MidnightBSD

Advisories for collabnet

CVE-2011-0410 MEDIUM

CollabNet ScrumWorks Basic 1.8.4 uses cleartext credentials for network communication and the internal database, which makes it easier for context-dependent attackers to obtain sensitive information by (1) sniffing the network for transmissions of Java objects or (2) reading the database.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
collabnet scrumworks 1.8.4
CVE-2012-2603 MEDIUM

The server in CollabNet ScrumWorks Pro before 6.0 allows remote authenticated users to gain privileges and obtain sensitive information via a modified desktop client.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
collabnet scrumworks *
CVE-2013-1968 MEDIUM

Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache subversion 1.6.12
apache subversion 1.6.0
apache subversion 1.6.14
apache subversion 1.6.18
apache subversion 1.7.5
collabnet subversion 1.6.17
apache subversion 1.7.3
apache subversion 1.7.4
apache subversion *
apache subversion 1.6.17
apache subversion 1.6.11
apache subversion 1.7.8
apache subversion 1.6.6
apache subversion 1.6.10
apache subversion 1.7.2
apache subversion 1.7.0
apache subversion 1.6.13
apache subversion 1.6.16
apache subversion 1.6.19
apache subversion 1.7.7
apache subversion 1.6.4
apache subversion 1.6.9
opensuse opensuse 11.4
apache subversion 1.6.20
canonical ubuntu_linux 13.04
apache subversion 1.7.6
apache subversion 1.7.9
apache subversion 1.7.1
canonical ubuntu_linux 12.10
apache subversion 1.6.15
apache subversion 1.6.7
apache subversion 1.6.2
apache subversion 1.6.1
apache subversion 1.6.5
apache subversion 1.6.3
apache subversion 1.6.8
canonical ubuntu_linux 12.04
CVE-2013-2088 HIGH

contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apache subversion 1.6.12
apache subversion 1.6.0
apache subversion 1.6.14
apache subversion 1.6.18
collabnet subversion 1.6.17
apache subversion *
apache subversion 1.6.17
apache subversion 1.6.11
apache subversion 1.6.6
apache subversion 1.6.10
apache subversion 1.6.13
apache subversion 1.6.16
apache subversion 1.6.19
apache subversion 1.6.4
apache subversion 1.6.9
opensuse opensuse 11.4
apache subversion 1.6.20
apache subversion 1.6.15
apache subversion 1.6.7
apache subversion 1.6.2
apache subversion 1.6.1
apache subversion 1.6.5
apache subversion 1.6.3
apache subversion 1.6.8
CVE-2013-2112 HIGH

The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
apache subversion 1.6.12
apache subversion 1.6.0
apache subversion 1.6.14
apache subversion 1.6.18
apache subversion 1.7.5
collabnet subversion 1.6.17
apache subversion 1.7.3
apache subversion 1.7.4
apache subversion *
apache subversion 1.6.17
apache subversion 1.6.11
apache subversion 1.7.8
apache subversion 1.6.6
apache subversion 1.6.10
apache subversion 1.7.2
apache subversion 1.7.0
apache subversion 1.6.13
apache subversion 1.6.16
apache subversion 1.6.19
apache subversion 1.7.7
apache subversion 1.6.4
apache subversion 1.6.9
opensuse opensuse 11.4
apache subversion 1.6.20
canonical ubuntu_linux 13.04
apache subversion 1.7.6
apache subversion 1.7.9
apache subversion 1.7.1
canonical ubuntu_linux 12.10
apache subversion 1.6.15
apache subversion 1.6.7
apache subversion 1.6.2
apache subversion 1.6.1
apache subversion 1.6.5
apache subversion 1.6.3
apache subversion 1.6.8
canonical ubuntu_linux 12.04