CVSS: 5.9EPSS: 0%CPEs: 94EXPL: 0CVE-2014-3504 – Ubuntu Security Notice USN-2315-1
https://notcve.org/view.php?id=CVE-2014-3504
14 Aug 2014 — The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. Las funciones (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate en Se... • http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html •
CVSS: 7.4EPSS: 23%CPEs: 21EXPL: 0CVE-2014-0032 – subversion: mod_dav_svn crash when handling certain requests with SVNListParentPath on
https://notcve.org/view.php?id=CVE-2014-0032
14 Feb 2014 — The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the "svn ls http://svn.example.com" command. la función get_resource en repos.c en el módulo mod_dav_svn en Apache Subversion anterior a 1.7.15 y 1.8.x anterior a 1.8.6, cuando SVNListParentPath está ... • http://lists.opensuse.org/opensuse-updates/2014-02/msg00086.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 54EXPL: 0CVE-2013-4505 – Slackware Security Advisory - subversion Updates
https://notcve.org/view.php?id=CVE-2013-4505
07 Dec 2013 — The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request. La función is_this_legal en mod_dontdothat para Apache Subversion 1.4.0 a 1.7.13 y 1.8.0 a 1.8.4 permite a atacantes remotos sortear restricciones de acceso intencionadas y posiblemente causar denegación de servicio (consumo de recurso... • http://lists.opensuse.org/opensuse-updates/2013-12/msg00029.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 54EXPL: 0CVE-2013-4277 – Slackware Security Advisory - subversion Updates
https://notcve.org/view.php?id=CVE-2013-4277
10 Sep 2013 — Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option. Svnserve en Apache Subversion 1.4.0 a 1.7.12 y 1.8.0 a 1.8.1 permite a usuarios locales sobrescribir archivos arbirtrarios o matar procesos arbitrarios a través de un ataque de enlaces simbólicos sobre el fichero especificado por la opción --pid-file. svnserve takes a --pid-file option which... • http://lists.opensuse.org/opensuse-updates/2013-09/msg00031.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 2%CPEs: 24EXPL: 2CVE-2013-2088 – Subversion 1.6.6/1.6.12 - Code Execution
https://notcve.org/view.php?id=CVE-2013-2088
31 Jul 2013 — contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename. contrib/hook-scripts/svn-keyword-check.pl en Subversion anterior a 1.6.23, permite a usuarios autenticados remotamente con permisos de "commit" la ejecución de comandos arbitrarios a través de metacaracteres shell en un nombre de archivo. Multiple vulnerabilities have been found in Subversion, allowing attackers ... • https://packetstorm.news/files/id/139131 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 37EXPL: 0CVE-2013-2112 – subversion: Remote DoS due improper handling of early-closing TCP connections
https://notcve.org/view.php?id=CVE-2013-2112
10 Jun 2013 — The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection. El servidor svnserve en Subversion anterior a 1.6.23 y 1.7.x anterior a 1.7.10, permite a atacantes remotos provocar una denegación de servicio (salida) terminando una conexión. Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keepin... • http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html •
CVSS: 6.5EPSS: 0%CPEs: 37EXPL: 0CVE-2013-1968 – format): Filenames with newline character can lead to revision corruption
https://notcve.org/view.php?id=CVE-2013-1968
10 Jun 2013 — Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name. Subversion anterior a 1.6.23 y 1.7.x anterior a 1.7.10, permite a usuarios autenticados remotamente provocar una denegación de servicio (corrupción del repositorio FSF) a través de un carácter de nueva línea en un nombre de archivo. Subversion is a concurrent version control system which enables one or more users to collaborate i... • http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html • CWE-138: Improper Neutralization of Special Elements •
CVSS: 6.5EPSS: 0%CPEs: 33EXPL: 0CVE-2013-1845 – (mod_dav_svn): DoS (excessive memory use) when large number of properties are set or deleted
https://notcve.org/view.php?id=CVE-2013-1845
02 May 2013 — The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory. El modulo mod_dav_svn Apache HTTPD server en Subversion v1.6.x hasta v1.6.21 y v1.7.0 hasta v1.7.8 permite a usuarios remotos autenticados causar una denegación de servicio ((consumo de memoria) mediante un (1) "setting" o (2) "deleting" en u... • http://lists.opensuse.org/opensuse-updates/2013-04/msg00095.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 10%CPEs: 30EXPL: 1CVE-2013-1847 – Apache Subversion 1.6.x - 'mod_dav_svn/lock.c' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2013-1847
02 May 2013 — The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist. El modulo mod_dav_svn Apache HTTPD server en Subversion v1.6.0 hasta v1.6.20 y v1.7.0 hasta v1.7.8 permite a atacantes remotos causar una denegación de servicio (referencia NULL y caída de la aplicación) a través de un bloqueo anónimo para una URL que no existe. Alex... • https://www.exploit-db.com/exploits/38421 •
CVSS: 6.5EPSS: 0%CPEs: 32EXPL: 0CVE-2013-1846 – (mod_dav_svn): DoS (crash) via LOCK requests against an activity URL
https://notcve.org/view.php?id=CVE-2013-1846
02 May 2013 — The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL. El modulo mod_dav_svn Apache HTTPD server en Subversion v1.6.x hasta v1.6.21 y v1.7.0 hasta v1.7.8 permite a usuarios remotos autenticados causar una denegación de servicio (referencia NULL y caída de la aplicación) a través de un bloqueo en una URL vigente. Alexander Klink disco... • http://lists.opensuse.org/opensuse-updates/2013-04/msg00095.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •