Page 5 of 35 results (0.005 seconds)

CVSS: 4.3EPSS: 10%CPEs: 21EXPL: 0

CVE-2014-0032 – subversion: mod_dav_svn crash when handling certain requests with SVNListParentPath on

https://notcve.org/view.php?id=CVE-2014-0032

The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the "svn ls http://svn.example.com" command. la función get_resource en repos.c en el módulo mod_dav_svn en Apache Subversion anterior a 1.7.15 y 1.8.x anterior a 1.8.6, cuando SVNListParentPath está habilitado, permite a atacantes remotos causar una denegación de servicio (caída) a través de vectores relacionados con la raíz del servidor y solicitudes diferentes a GET, tal como se ha demostrado con el comando "svn ls http://svn.example.com". • http://lists.opensuse.org/opensuse-updates/2014-02/msg00086.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00011.html http://mail-archives.apache.org/mod_mbox/subversion-dev/201401.mbox/%3C52D328AB.8090502%40reser.org%3E http://mail-archives.apache.org/mod_mbox/subversion-dev/201401.mbox/%3C871u0gqb0d.fsf%40ntlworld.com%3E http://mail-archives.apache.org/mod_mbox/subversion-dev/201401.mbox/%3CCANvU9scLHr2yOLABW8q6_wNzhEf7pWM=NiavGcobqvUuyhKyAA%40mail.gmail.com%3E http://rhn.redhat.com/errata/ • CWE-20: Improper Input Validation •

CVSS: 2.6EPSS: 0%CPEs: 54EXPL: 0

CVE-2013-4505

https://notcve.org/view.php?id=CVE-2013-4505

The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request. La función is_this_legal en mod_dontdothat para Apache Subversion 1.4.0 a 1.7.13 y 1.8.0 a 1.8.4 permite a atacantes remotos sortear restricciones de acceso intencionadas y posiblemente causar denegación de servicio (consumo de recursos) a través de URL relativas en una petición REPORT. • http://lists.opensuse.org/opensuse-updates/2013-12/msg00029.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00048.html http://osvdb.org/100364 http://secunia.com/advisories/55855 http://subversion.apache.org/security/CVE-2013-4505-advisory.txt • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 3.3EPSS: 0%CPEs: 54EXPL: 0

CVE-2013-4277

https://notcve.org/view.php?id=CVE-2013-4277

Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option. Svnserve en Apache Subversion 1.4.0 a 1.7.12 y 1.8.0 a 1.8.1 permite a usuarios locales sobrescribir archivos arbirtrarios o matar procesos arbitrarios a través de un ataque de enlaces simbólicos sobre el fichero especificado por la opción --pid-file. • http://lists.opensuse.org/opensuse-updates/2013-09/msg00031.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00054.html http://subversion.apache.org/security/CVE-2013-4277-advisory.txt http://www.securityfocus.com/bid/62266 https://exchange.xforce.ibmcloud.com/vulnerabilities/86972 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18554 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.1EPSS: 1%CPEs: 24EXPL: 1

CVE-2013-2088 – Subversion 1.6.6/1.6.12 - Code Execution

https://notcve.org/view.php?id=CVE-2013-2088

contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename. contrib/hook-scripts/svn-keyword-check.pl en Subversion anterior a 1.6.23, permite a usuarios autenticados remotamente con permisos de "commit" la ejecución de comandos arbitrarios a través de metacaracteres shell en un nombre de archivo. Subversion versions 1.6.6 and 1.6.12 suffers from a code execution vulnerability. • https://www.exploit-db.com/exploits/40507 http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18772 https://subversion.apache.org/security/ • CWE-20: Improper Input Validation •

CVSS: 5.5EPSS: 0%CPEs: 37EXPL: 0

CVE-2013-1968 – format): Filenames with newline character can lead to revision corruption

https://notcve.org/view.php?id=CVE-2013-1968

Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name. Subversion anterior a 1.6.23 y 1.7.x anterior a 1.7.10, permite a usuarios autenticados remotamente provocar una denegación de servicio (corrupción del repositorio FSF) a través de un carácter de nueva línea en un nombre de archivo. • http://lists.opensuse.org/opensuse-updates/2013-07/msg00015.html http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3E http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3E http://rhn.redhat.com/errata/RHSA-2014-0255.html http://www.debian.org/security/2013/dsa-2703 http://www.ubuntu.com/usn/USN-1893-1 https://oval.cisecurity • CWE-138: Improper Neutralization of Special Elements •