94 matches found
CVE-2013-2088
contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename...
CVE-2013-1968
Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service FSFS repository corruption via a newline character in a file name...
CVE-2013-1845
The moddavsvn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service memory consumption by 1 setting or 2 deleting a large number of properties for a file or directory...
CVE-2013-1849
The moddavsvn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service NULL pointer dereference and crash via a PROPFIND request for an activity URL...
(mod_dav_svn): DoS (crash) via LOCK requests against an activity URL
The moddavsvn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service NULL pointer dereference and crash via a LOCK on an activity URL...
Ubuntu Update for subversion vulnerability USN-1096-1
Ubuntu Update for Linux kernel vulnerabilities USN-1096-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN10961.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for subversion vulnerability USN-1096-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH,...
Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : subversion vulnerability (USN-1096-1)
Philip Martin discovered that the Subversion moddavsvn module for Apache did not properly handle certain requests containing a lock token. A remote attacker could use this flaw to cause the service to crash, leading to a denial of service. Note that Tenable Network Security has extracted the...
DEBIAN-CVE-2011-0715
The moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a request that contains a lock token...
CVE-2010-3315
authz.c in the moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz shortcircuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass...
CVE-2004-1438
The modauthzsvn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command...
CVE-2004-0749
The modauthzsvn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via 1 svn log -v, 2 svn propget, or 3 svn blame, and other commands that follow renames...
CVE-2004-0749
The modauthzsvn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via 1 svn log -v, 2 svn propget, or 3 svn blame, and other commands that follow renames...
GLSA-200409-35 : Subversion: Metadata information leak
The remote host is affected by the vulnerability described in GLSA-200409-35 Subversion: Metadata information leak There is a bug in modauthzsvn that causes it to reveal logged metadata regarding commits to protected areas. Impact : Protected files themselves will not be revealed, but an attacker...
Subversion (SVN) Unreadable Path Metadata Information Disclosure (deprecated)
Binary data 2315.prm...
GLSA-200406-07 : Subversion: Remote heap overflow
The remote host is affected by the vulnerability described in GLSA-200406-07 Subversion: Remote heap overflow The svn protocol parser trusts the indicated length of a URI string sent by a client. This allows a client to specify a very long string, thereby causing svnserve to allocate enough memor...
GLSA-200405-14 : Buffer overflow in Subversion
The remote host is affected by the vulnerability described in GLSA-200405-14 Buffer overflow in Subversion All releases of Subversion prior to 1.0.3 have a vulnerability in the date-parsing code. This vulnerability may allow denial of service or arbitrary code execution as the Subversion user. Bo...
Subversion (SVN) < 1.0.6 Module File Restriction Bypass (deprecated)
Binary data 1964.prm...
Subversion (SVN) < 1.0.3 Remote Buffer Overflow (deprecated)
Binary data 2117.prm...
CVE-2004-0413
libsvnrasvn in Subversion 1.0.4 trusts the length field of 1 svn://, 2 svn+ssh://, and 3 other svn protocol URL strings, which allows remote attackers to cause a denial of service memory consumption and possibly execute arbitrary code via an integer overflow that leads to a heap-based buffer...
Subversion: Vulnerability in mod_authz_svn
Background Subversion is an advanced version control system, similar to CVS, which supports additional functionality such as the ability to move, copy and delete files and directories. A Subversion server may be run as an Apache module, a standalone server svnserve, or on-demand over ssh a la CVS...