Total
46 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-3522 | 4 Apache, Apple, Canonical and 1 more | 4 Subversion, Xcode, Ubuntu Linux and 1 more | 2023-12-10 | 4.0 MEDIUM | N/A |
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. | |||||
CVE-2014-0032 | 1 Apache | 1 Subversion | 2023-12-10 | 4.3 MEDIUM | N/A |
The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the "svn ls http://svn.example.com" command. | |||||
CVE-2015-0202 | 2 Apache, Opensuse | 2 Subversion, Opensuse | 2023-12-10 | 7.8 HIGH | N/A |
The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes. | |||||
CVE-2014-3504 | 3 Apache, Canonical, Serf Project | 3 Subversion, Ubuntu Linux, Serf | 2023-12-10 | 4.0 MEDIUM | N/A |
The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | |||||
CVE-2013-4262 | 1 Apache | 1 Subversion | 2023-12-10 | 2.4 LOW | N/A |
svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-2013-7393. | |||||
CVE-2015-0251 | 5 Apache, Apple, Opensuse and 2 more | 9 Subversion, Xcode, Opensuse and 6 more | 2023-12-10 | 4.0 MEDIUM | N/A |
The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences. | |||||
CVE-2014-8108 | 3 Apache, Apple, Redhat | 6 Subversion, Xcode, Enterprise Linux Desktop and 3 more | 2023-12-10 | 5.0 MEDIUM | N/A |
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist. | |||||
CVE-2013-1845 | 2 Apache, Opensuse | 2 Subversion, Opensuse | 2023-12-10 | 2.1 LOW | N/A |
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory. | |||||
CVE-2013-4505 | 1 Apache | 2 Mod Dontdothat, Subversion | 2023-12-10 | 2.6 LOW | N/A |
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request. | |||||
CVE-2013-2088 | 3 Apache, Collabnet, Opensuse | 3 Subversion, Subversion, Opensuse | 2023-12-10 | 7.1 HIGH | N/A |
contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename. | |||||
CVE-2013-1968 | 4 Apache, Canonical, Collabnet and 1 more | 4 Subversion, Ubuntu Linux, Subversion and 1 more | 2023-12-10 | 5.5 MEDIUM | N/A |
Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name. | |||||
CVE-2013-1846 | 2 Apache, Opensuse | 2 Subversion, Opensuse | 2023-12-10 | 4.0 MEDIUM | N/A |
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL. | |||||
CVE-2013-4277 | 1 Apache | 1 Subversion | 2023-12-10 | 3.3 LOW | N/A |
Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option. | |||||
CVE-2013-1849 | 1 Apache | 1 Subversion | 2023-12-10 | 4.3 MEDIUM | N/A |
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL. | |||||
CVE-2013-1884 | 1 Apache | 1 Subversion | 2023-12-10 | 5.0 MEDIUM | N/A |
The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable. | |||||
CVE-2013-4131 | 1 Apache | 1 Subversion | 2023-12-10 | 4.0 MEDIUM | N/A |
The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root. | |||||
CVE-2013-1847 | 1 Apache | 1 Subversion | 2023-12-10 | 5.0 MEDIUM | N/A |
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist. | |||||
CVE-2013-2112 | 4 Apache, Canonical, Collabnet and 1 more | 4 Subversion, Ubuntu Linux, Subversion and 1 more | 2023-12-10 | 7.8 HIGH | N/A |
The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection. | |||||
CVE-2010-4644 | 1 Apache | 1 Subversion | 2023-12-10 | 3.5 LOW | N/A |
Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command. | |||||
CVE-2011-1752 | 5 Apache, Apple, Canonical and 2 more | 5 Subversion, Mac Os X, Ubuntu Linux and 2 more | 2023-12-10 | 5.0 MEDIUM | N/A |
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011. |