CVSS: 3.1EPSS: 4%CPEs: 1EXPL: 1CVE-2024-46901 – Apache Subversion: mod_dav_svn denial-of-service via control characters in paths
https://notcve.org/view.php?id=CVE-2024-46901
09 Dec 2024 — Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue. Repositories served via other access methods are not affected. • https://github.com/devhaozi/CVE-2024-46901 • CWE-20: Improper Input Validation CWE-116: Improper Encoding or Escaping of Output •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45720 – Apache Subversion: Command line argument injection on Windows platforms
https://notcve.org/view.php?id=CVE-2024-45720
09 Oct 2024 — On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line argument string is processed. All versions of Subversion up to and including Subversion 1.14.3 are affected on Windows platforms only. Users are recommended to upgrade to version Subversion 1.14.4, which fixes th... • https://subversion.apache.org/security/CVE-2024-45720-advisory.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-24070 – Apache Subversion mod_dav_svn is vulnerable to memory corruption
https://notcve.org/view.php?id=CVE-2022-24070
12 Apr 2022 — Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not use mod_dav_svn are not affected. La función mod_dav_svn de Subversion es vulnerable a una corrupción de memoria. • http://seclists.org/fulldisclosure/2022/Jul/18 • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 1CVE-2021-28544 – Apache Subversion SVN authz protected copyfrom paths regression
https://notcve.org/view.php?id=CVE-2021-28544
12 Apr 2022 — Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. • http://seclists.org/fulldisclosure/2022/Jul/18 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 11%CPEs: 3EXPL: 1CVE-2020-17525 – Remote unauthenticated denial-of-service in Subversion mod_authz_svn
https://notcve.org/view.php?id=CVE-2020-17525
15 Feb 2021 — Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7 El módulo mod_authz_svn de Subversion se bloqueará si el servidor está usando reglas de autenticación en el repositorio con la opción AuthzSVN... • https://lists.debian.org/debian-lts-announce/2021/05/msg00000.html • CWE-416: Use After Free CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-11782 – subversion: remotely triggerable DoS vulnerability in svnserve 'get-deleted-rev'
https://notcve.org/view.php?id=CVE-2018-11782
31 Jul 2019 — In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server. En Apache Subversion versiones hasta 1.9.10, 1.10.4, 1.12.0 incluyéndolas, el proceso del servidor svnserve de Subversion puede cerrarse cuando una petición de solo lectura bien formada produce una respuesta en particular. Esto puede conllevar a interrupciones para usuari... • http://subversion.apache.org/security/CVE-2018-11782-advisory.txt • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 0CVE-2019-0203 – subversion: NULL pointer dereference in svnserve leading to an unauthenticated remote DoS
https://notcve.org/view.php?id=CVE-2019-0203
31 Jul 2019 — In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server. En Apache Subversion versiones hasta 1.9.10, 1.10.4, 1.12.0 incluyéndolas, el proceso del servidor svnserve de Subversion puede cerrarse cuando un cliente envía determinadas secuencias de comandos de protocolo. Esto puede conllevar a interrupciones para los usuarios del servidor... • http://subversion.apache.org/security/CVE-2019-0203-advisory.txt • CWE-476: NULL Pointer Dereference CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2018-11803 – Gentoo Linux Security Advisory 201904-08
https://notcve.org/view.php?id=CVE-2018-11803
24 Jan 2019 — Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation. El módulo Apache HTTPD "mod_dav_svn" de Subversion, en versiones 1.10.0 y desde la 1.10.3 hasta la 1.11.0, se cerrará de manera inesperada después de desreferenciar un puntero no inicializado si el cliente omite la ruta "root" en una operación de listado de un directorio recursivo. Ivan Zhakov d... • http://www.securityfocus.com/bid/106770 • CWE-824: Access of Uninitialized Pointer •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2013-4246
https://notcve.org/view.php?id=CVE-2013-4246
30 Oct 2017 — libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive information by editing packed revision properties. libsvn_fs_fs/fs_fs.c en Apache Subversion en versiones 1.8.x anteriores a la 1.8.2 podría permitir que usuarios autenticados remotos con acceso commit corrompan repositorios FSFS y provoquen una denegación de servicio u obtengan información sensible editando las ... • http://www.securityfocus.com/bid/101620 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 9%CPEs: 84EXPL: 0CVE-2016-8734 – Debian Security Advisory 3932-1
https://notcve.org/view.php?id=CVE-2016-8734
10 Aug 2017 — Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory. El módulo mod_dontdothat y los clientes HTTP en su versión 1.4.0 hasta la 1.8.16 y 1.9.0 hasta la 1.9.4 de Apache Subversion son vulnerables a un ataque de denegación de servicio (DoS) provocado por la expansión expon... • http://www.debian.org/security/2017/dsa-3932 • CWE-400: Uncontrolled Resource Consumption •