VulnerableCode Package Details - pkg:ebuild/net-libs/serf@1.3.7

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1edm-5vwv-jygt	The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.	CVE-2014-3504
VCID-3jv4-38f5-nkf5	Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.	CVE-2014-3528
VCID-6h35-rv8q-nbcm	The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.	CVE-2015-3187
VCID-911j-4sf9-1ue5	The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.	CVE-2016-2167
VCID-9hdz-4dqf-37bw	The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the "svn ls http://svn.example.com" command.	CVE-2014-0032
VCID-byfb-b8p8-6kaz	Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read.	CVE-2015-5259
VCID-cpt9-yf1w-rqep	The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.	CVE-2015-0248
VCID-k4r3-qnjx-93fu	The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes.	CVE-2015-0202
VCID-qdbd-71zg-2bdy	The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.	CVE-2015-0251
VCID-qsfe-f1es-1bef	The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.	CVE-2014-3522
VCID-utyp-k276-abhz	mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name.	CVE-2015-3184
VCID-x6q8-pssz-ekcw	The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.	CVE-2016-2168

Vulnerability

Summary

Aliases

VCID-1edm-5vwv-jygt

The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

CVE-2014-3504

VCID-3jv4-38f5-nkf5

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.

CVE-2014-3528

VCID-6h35-rv8q-nbcm

The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.

CVE-2015-3187

VCID-911j-4sf9-1ue5

The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.

CVE-2016-2167

VCID-9hdz-4dqf-37bw

The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the "svn ls http://svn.example.com" command.

CVE-2014-0032

VCID-byfb-b8p8-6kaz

Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read.

CVE-2015-5259

VCID-cpt9-yf1w-rqep

The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.

CVE-2015-0248

VCID-k4r3-qnjx-93fu

The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes.

CVE-2015-0202

VCID-qdbd-71zg-2bdy

The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.

CVE-2015-0251

VCID-qsfe-f1es-1bef

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

CVE-2014-3522

VCID-utyp-k276-abhz

mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name.

CVE-2015-3184

VCID-x6q8-pssz-ekcw

The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.

CVE-2016-2168

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T19:05:53.895935+00:00	Gentoo Importer	Fixing	VCID-x6q8-pssz-ekcw	https://security.gentoo.org/glsa/201610-05	38.6.0
2026-06-04T19:05:53.858518+00:00	Gentoo Importer	Fixing	VCID-911j-4sf9-1ue5	https://security.gentoo.org/glsa/201610-05	38.6.0
2026-06-04T19:05:53.823052+00:00	Gentoo Importer	Fixing	VCID-byfb-b8p8-6kaz	https://security.gentoo.org/glsa/201610-05	38.6.0
2026-06-04T19:05:53.788634+00:00	Gentoo Importer	Fixing	VCID-6h35-rv8q-nbcm	https://security.gentoo.org/glsa/201610-05	38.6.0
2026-06-04T19:05:53.752811+00:00	Gentoo Importer	Fixing	VCID-utyp-k276-abhz	https://security.gentoo.org/glsa/201610-05	38.6.0
2026-06-04T19:05:53.718862+00:00	Gentoo Importer	Fixing	VCID-qdbd-71zg-2bdy	https://security.gentoo.org/glsa/201610-05	38.6.0
2026-06-04T19:05:53.681993+00:00	Gentoo Importer	Fixing	VCID-cpt9-yf1w-rqep	https://security.gentoo.org/glsa/201610-05	38.6.0
2026-06-04T19:05:53.645943+00:00	Gentoo Importer	Fixing	VCID-k4r3-qnjx-93fu	https://security.gentoo.org/glsa/201610-05	38.6.0
2026-06-04T19:05:53.609947+00:00	Gentoo Importer	Fixing	VCID-3jv4-38f5-nkf5	https://security.gentoo.org/glsa/201610-05	38.6.0
2026-06-04T19:05:53.574114+00:00	Gentoo Importer	Fixing	VCID-qsfe-f1es-1bef	https://security.gentoo.org/glsa/201610-05	38.6.0
2026-06-04T19:05:53.539054+00:00	Gentoo Importer	Fixing	VCID-1edm-5vwv-jygt	https://security.gentoo.org/glsa/201610-05	38.6.0
2026-06-04T19:05:53.503452+00:00	Gentoo Importer	Fixing	VCID-9hdz-4dqf-37bw	https://security.gentoo.org/glsa/201610-05	38.6.0