CVE-2013-2088 – Subversion 1.6.6/1.6.12 - Code Execution
https://notcve.org/view.php?id=CVE-2013-2088
contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename. contrib/hook-scripts/svn-keyword-check.pl en Subversion anterior a 1.6.23, permite a usuarios autenticados remotamente con permisos de "commit" la ejecución de comandos arbitrarios a través de metacaracteres shell en un nombre de archivo. Subversion versions 1.6.6 and 1.6.12 suffers from a code execution vulnerability. • https://www.exploit-db.com/exploits/40507 http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18772 https://subversion.apache.org/security/ • CWE-20: Improper Input Validation •
CVE-2013-2112 – subversion: Remote DoS due improper handling of early-closing TCP connections
https://notcve.org/view.php?id=CVE-2013-2112
The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection. El servidor svnserve en Subversion anterior a 1.6.23 y 1.7.x anterior a 1.7.10, permite a atacantes remotos provocar una denegación de servicio (salida) terminando una conexión. • http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E http://rhn.redhat.com/errata/RHSA-2014-0255.html http://www.debian.org/security/2013/dsa-2703 http://www.ubuntu.com/usn/USN-1893-1 https://oval.cisecurity •
CVE-2013-1968 – format): Filenames with newline character can lead to revision corruption
https://notcve.org/view.php?id=CVE-2013-1968
Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name. Subversion anterior a 1.6.23 y 1.7.x anterior a 1.7.10, permite a usuarios autenticados remotamente provocar una denegación de servicio (corrupción del repositorio FSF) a través de un carácter de nueva línea en un nombre de archivo. • http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E http://rhn.redhat.com/errata/RHSA-2014-0255.html http://www.debian.org/security/2013/dsa-2703 http://www.ubuntu.com/usn/USN-1893-1 https://oval.cisecurity • CWE-138: Improper Neutralization of Special Elements •
CVE-2012-2603
https://notcve.org/view.php?id=CVE-2012-2603
The server in CollabNet ScrumWorks Pro before 6.0 allows remote authenticated users to gain privileges and obtain sensitive information via a modified desktop client. El servidor en CollabNet ScrumWorks Pro anteriores a v6.0 permite a usuarios remotos autenticados obtener privilegios y obtener información sensible a través de un cliente de escritorio modificado. • http://www.kb.cert.org/vuls/id/442595 http://www.kb.cert.org/vuls/id/MAPG-8RJPJX • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2011-0410
https://notcve.org/view.php?id=CVE-2011-0410
CollabNet ScrumWorks Basic 1.8.4 uses cleartext credentials for network communication and the internal database, which makes it easier for context-dependent attackers to obtain sensitive information by (1) sniffing the network for transmissions of Java objects or (2) reading the database. CollabNet ScrumWorks Basic v1.8.4 utiliza las credenciales en texto plano para la comunicación de la red y la base de datos interna, que facilita a los atacantes dependientes de contexto a obtener información sensible mediante (1) espiando las transmisiones de los objetos Java o (2) lectura de la base de datos • http://osvdb.org/70601 http://osvdb.org/70602 http://secunia.com/advisories/43010 http://www.kb.cert.org/vuls/id/547167 https://exchange.xforce.ibmcloud.com/vulnerabilities/64883 • CWE-310: Cryptographic Issues •