FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
06a5abd4-6bc2-11eb-b292-90e2baa3bafcmod_dav_svn -- server crash

Subversion project reports:

Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL.


Discovery 2021-01-29
Entry 2021-02-10
mod_dav_svn
ge 1.9.0 le 1.10.6

ge 1.11.0 le 1.14.0

https://subversion.apache.org/security/CVE-2020-17525-advisory.txt
4af3241d-1f0c-11e9-b4bd-d43d7eed0ce2www/mod_dav_svn -- Malicious SVN clients can crash mod_dav_svn.

Subversion project reports:

Malicious SVN clients can trigger a crash in mod_dav_svn by omitting the root path from a recursive directory listing request.


Discovery 2019-01-23
Entry 2019-01-23
mod_dav_svn
ge 1.10.0 lt 1.10.3

eq 1.11.0

http://subversion.apache.org/security/CVE-2018-11803-advisory.txt
8e887b71-d769-11e4-b1c2-20cf30e32f6dsubversion -- DoS vulnerabilities

Subversion Project reports:

Subversion HTTP servers with FSFS repositories are vulnerable to a remotely triggerable excessive memory use with certain REPORT requests.

Subversion mod_dav_svn and svnserve are vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers.

Subversion HTTP servers allow spoofing svn:author property values for new revisions.


Discovery 2015-03-31
Entry 2015-03-31
mod_dav_svn
ge 1.5.0 lt 1.7.20

ge 1.8.0 lt 1.8.13

subversion16
ge 1.0.0 lt 1.7.20

subversion17
ge 1.0.0 lt 1.7.20

subversion
ge 1.0.0 lt 1.7.20

ge 1.8.0 lt 1.8.13

http://subversion.apache.org/security/
CVE-2015-0202
CVE-2015-0248
CVE-2015-0251
http://subversion.apache.org/security/CVE-2015-0202-advisory.txt
http://subversion.apache.org/security/CVE-2015-0248-advisory.txt
http://subversion.apache.org/security/CVE-2015-0251-advisory.txt
daadef86-a366-11e5-8b40-20cf30e32f6dsubversion -- multiple vulnerabilities

Subversion Project reports:

Remotely triggerable heap overflow and out-of-bounds read caused by integer overflow in the svn:// protocol parser.

Remotely triggerable heap overflow and out-of-bounds read in mod_dav_svn caused by integer overflow when parsing skel-encoded request bodies.


Discovery 2015-11-14
Entry 2015-12-15
subversion17
ge 1.7.0 lt 1.7.22_1

subversion18
ge 1.8.0 lt 1.8.15

subversion
ge 1.9.0 lt 1.9.3

mod_dav_svn
ge 1.7.0 lt 1.7.22_1

ge 1.8.0 lt 1.8.15

ge 1.9.0 lt 1.9.3

CVE-2015-5343
http://subversion.apache.org/security/CVE-2015-5343-advisory.txt
CVE-2015-5259
http://subversion.apache.org/security/CVE-2015-5259-advisory.txt
f5561ade-846c-11e4-b7a7-20cf30e32f6dsubversion -- DoS vulnerabilities

Subversion Project reports:

Subversion's mod_dav_svn Apache HTTPD server module will crash when it receives a REPORT request for some invalid formatted special URIs.

Subversion's mod_dav_svn Apache HTTPD server module will crash when it receives a request for some invalid formatted special URIs.

We consider this to be a medium risk vulnerability. Repositories which allow for anonymous reads will be vulnerable without authentication. Unfortunately, no special configuration is required and all mod_dav_svn servers are vulnerable.


Discovery 2014-12-13
Entry 2014-12-15
mod_dav_svn
ge 1.8.0 lt 1.8.11

subversion16
ge 1.0.0 lt 1.7.19

subversion17
ge 1.0.0 lt 1.7.19

subversion
ge 1.0.0 lt 1.7.19

ge 1.8.0 lt 1.8.11

CVE-2014-3580
CVE-2014-8108
http://subversion.apache.org/security/CVE-2014-3580-advisory.txt
http://subversion.apache.org/security/CVE-2014-8108-advisory.txt