EUVD-2014-7955

Malware in sbrugna...

CLSA-2025-1745052021 Fix CVE(s): CVE-2020-1739

SECURITY UPDATE: password disclosure via svn module argument - debian/patches/CVE-2020-1739.patch: Fix security issue by providing password securely with --password-from-stdin option and warn if svn version is too old to support it - CVE-2020-1739...

SUSE CVE-2011-1752

The moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a request for a baselined WebDAV resource, as exploited in the wild in May 2011...

SUSE CVE-2020-1739

A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from...

CLSA-2022-1654175590 Fixed CVE-2022-24070 in subversion-4.module_el8.5.0+2053+ac338b6d.tuxcare.els1

CVE-2022-24070: fix use-after-free of object-pools when used as httpd module...

CLSA-2022-1654175372 Fixed CVE-2022-24070 in subversion-4.module_el8.4.0+2052+ac338b6d.tuxcare.els1

CVE-2022-24070: fix use-after-free of object-pools when used as httpd module...

GHSA-923P-FR2C-G5M2 Exposure of Sensitive Information to an Unauthorized Actor in Ansible

A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from...

EUVD-2020-9463

Subversion's modauthzsvn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in...

subversion: Remote unauthenticated denial of service in mod_authz_svn

A null-pointer-dereference flaw was found in modauthzsvn of subversion. This flaw allows a remote, unauthenticated attacker to cause a denial of service in some server configurations. The highest threat from this vulnerability is to system availability...

ansible: svn module leaks password when specified as a parameter

A flaw was found in Ansible Engine. When a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs...

ansible: svn module leaks password when specified as a parameter

A flaw was found in Ansible Engine. When a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs...

UBUNTU-CVE-2020-1739

A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from...

PYSEC-2020-11

A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from...

ALPINE-CVE-2018-11803

Subversion's moddavsvn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation...

MGASA-2017-0009 Updated subversion packages fix security vulnerability

Subversion's moddontdothat module and clients using https:// are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack, otherwise known as the "billion laughs attack", targets XML parsers and can cause the targeted process to consume an excessive amount o...

UBUNTU-CVE-2014-8108

The moddavsvn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a request for a URI that triggers a lookup for a virtual transaction name that does not exist...

httpd: mod_dav DoS (httpd child process crash) via a URI MERGE request with source URI not handled by mod_dav

moddav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service segmentation fault via a MERGE request in which the URI is configured for handling by the moddavsvn module, but a certain href...

DEBIAN-CVE-2013-1884

The moddavsvn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service segmentation fault and crash via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable...

CVE-2004-0749

The modauthzsvn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via 1 svn log -v, 2 svn propget, or 3 svn blame, and other commands that follow renames...