

4.3CVSS6AI score0.02696EPSS

Exploits1

OSV•added 2022/04/12 5:8 p.m.•1 views

USN-5372-1 subversion vulnerabilities

Evgeny Kotkov discovered that Subversion servers did not properly follow path-based authorization rules in certain cases. An attacker could potentially use this issue to retrieve information about private paths. CVE-2021-28544 Thomas Weißschuh discovered that Subversion servers did not properly...

7.5CVSS6.9AI score0.08757EPSS

Exploits1References3

CNNVD•added 2022/04/12 12:0 a.m.•1 views

Apache Subversion 信息泄露漏洞

Apache Subversion is an open source version control system from the Apache Foundation. The system is compatible with the Concurrent Versioning System CVS, and an information disclosure vulnerability exists in Apache Subversion, which stems from a server exposing a "copyfrom" path that should be...

4.3CVSS6.5AI score0.02696EPSS

Exploits1References24

FreeBSD•added 2022/04/12 12:0 a.m.•29 views

Subversion -- Multiple vulnerabilities in server code

Subversion project reports: Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization authz rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also...

7.5CVSS6.3AI score0.08757EPSS

Exploits1References2

RedHat Linux•added 2021/08/25 9:37 a.m.•0 views

envoyproxy/envoy: HTTP request with a URL fragment in the URI can bypass authorization policies

An authorization bypass vulnerability was found in envoyproxy/envoy. When a URI path-based authorization policy is specified, envoy incorrectly evaluates the HTTP request which contains a URI fragment. This flaw allows an attacker to bypass the authorization policy and access downstream services...

8.6CVSS5.8AI score0.00948EPSS

Exploits0References5

RedHat Linux•added 2021/08/25 9:37 a.m.•1 views

envoyproxy/envoy: HTTP request with a URL fragment in the URI can bypass authorization policies

8.6CVSS5.8AI score0.00948EPSS

Exploits0References5

OSV•added 2021/08/24 9:15 p.m.•15 views

CVE-2021-32779

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy incorrectly handled a URI 'fragment' element as part of the path element. Envoy is configured with an RBAC filter for authorization or similar mechanism with...

8.3CVSS8.7AI score

Exploits0References2

Positive Technologies•added 2021/04/12 12:0 a.m.•2 views

PT-2021-7366 · Apache +10 · Subversion +11

Name of the Vulnerable Software and Affected Versions: Subversion mod dav svn versions 1.10.0 through 1.14.1 Description: The issue is related to memory corruption in Subversion's mod dav svn. It occurs when mod dav svn servers attempt to use memory that has already been freed while looking up...

8.2CVSS5.2AI score0.08757EPSS

Exploits2References90

UbuntuCve•added 2021/04/12 12:0 a.m.•32 views

CVE-2022-24070

7.5CVSS6.8AI score0.08757EPSS

Exploits0References3

UbuntuCve•added 2021/04/12 12:0 a.m.•34 views

CVE-2021-28544

4.3CVSS6.4AI score0.02696EPSS

Exploits1References3

RedHat Linux•added 2015/09/08 1:9 p.m.•2 views

subversion: Mixed anonymous/authenticated path-based authz with httpd 2.4

It was found that the modauthzsvn module did not properly restrict anonymous access to Subversion repositories under certain configurations when used with Apache httpd 2.4.x. This could allow a user to anonymously access files in a Subversion repository, which should only be accessible to...

5CVSS7.3AI score0.10607EPSS

Exploits0References5

Ubuntu•added 2015/08/20 5:47 p.m.•68 views

USN-2721-1: Subversion vulnerabilities

It was discovered that the Subversion moddavsvn module incorrectly handled REPORT requests for a resource that does not exist. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS...

7.8CVSS7.3AI score0.12841EPSS

Exploits0

OSV•added 2015/08/16 12:0 a.m.•31 views

DLA-293-1 subversion - security update

Bulletin has no description...

4CVSS7.3AI score0.06464EPSS

Exploits0

OSV•added 2015/08/12 2:59 p.m.•1 views

DEBIAN-CVE-2015-3187

The svnrepostracenodelocations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path...

4CVSS6.5AI score0.06464EPSS

Exploits0References1

OSV•added 2015/08/12 2:59 p.m.•8 views

CVE-2015-3187

4CVSS7AI score0.06464EPSS

Exploits0References11