Page 2 of 7 results (0.002 seconds)

CVSS: 5.0EPSS: 0%CPEs: 33EXPL: 0

The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors. La vista SVN de funcionalidad remota (lib/vclib/svn/svn_ra.py) en ViewVC anterior a v1.1.15 no realiza correctamente la autorización, permite a atacantes remotos eludir restricciones de acceso a través destinados vectores no especificados. • http://osvdb.org/83225 http://viewvc.tigris.org/issues/show_bug.cgi?id=353 http://viewvc.tigris.org/source/browse/%2Acheckout%2A/viewvc/tags/1.1.15/CHANGES http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2755 http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2756 http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2757 http://viewvc.tigris.org/source/browse/viewvc? • CWE-287: Improper Authentication •

CVSS: 5.0EPSS: 0%CPEs: 33EXPL: 0

The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a "log msg leak." La revisión de la vista SVN (lib/vclib/svn/svn_repos.py) en ViewVC anterior a 1.1.15 no controla correctamente los mensajes de registro cuando se copia un camino legible de una ruta ilegible, lo que permite a atacantes remotos obtener información sensible, relacionada con un "log msg leak". • http://osvdb.org/83227 http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2758 http://www.debian.org/security/2012/dsa-2563 http://www.mandriva.com/security/advisories?name=MDVSA-2013:134 http://www.openwall.com/lists/oss-security/2012/06/25/8 http://www.securityfocus.com/bid/54199 https://exchange.xforce.ibmcloud.com/vulnerabilities/76615 https://lwn.net/Articles/505096 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0175 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •