rpm package
suse/subversion&distro=SUSE Linux Enterprise Software Development Kit 12 SP5
pkg:rpm/suse/subversion&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-24070 | — | < 1.10.6-3.6.1 | 1.10.6-3.6.1 | Apr 12, 2022 | Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not | ||
| CVE-2021-28544 | — | < 1.10.6-3.6.1 | 1.10.6-3.6.1 | Apr 12, 2022 | Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy ca | ||
| CVE-2020-17525 | — | < 1.10.6-3.3.1 | 1.10.6-3.3.1 | Mar 17, 2021 | Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed |
- CVE-2022-24070Apr 12, 2022affected < 1.10.6-3.6.1fixed 1.10.6-3.6.1
Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive). Servers that do not
- CVE-2021-28544Apr 12, 2022affected < 1.10.6-3.6.1fixed 1.10.6-3.6.1
Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy ca
- CVE-2020-17525Mar 17, 2021affected < 1.10.6-3.3.1fixed 1.10.6-3.3.1
Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed