rpm package
suse/subversion&distro=SUSE Linux Enterprise Software Development Kit 12 SP1
pkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-2168 | Med | 6.5 | < 1.8.10-21.1 | 1.8.10-21.1 | May 5, 2016 | The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) CO | |
| CVE-2016-2167 | Med | 6.8 | < 1.8.10-21.1 | 1.8.10-21.1 | May 5, 2016 | The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an | |
| CVE-2015-5343 | Hig | 7.6 | < 1.8.10-18.2 | 1.8.10-18.2 | Apr 14, 2016 | Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded |
- affected < 1.8.10-21.1fixed 1.8.10-21.1
The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) CO
- affected < 1.8.10-21.1fixed 1.8.10-21.1
The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an
- affected < 1.8.10-18.2fixed 1.8.10-18.2
Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded