VYPR

rpm package

suse/subversion&distro=SUSE Linux Enterprise Software Development Kit 11 SP4

pkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4

Vulnerabilities (5)

  • CVE-2016-8734MedOct 16, 2017
    affected < 1.6.17-1.36.9.1fixed 1.6.17-1.36.9.1

    Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resour

  • CVE-2017-9800CriAug 11, 2017
    affected < 1.6.17-1.36.9.1fixed 1.6.17-1.36.9.1

    A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server

  • CVE-2016-2168MedMay 5, 2016
    affected < 1.6.17-1.35.1fixed 1.6.17-1.35.1

    The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) CO

  • CVE-2016-2167MedMay 5, 2016
    affected < 1.6.17-1.35.1fixed 1.6.17-1.35.1

    The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an

  • CVE-2015-3187Aug 12, 2015
    affected < 1.6.17-1.35.1fixed 1.6.17-1.35.1

    The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden