5 matches found
CVE-2014-3528
CVE-2014-3528 affects Apache Subversion: cached credentials are protected by an MD5 hash of the URL and authentication realm. Subversion 1.0.0–1.7.x (before 1.7.17) and 1.8.x (before 1.8.10) store credentials in this manner, which may allow a remote server to obtain credentials via a crafted auth...
CVE-2014-3580
CVE-2014-3580 affects the mod_dav_svn component of Apache Subversion (1.x) prior to 1.7.19 and 1.8.x prior to 1.8.11. A remote attacker can trigger a NULL pointer dereference via a REPORT request for a non-existent resource , causing a denial of service and server crash. Connected sources documen...
CVE-2014-3522
The CVE-2014-3522 vulnerability affects Subversion’s Serf RA layer, where wildcards in X.509 CN/subjectAltName are not properly validated, enabling MITM certificate spoofing. Affected: Subversion Serf-based TLS for versions 1.4.0–1.7.x before 1.7.18 and 1.8.x before 1.8.10. Impact: potential disc...
CVE-2014-8108
The CVE-2014-8108 issue affects the Apache Subversion mod_dav_svn module. According to connected docs, Subversion 1.7.x is vulnerable before 1.7.19 and 1.8.x is vulnerable before 1.8.11, where a remote attacker can trigger a NULL pointer dereference by requesting a URI that causes a lookup for a ...
CVE-2014-6394
The CVE-2014-6394 entry concerns visionmedia send before 0.8.4 for Node.js. The vulnerability arises from a partial directory-root verification, which can allow a remote attacker to escape the intended restricted directory and access files such as those under a public-restricted path (e.g., publi...