CollabNet ScrumWorks Basic 1.8.4 uses cleartext credentials for network communication and the internal database, which makes it easier for context-dependent attackers to obtain sensitive information by (1) sniffing the network for transmissions of Java objects or (2) reading the database.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| collabnet | scrumworks | 1.8.4 |
The server in CollabNet ScrumWorks Pro before 6.0 allows remote authenticated users to gain privileges and obtain sensitive information via a modified desktop client.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| collabnet | scrumworks | * |
Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| apache | subversion | 1.6.12 |
| apache | subversion | 1.6.0 |
| apache | subversion | 1.6.14 |
| apache | subversion | 1.6.18 |
| apache | subversion | 1.7.5 |
| collabnet | subversion | 1.6.17 |
| apache | subversion | 1.7.3 |
| apache | subversion | 1.7.4 |
| apache | subversion | * |
| apache | subversion | 1.6.17 |
| apache | subversion | 1.6.11 |
| apache | subversion | 1.7.8 |
| apache | subversion | 1.6.6 |
| apache | subversion | 1.6.10 |
| apache | subversion | 1.7.2 |
| apache | subversion | 1.7.0 |
| apache | subversion | 1.6.13 |
| apache | subversion | 1.6.16 |
| apache | subversion | 1.6.19 |
| apache | subversion | 1.7.7 |
| apache | subversion | 1.6.4 |
| apache | subversion | 1.6.9 |
| opensuse | opensuse | 11.4 |
| apache | subversion | 1.6.20 |
| canonical | ubuntu_linux | 13.04 |
| apache | subversion | 1.7.6 |
| apache | subversion | 1.7.9 |
| apache | subversion | 1.7.1 |
| canonical | ubuntu_linux | 12.10 |
| apache | subversion | 1.6.15 |
| apache | subversion | 1.6.7 |
| apache | subversion | 1.6.2 |
| apache | subversion | 1.6.1 |
| apache | subversion | 1.6.5 |
| apache | subversion | 1.6.3 |
| apache | subversion | 1.6.8 |
| canonical | ubuntu_linux | 12.04 |
contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| apache | subversion | 1.6.12 |
| apache | subversion | 1.6.0 |
| apache | subversion | 1.6.14 |
| apache | subversion | 1.6.18 |
| collabnet | subversion | 1.6.17 |
| apache | subversion | * |
| apache | subversion | 1.6.17 |
| apache | subversion | 1.6.11 |
| apache | subversion | 1.6.6 |
| apache | subversion | 1.6.10 |
| apache | subversion | 1.6.13 |
| apache | subversion | 1.6.16 |
| apache | subversion | 1.6.19 |
| apache | subversion | 1.6.4 |
| apache | subversion | 1.6.9 |
| opensuse | opensuse | 11.4 |
| apache | subversion | 1.6.20 |
| apache | subversion | 1.6.15 |
| apache | subversion | 1.6.7 |
| apache | subversion | 1.6.2 |
| apache | subversion | 1.6.1 |
| apache | subversion | 1.6.5 |
| apache | subversion | 1.6.3 |
| apache | subversion | 1.6.8 |
The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| apache | subversion | 1.6.12 |
| apache | subversion | 1.6.0 |
| apache | subversion | 1.6.14 |
| apache | subversion | 1.6.18 |
| apache | subversion | 1.7.5 |
| collabnet | subversion | 1.6.17 |
| apache | subversion | 1.7.3 |
| apache | subversion | 1.7.4 |
| apache | subversion | * |
| apache | subversion | 1.6.17 |
| apache | subversion | 1.6.11 |
| apache | subversion | 1.7.8 |
| apache | subversion | 1.6.6 |
| apache | subversion | 1.6.10 |
| apache | subversion | 1.7.2 |
| apache | subversion | 1.7.0 |
| apache | subversion | 1.6.13 |
| apache | subversion | 1.6.16 |
| apache | subversion | 1.6.19 |
| apache | subversion | 1.7.7 |
| apache | subversion | 1.6.4 |
| apache | subversion | 1.6.9 |
| opensuse | opensuse | 11.4 |
| apache | subversion | 1.6.20 |
| canonical | ubuntu_linux | 13.04 |
| apache | subversion | 1.7.6 |
| apache | subversion | 1.7.9 |
| apache | subversion | 1.7.1 |
| canonical | ubuntu_linux | 12.10 |
| apache | subversion | 1.6.15 |
| apache | subversion | 1.6.7 |
| apache | subversion | 1.6.2 |
| apache | subversion | 1.6.1 |
| apache | subversion | 1.6.5 |
| apache | subversion | 1.6.3 |
| apache | subversion | 1.6.8 |
| canonical | ubuntu_linux | 12.04 |