CVSS: 6.5EPSS: 8%CPEs: 84EXPL: 0CVE-2016-8734 – Debian Security Advisory 3932-1
https://notcve.org/view.php?id=CVE-2016-8734
10 Aug 2017 — Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory. El módulo mod_dontdothat y los clientes HTTP en su versión 1.4.0 hasta la 1.8.16 y 1.9.0 hasta la 1.9.4 de Apache Subversion son vulnerables a un ataque de denegación de servicio (DoS) provocado por la expansión expon... • http://www.debian.org/security/2017/dsa-3932 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 12%CPEs: 5EXPL: 0CVE-2016-2168 – Ubuntu Security Notice USN-3388-2
https://notcve.org/view.php?id=CVE-2016-2168
29 Apr 2016 — The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check. La función req_check_access en el módulo mod_authz_svn en el servidor httpd en Apache Subversion en versiones anteriores a 1.8.16 y 1.9.x en versiones anteriores a 1.9.4 permite a usuari... • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html •
CVSS: 6.8EPSS: 1%CPEs: 5EXPL: 0CVE-2016-2167 – Ubuntu Security Notice USN-3388-2
https://notcve.org/view.php?id=CVE-2016-2167
29 Apr 2016 — The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string. La función canonicalize_username en svnserve/cyrus_auth.c en Apache Subversion en versiones anteriores a 1.8.16 y 1.9.x en versiones anteriores a 1.9.4, cuando se utiliza autenticación Cyrus SASL, ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184545.html • CWE-284: Improper Access Control •
CVSS: 8.0EPSS: 10%CPEs: 4EXPL: 0CVE-2015-5343 – Slackware Security Advisory - subversion Updates
https://notcve.org/view.php?id=CVE-2015-5343
17 Dec 2015 — Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow. Desbordamiento de entero en util.c en mod_dav_svn en Apache Subversion 1.7.x, 1.8.x en versiones anteriores a 1.8.15 y 1.9.x en versiones anteriores ... • http://subversion.apache.org/security/CVE-2015-5343-advisory.txt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 18%CPEs: 112EXPL: 0CVE-2011-0715 – (mod_dav_svn): DoS (NULL ptr deref) by a lock token sent from a not authenticated Subversion client
https://notcve.org/view.php?id=CVE-2011-0715
11 Mar 2011 — The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token. El módulo mod_dav_svn para el servidor Apache HTTP, como el distribuido en Apache Subversion antes de v1.6.16, permite a atacantes remotos provocar una denegación de servicio (desreferenciar de puntero NULL y caída de demonio) a través de una solicitud que contiene un to... • http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html •
CVSS: 7.5EPSS: 1%CPEs: 111EXPL: 1CVE-2010-4539 – (mod_dav_svn): DoS (crash) by processing certain requests to display all available repositories to a web browser
https://notcve.org/view.php?id=CVE-2010-4539
07 Jan 2011 — The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections. La función walk en repos.c en el módulo mod_dav_svn para el servidor Apache HTTP, como los distribuidos en Apache Subversion anteriores a v1.6.15, permite a usuarios remotos autenticados causar una denega... • http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053230.html • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 1%CPEs: 111EXPL: 1CVE-2010-4644 – Subversion: DoS (memory consumption) by processing blame or log -g requests on certain files
https://notcve.org/view.php?id=CVE-2010-4644
07 Jan 2011 — Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command. Múltiples fugas de memoria en rev_hunt.c Subversion en Apache anteriores a v1.6.15, permite a usuarios remotos autenticados causar una denegación de servicio (consumo de memoria y caída de demonio) a través de la opción -g sobre el comando blame. Multiple vulnerabilities have been found in Subversion... • http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053230.html • CWE-399: Resource Management Errors •