rpm package
opensuse/subversion&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/subversion&distro=openSUSE%20Tumbleweed
Vulnerabilities (44)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2010-4539 | — | < 1.9.5-1.1 | 1.9.5-1.1 | Jan 7, 2011 | The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of | ||
| CVE-2010-3315 | — | < 1.9.5-1.1 | 1.9.5-1.1 | Oct 4, 2010 | authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated | ||
| CVE-2009-2411 | — | < 1.9.5-1.1 | 1.9.5-1.1 | Aug 7, 2009 | Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, | ||
| CVE-2007-2448 | — | < 1.14.1-1.11 | 1.14.1-1.11 | Jun 14, 2007 | Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist |
- CVE-2010-4539Jan 7, 2011affected < 1.9.5-1.1fixed 1.9.5-1.1
The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of
- CVE-2010-3315Oct 4, 2010affected < 1.9.5-1.1fixed 1.9.5-1.1
authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated
- CVE-2009-2411Aug 7, 2009affected < 1.9.5-1.1fixed 1.9.5-1.1
Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow,
- CVE-2007-2448Jun 14, 2007affected < 1.14.1-1.11fixed 1.14.1-1.11
Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist
Page 3 of 3