CVSS: 7.5EPSS: 5%CPEs: 96EXPL: 0CVE-2014-8108 – subversion: NULL pointer dereference flaw in mod_dav_svn when handling URIs for virtual transaction names
https://notcve.org/view.php?id=CVE-2014-8108
18 Dec 2014 — The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist. El módulo mod_dav del servidor Apache HTTPD en Apache Subversion 1.7.x anterior a 1.7.19 y 1.8.x anterior a 1.8.11 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero nulo y caída) ... • http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 2%CPEs: 94EXPL: 0CVE-2014-3504 – Ubuntu Security Notice USN-2315-1
https://notcve.org/view.php?id=CVE-2014-3504
14 Aug 2014 — The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. Las funciones (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate en Se... • http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html •
CVSS: 5.9EPSS: 1%CPEs: 72EXPL: 0CVE-2014-3522 – Ubuntu Security Notice USN-2316-1
https://notcve.org/view.php?id=CVE-2014-3522
14 Aug 2014 — The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. La capa Serf RA en Apache Subversion 1.4.0 hasta 1.7.x anterior a 1.7.18 y 1.8.x anterior a 1.8.10 no maneja debidamente los comodines (wildcards) en el campo Common Name (CN) o subjectAltName de un certificado X.509, lo ... • http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html • CWE-297: Improper Validation of Certificate with Host Mismatch •
CVSS: 7.4EPSS: 3%CPEs: 103EXPL: 0CVE-2014-3528 – subversion: credentials leak via MD5 collision
https://notcve.org/view.php?id=CVE-2014-3528
14 Aug 2014 — Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm. Apache Subversion 1.0.0 hasta 1.7.x anterior a 1.7.17 y 1.8.x anterior a 1.8.10 utiliza un hash MD5 de la URL y el reino (realm) de la autenticación para almacenar las credenciales de caché, lo que facilita a servidores remotos obtener credenciales a ... • http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-255: Credentials Management Errors •
CVSS: 7.4EPSS: 31%CPEs: 21EXPL: 0CVE-2014-0032 – subversion: mod_dav_svn crash when handling certain requests with SVNListParentPath on
https://notcve.org/view.php?id=CVE-2014-0032
14 Feb 2014 — The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the "svn ls http://svn.example.com" command. la función get_resource en repos.c en el módulo mod_dav_svn en Apache Subversion anterior a 1.7.15 y 1.8.x anterior a 1.8.6, cuando SVNListParentPath está ... • http://lists.opensuse.org/opensuse-updates/2014-02/msg00086.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 18%CPEs: 112EXPL: 0CVE-2011-0715 – (mod_dav_svn): DoS (NULL ptr deref) by a lock token sent from a not authenticated Subversion client
https://notcve.org/view.php?id=CVE-2011-0715
11 Mar 2011 — The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token. El módulo mod_dav_svn para el servidor Apache HTTP, como el distribuido en Apache Subversion antes de v1.6.16, permite a atacantes remotos provocar una denegación de servicio (desreferenciar de puntero NULL y caída de demonio) a través de una solicitud que contiene un to... • http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html •
CVSS: 7.5EPSS: 1%CPEs: 111EXPL: 1CVE-2010-4539 – (mod_dav_svn): DoS (crash) by processing certain requests to display all available repositories to a web browser
https://notcve.org/view.php?id=CVE-2010-4539
07 Jan 2011 — The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections. La función walk en repos.c en el módulo mod_dav_svn para el servidor Apache HTTP, como los distribuidos en Apache Subversion anteriores a v1.6.15, permite a usuarios remotos autenticados causar una denega... • http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053230.html • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 1%CPEs: 111EXPL: 1CVE-2010-4644 – Subversion: DoS (memory consumption) by processing blame or log -g requests on certain files
https://notcve.org/view.php?id=CVE-2010-4644
07 Jan 2011 — Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command. Múltiples fugas de memoria en rev_hunt.c Subversion en Apache anteriores a v1.6.15, permite a usuarios remotos autenticados causar una denegación de servicio (consumo de memoria y caída de demonio) a través de la opción -g sobre el comando blame. Multiple vulnerabilities have been found in Subversion... • http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053230.html • CWE-399: Resource Management Errors •