Download
| Alert*
|
oval:org.secpod.oval:def:1164
Apache Subversion is installed (x86) oval:org.secpod.oval:def:20663 The host is installed with Apache Subversion 1.8.0 before 1.8.2 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle a symlink attack. Successful exploitation could allow local users to gain privileges via a symlink attack on the ... oval:org.secpod.oval:def:20664 The host is installed with Subversion 1.8.0 before 1.8.3 and is prone to a local privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle a symlink attack on the pid file. Successful exploitation could allow local users to gain privileges. oval:org.secpod.oval:def:20722 The host is installed with Subversion 1.0.0 before 1.5.7 or 1.6.x before 1.6.4 and is prone to a heap based buffer overflow vulnerability. A flaw is present in the application, which fails to handle an svndiff stream with large windows. Successful exploitation could allow attackers to execute arbitr ... oval:org.secpod.oval:def:20708 The host is installed with Apache Subversion 1.8.0 before 1.8.2 and is prone to a FSFS repository corruption vulnerability. A flaw is present in the application, which fails to proper edit revision properties. Successful exploitation could allow wrong file to get deleted. oval:org.secpod.oval:def:22276 The host is installed with Apache Subversion 1.7.x before 1.7.19 or 1.8.x before 1.8.11 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a request for a URI that triggers a lookup for a virtual transaction name that does not exis ... oval:org.secpod.oval:def:24061 The host is installed with Apache Subversion 1.5.0 through 1.7.19 or 1.8.0 through 1.8.11 and is prone to svn:author property spoofing vulnerability. A flaw is present in the application, which fails to handle crafted v1 HTTP protocol request sequences. Successful exploitation could allow attackers ... oval:org.secpod.oval:def:24062 The host is installed with Apache Subversion 1.8.0 through 1.8.11 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a large number of REPORT requests. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:24063 The host is installed with Apache Subversion 1.6.0 through 1.7.19 or 1.8.0 through 1.8.11 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle crafted parameter combinations related to dynamically evaluated revision numbers. Successful exploi ... oval:org.secpod.oval:def:34614 The host is installed with Apache Subversion 1.7.x, 1.8.x before 1.8.15 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to handle a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow. Successful exploita ... oval:org.secpod.oval:def:33818 The host is installed with Apache Subversion 1.9.x before 1.9.3 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to handle a svn:// protocol string which triggers a heap-based buffer overflow and an out-of-bounds read. Successful exploitation could ... oval:org.secpod.oval:def:15918 The host is installed with Apache Subversion 1.4.0 through 1.7.12 or 1.8.0 through 1.8.1 and is prone to local privilege escalation vulnerability. The flaw is present in Svnserve in Apache Subversion, which fails to properly handle a symlink attack on the file specified by the --pid-file option. Suc ... oval:org.secpod.oval:def:16222 The host is installed with Apache Subversion 1.4.0 through 1.7.13 or 1.8.0 through 1.8.4 and is prone to security bypass vulnerability. The flaw is present in is_this_legal function in mod_dontdothat in Apache Subversion, which fails to properly handle a relative URL in a REPORT request. Successful ... oval:org.secpod.oval:def:26233 The host is installed with Apache Subversion before 1.7.21 or 1.8.x before 1.8.14 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle the history of a node that has been moved from a hidden path. Successful exploitation could allow att ... oval:org.secpod.oval:def:1166 The host is installed with Apache Subversion and is prone to memory corruption vulnerability. A flaw is present in the application which is caused due to infinite loop error when the SVNPathAuthz short_circuit option is enabled. Successful exploitation allows remote attacker to cause denial of servi ... oval:org.secpod.oval:def:1165 The host is installed with Apache Subversion and is prone to denial of service vulnerability. A flaw is present in the application which is caused by a NULL pointer dereference in the mod_dav_svn.so module when processing baselined WebDAV resources. Successful exploitation allows remote attacker to ... oval:org.secpod.oval:def:1167 The host is installed with Apache Subversion and is prone to information disclosure Vulnerability. A flaw is present in the application which fails to properly enforce permissions for files, when the SVNPathAuthz short_circuit option is disabled. Successful exploitation allows remote attacker to obt ... oval:org.secpod.oval:def:20719 The host is installed with Subversion before 1.5.0 before 1.5.8 or 1.6.0 before 1.6.15 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a via the -g Option to the Blame Command. Successful exploitation could allow attackers to crash the s ... oval:org.secpod.oval:def:20721 The host is installed with Subversion 1.0.0 before 1.5.9 or 1.6.0 before 1.6.15 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a named repository as a rule scope. Successful exploitation could allow attackers to bypass intended access r ... oval:org.secpod.oval:def:22277 The host is installed with Apache Subversion 1.7.x before 1.7.19 or 1.8.x before 1.8.11 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a REPORT request for a resource that does not exist. Successful exploitation could allow rem ... oval:org.secpod.oval:def:20718 The host is installed with Subversion 1.2.0 before 1.6.16 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a request that contains a lock token. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:34612 The host is installed with Apache Subversion 1.0.x before 1.8.15 and is prone to a null pointer dereference vulnerability. A flaw is present in the application, which fails to handle a crafted header in a MOVE or COPY request. Successful exploitation could allow remote attackers to cause a denial of ... oval:org.secpod.oval:def:20713 The host is installed with Subversion 1.7.0 through 1.7.8 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a log REPORT request with an invalid limit. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:20714 The host is installed with Subversion 1.6.x through 1.6.20 or 1.7.0 through 1.7.8 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a PROPFIND request for an activity URL. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:20711 The host is installed with Subversion before 1.6.23 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which improperly treats aborted connections as critical errors. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:20712 The host is installed with Subversion before 1.6.23 or 1.7.0 before 1.7.10 and is prone to a fsfs repository corruption vulnerability. A flaw is present in the application, which fails to properly handle a newline character in a file name. Successful exploitation could allow attackers to crash the s ... oval:org.secpod.oval:def:20710 The host is installed with Subversion before 1.6.23 or 1.7.0 before 1.7.10 and is prone to a denial of service vulnerability. A flaw is present in the application, which improperly treats aborted connections as critical errors. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:17040 The host is installed with Apache Subversion before 1.7.15 or 1.8.x before 1.8.6 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle vectors related to the server root and request methods other than GET. Successful exploitation could allow a ... oval:org.secpod.oval:def:20717 The host is installed with Subversion 1.0.0 through 1.6.20 or 1.7.0 through 1.7.8 and is prone to memory consumption vulnerability. A flaw is present in the application, which fails to handle (1) setting or (2) deleting a large number of properties for a file or directory. Successful exploitation co ... oval:org.secpod.oval:def:20715 The host is installed with Subversion 1.6.x through 1.6.20 or 1.7.0 through 1.7.8 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle an anonymous LOCK for a URL that does not exist. Successful exploitation could allow attackers to crash the ... oval:org.secpod.oval:def:20913 The host is installed with Apache Subversion 1.4.0 through 1.7.x before 1.7.18 or 1.8.x before 1.8.10 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the application, which fails to handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certific ... oval:org.secpod.oval:def:20716 The host is installed with Subversion 1.0.0 through 1.6.20 or 1.7.0 through 1.7.8 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle an anonymous LOCK for a URL that does not exist. Successful exploitation could allow attackers to crash the ... oval:org.secpod.oval:def:20914 The host is installed with Apache Subversion 1.0.0 through 1.7.x before 1.7.18 or 1.8.x before 1.8.10 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle a crafted authentication realm. Successful exploitation could allow remote serv ... oval:org.secpod.oval:def:20720 The host is installed with Subversion before 1.5.0 before 1.5.8 or 1.6.0 before 1.6.15 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle a named repository as a rule scope. Successful exploitation could allow attackers to bypass intended acc ... oval:org.secpod.oval:def:20709 The host is installed with Subversion 1.7.0 through 1.7.10 or 1.8.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root. Successful exploitation could allow remote u ... oval:org.secpod.oval:def:34613 The host is installed with Apache Subversion 1.5.x before 1.8.15 and is prone to an intended access restriction bypass vulnerability. A flaw is present in the application, which fails to handle a realm string that is a prefix of an expected repository realm string. Successful exploitation could allo ... oval:org.secpod.oval:def:58785 The host is installed with Apache Subversion 1.9.x through 1.9.10, 1.10.x through 1.10.4 or 1.12.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a well-formed read-only request. Successful exploitation could allow remote attackers to c ... oval:org.secpod.oval:def:58784 The host is installed with Apache Subversion 1.9.x through 1.9.10, 1.10.x through 1.10.4 or 1.12.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle certain sequences of protocol commands. Successful exploitation could allow remote attacke ... oval:org.secpod.oval:def:16223 The host is installed with Apache Subversion 1.7.11 through 1.7.12 or 1.8.0 through 1.8.4 and is prone to denial of service vulnerability. The flaw is present in get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Apache Subversion, which fails to properly handle a n ... oval:org.secpod.oval:def:26234 The host is installed with Apache Subversion before 1.7.21, 1.8.x before 1.8.14 or Apache HTTP Server 2.4.x through 2.4.12 and is prone to an information disclosure vulnerability. A flaw is present in the applications, which fail to properly restrict anonymous access. Successful exploitation could a ... |
