CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-2167 – Ubuntu Security Notice USN-3388-2
https://notcve.org/view.php?id=CVE-2016-2167
29 Apr 2016 — The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string. La función canonicalize_username en svnserve/cyrus_auth.c en Apache Subversion en versiones anteriores a 1.8.16 y 1.9.x en versiones anteriores a 1.9.4, cuando se utiliza autenticación Cyrus SASL, ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 7%CPEs: 5EXPL: 0CVE-2016-2168 – Ubuntu Security Notice USN-3388-2
https://notcve.org/view.php?id=CVE-2016-2168
29 Apr 2016 — The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check. La función req_check_access en el módulo mod_authz_svn en el servidor httpd en Apache Subversion en versiones anteriores a 1.8.16 y 1.9.x en versiones anteriores a 1.9.4 permite a usuari... • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2015-3187 – subversion: svn_repos_trace_node_locations() reveals paths hidden by authz
https://notcve.org/view.php?id=CVE-2015-3187
12 Aug 2015 — The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. Vulnerabilidad en la función svn_repos_trace_node_locations en Apache Subversion en versiones anteriores a 1.7.21 y 1.8.x en versiones anteriores a 1.8.14, cuando se utiliza autorización basada en ruta, permite a usuarios rem... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 96EXPL: 0CVE-2014-8108 – subversion: NULL pointer dereference flaw in mod_dav_svn when handling URIs for virtual transaction names
https://notcve.org/view.php?id=CVE-2014-8108
18 Dec 2014 — The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist. El módulo mod_dav del servidor Apache HTTPD en Apache Subversion 1.7.x anterior a 1.7.19 y 1.8.x anterior a 1.8.11 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero nulo y caída) ... • http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 9%CPEs: 103EXPL: 0CVE-2014-3580 – subversion: NULL pointer dereference flaw in mod_dav_svn when handling REPORT requests
https://notcve.org/view.php?id=CVE-2014-3580
18 Dec 2014 — The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist. El módulo mod_dav_svn Apache HTTPD del servidor Apache Subversion 1.x anterior a 1.7.19 y 1.8.x anterior a 1.8.11 permite a atacantes remotos llevar a cabo una denegación de servicio (referencia a puntero nulo y caída de servidor) mediante una petición... • http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.4EPSS: 0%CPEs: 103EXPL: 0CVE-2014-3528 – subversion: credentials leak via MD5 collision
https://notcve.org/view.php?id=CVE-2014-3528
14 Aug 2014 — Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm. Apache Subversion 1.0.0 hasta 1.7.x anterior a 1.7.17 y 1.8.x anterior a 1.8.10 utiliza un hash MD5 de la URL y el reino (realm) de la autenticación para almacenar las credenciales de caché, lo que facilita a servidores remotos obtener credenciales a ... • http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-255: Credentials Management Errors •
CVSS: 5.9EPSS: 0%CPEs: 94EXPL: 0CVE-2014-3504 – Ubuntu Security Notice USN-2315-1
https://notcve.org/view.php?id=CVE-2014-3504
14 Aug 2014 — The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. Las funciones (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate en Se... • http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html •
CVSS: 7.4EPSS: 23%CPEs: 21EXPL: 0CVE-2014-0032 – subversion: mod_dav_svn crash when handling certain requests with SVNListParentPath on
https://notcve.org/view.php?id=CVE-2014-0032
14 Feb 2014 — The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the "svn ls http://svn.example.com" command. la función get_resource en repos.c en el módulo mod_dav_svn en Apache Subversion anterior a 1.7.15 y 1.8.x anterior a 1.8.6, cuando SVNListParentPath está ... • http://lists.opensuse.org/opensuse-updates/2014-02/msg00086.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 2%CPEs: 24EXPL: 2CVE-2013-2088 – Subversion 1.6.6/1.6.12 - Code Execution
https://notcve.org/view.php?id=CVE-2013-2088
31 Jul 2013 — contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename. contrib/hook-scripts/svn-keyword-check.pl en Subversion anterior a 1.6.23, permite a usuarios autenticados remotamente con permisos de "commit" la ejecución de comandos arbitrarios a través de metacaracteres shell en un nombre de archivo. Multiple vulnerabilities have been found in Subversion, allowing attackers ... • https://packetstorm.news/files/id/139131 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 37EXPL: 0CVE-2013-2112 – subversion: Remote DoS due improper handling of early-closing TCP connections
https://notcve.org/view.php?id=CVE-2013-2112
10 Jun 2013 — The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection. El servidor svnserve en Subversion anterior a 1.6.23 y 1.7.x anterior a 1.7.10, permite a atacantes remotos provocar una denegación de servicio (salida) terminando una conexión. Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keepin... • http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html •