48 matches found
SUSE CVE-2026-29169
A NULL pointer dereference in moddavlock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.moddavlock is not used internally by moddav or moddavfs. The only known use-case for moddavlock was moddavsvn from Apache Subversion earlier than...
MiracleLinux 8 : subversion:1.10 (AXSA:2022-3786:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3786:01 advisory. subversion: Subversion's moddavsvn is vulnerable to memory corruption CVE-2022-24070 Tenable has extracted the preceding description block directly from the...
CLSA-2025-1756489732 subversion: Fix of CVE-2024-46901
CVE-2024-46901: fix moddavsvn denial-of-service via control characters in paths...
CLSA-2025-1756409018 subversion: Fix of CVE-2024-46901
CVE-2024-46901: fix moddavsvn denial-of-service via control characters in paths...
CLSA-2025-1755074254 subversion: Fix of CVE-2024-46901
CVE-2024-46901: fix moddavsvn denial-of-service via control characters in paths...
The vulnerability of the mod_dav_svn function in Apache Subversion software allows a hacker to induce a service failure.
The vulnerability of the moddavsvn function in Apache Subversion relates to a lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability could allow an attacker to cause service failures remotely...
CVE-2024-46901
A flaw was found in Apache Subversion when serving repositories via moddavsvn. This issue may allow authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository via insufficient validation of filenames against control characters...
OESA-2024-2538 subversion security update
Subversion exists to be universally recognized and adopted as an open-source, centralized version control system characterized by its reliability as a safe haven for valuable data; the simplicity of its model and usage; and its ability to support the needs of a wide variety of users and projects,...
CVE-2024-46901
Insufficient validation of filenames against control characters in Apache Subversion repositories served via moddavsvn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including...
PT-2024-32272 · Apache +4 · Apache Subversion +4
Name of the Vulnerable Software and Affected Versions: Apache Subversion versions prior to 1.14.5 Description: Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod dav svn allows authenticated users with commit access to commit a corrupt...
SUSE CVE-2011-0715
The moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a request that contains a lock token...
SUSE CVE-2011-1921
The moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz shortcircuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to...
SUSE CVE-2013-1846
The moddavsvn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service NULL pointer dereference and crash via a LOCK on an activity URL...
SUSE CVE-2013-1847
The moddavsvn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service NULL pointer dereference and crash via an anonymous LOCK for a URL that does not exist...
SUSE CVE-2013-4558
The getparentresource function in repos.c in moddavsvn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service assertion failure and Apache...
SUSE CVE-2014-8108
The moddavsvn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a request for a URI that triggers a lookup for a virtual transaction name that does not exist...
SUSE CVE-2016-6312
The moddontdothat component of the moddavsvn Apache module in Subversion as packaged in Red Hat Enterprise Linux 5.11 does not properly detect recursion during entity expansion, which allows remote authenticated users with access to the webdav repository to cause a denial of service memory...
SUSE CVE-2018-11803
Subversion's moddavsvn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation...
subversion: Subversion's mod_dav_svn is vulnerable to memory corruption
A use-after-free vulnerability was found in Subversion in the moddavsvn Apache HTTP server HTTPd module. While looking up path-based authorization authz rules, multiple calls to the postconfig hook can invalidate cached pointers to object-pools, which Subversion subsequently uses. This issue...
subversion: Subversion's mod_dav_svn is vulnerable to memory corruption
A use-after-free vulnerability was found in Subversion in the moddavsvn Apache HTTP server HTTPd module. While looking up path-based authorization authz rules, multiple calls to the postconfig hook can invalidate cached pointers to object-pools, which Subversion subsequently uses. This issue...