FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
06a5abd4-6bc2-11eb-b292-90e2baa3bafc	mod_dav_svn -- server crash Subversion project reports: Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. Discovery 2021-01-29 Entry 2021-02-10 mod_dav_svn ge 1.9.0 le 1.10.6 ge 1.11.0 le 1.14.0 https://subversion.apache.org/security/CVE-2020-17525-advisory.txt
3a1dc8c8-bb27-11ec-98d1-d43d7eed0ce2	Subversion -- Multiple vulnerabilities in server code Subversion project reports: Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a protected location, users with access to the copy can see the 'copyfrom' path of the original. This also reveals the fact that the node was copied. Only the 'copyfrom' path is revealed; not its contents. Both httpd and svnserve servers are vulnerable. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Discovery 2022-04-12 Entry 2022-04-13 subversion ge 1.10.0 lt 1.10.8 ge 1.11.0 lt 1.14.2 mod_dav_svn ge 1.10.0 lt 1.10.8 ge 1.11.0 lt 1.14.2 subversion-lts ge 1.10.0 lt 1.10.8 mod_dav_svn-lts ge 1.10.0 lt 1.10.8 CVE-2021-28544 CVE-2022-24070 https://subversion.apache.org/security/CVE-2021-28544-advisory.txt https://subversion.apache.org/security/CVE-2022-24070-advisory.txt
4af3241d-1f0c-11e9-b4bd-d43d7eed0ce2	www/mod_dav_svn -- Malicious SVN clients can crash mod_dav_svn. Subversion project reports: Malicious SVN clients can trigger a crash in mod_dav_svn by omitting the root path from a recursive directory listing request. Discovery 2019-01-23 Entry 2019-01-23 mod_dav_svn ge 1.10.0 lt 1.10.3 eq 1.11.0 http://subversion.apache.org/security/CVE-2018-11803-advisory.txt
8e887b71-d769-11e4-b1c2-20cf30e32f6d	subversion -- DoS vulnerabilities Subversion Project reports: Subversion HTTP servers with FSFS repositories are vulnerable to a remotely triggerable excessive memory use with certain REPORT requests. Subversion mod_dav_svn and svnserve are vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers. Subversion HTTP servers allow spoofing svn:author property values for new revisions. Discovery 2015-03-31 Entry 2015-03-31 mod_dav_svn ge 1.5.0 lt 1.7.20 ge 1.8.0 lt 1.8.13 subversion16 ge 1.0.0 lt 1.7.20 subversion17 ge 1.0.0 lt 1.7.20 subversion ge 1.0.0 lt 1.7.20 ge 1.8.0 lt 1.8.13 http://subversion.apache.org/security/ CVE-2015-0202 CVE-2015-0248 CVE-2015-0251 http://subversion.apache.org/security/CVE-2015-0202-advisory.txt http://subversion.apache.org/security/CVE-2015-0248-advisory.txt http://subversion.apache.org/security/CVE-2015-0251-advisory.txt
daadef86-a366-11e5-8b40-20cf30e32f6d	subversion -- multiple vulnerabilities Subversion Project reports: Remotely triggerable heap overflow and out-of-bounds read caused by integer overflow in the svn:// protocol parser. Remotely triggerable heap overflow and out-of-bounds read in mod_dav_svn caused by integer overflow when parsing skel-encoded request bodies. Discovery 2015-11-14 Entry 2015-12-15 subversion17 ge 1.7.0 lt 1.7.22_1 subversion18 ge 1.8.0 lt 1.8.15 subversion ge 1.9.0 lt 1.9.3 mod_dav_svn ge 1.7.0 lt 1.7.22_1 ge 1.8.0 lt 1.8.15 ge 1.9.0 lt 1.9.3 CVE-2015-5343 http://subversion.apache.org/security/CVE-2015-5343-advisory.txt CVE-2015-5259 http://subversion.apache.org/security/CVE-2015-5259-advisory.txt
f5561ade-846c-11e4-b7a7-20cf30e32f6d	subversion -- DoS vulnerabilities Subversion Project reports: Subversion's mod_dav_svn Apache HTTPD server module will crash when it receives a REPORT request for some invalid formatted special URIs. Subversion's mod_dav_svn Apache HTTPD server module will crash when it receives a request for some invalid formatted special URIs. We consider this to be a medium risk vulnerability. Repositories which allow for anonymous reads will be vulnerable without authentication. Unfortunately, no special configuration is required and all mod_dav_svn servers are vulnerable. Discovery 2014-12-13 Entry 2014-12-15 mod_dav_svn ge 1.8.0 lt 1.8.11 subversion16 ge 1.0.0 lt 1.7.19 subversion17 ge 1.0.0 lt 1.7.19 subversion ge 1.0.0 lt 1.7.19 ge 1.8.0 lt 1.8.11 CVE-2014-3580 CVE-2014-8108 http://subversion.apache.org/security/CVE-2014-3580-advisory.txt http://subversion.apache.org/security/CVE-2014-8108-advisory.txt