CVSS: 6.5EPSS: 0%CPEs: 21EXPL: 0CVE-2010-3315 – Subversion: Access restriction bypass by checkout of the root of the repository
https://notcve.org/view.php?id=CVE-2010-3315
04 Oct 2010 — authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands. authz.c del módulo mod_dav_svn del servidor HTTP Apache, como se ha distribuído en Apache Subversion v1.5.x anteriores a la v1.5.8 y v1.6.x anteriores a la v1.6.13, cua... • http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html • CWE-16: Configuration •
CVSS: 7.5EPSS: 4%CPEs: 26EXPL: 0CVE-2011-1921 – (mod_dav_svn): File contents disclosure of files configured to be unreadable by those users
https://notcve.org/view.php?id=CVE-2011-1921
02 Jun 2010 — The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation. El módulo mod_dav_svn para Apache HTTP Server, como se distribuye en Apache Subversion v1.5.x y v1.6.x anteriores a 1.6.17,cuando la opción SVNPathAuthz... • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 6%CPEs: 9EXPL: 0CVE-2011-1752 – (mod_dav_svn): DoS (crash) via request to deliver baselined WebDAV resources
https://notcve.org/view.php?id=CVE-2011-1752
02 Jun 2010 — The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011. Módulo mod_dav_svn para Apache HTTP Server, como se distribuye en Apache Subversion antes de v1.6.17, permite a atacantes remotos provocar una denegación de servicio ( desreferenciar punteros Nulos y caída del demonio ) a través... • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 5%CPEs: 10EXPL: 0CVE-2011-1783 – (mod_dav_svn): DoS (excessive memory use) when configured to provide path-based access control
https://notcve.org/view.php?id=CVE-2011-1783
02 Jun 2010 — The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data. El módulo mod_dav_svn para Apache HTTP Server, como se distribuye en Apache Subersion v1.5.x y v1.6.x antes de 1.6.17, cuando la opción SVNPathAuthz short_circuit está habilitada permite a atacant... • http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html •
CVSS: 9.8EPSS: 6%CPEs: 64EXPL: 0CVE-2009-2411 – subversion: multiple heap overflow issues
https://notcve.org/view.php?id=CVE-2009-2411
07 Aug 2009 — Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412. Múltiples desbordamientos de entero en la biblioteca libsvn_delta en Subversion anterior a v1.5.7 y v1.6.x anterior a v1.6.4, permite a los usuarios remotos autenticados y a los servidores Subversio... • http://archives.neohapsis.com/archives/bugtraq/2009-08/0056.html • CWE-189: Numeric Errors •