Skip to main content

Subversion

41 CVEs product

Monthly

CVE-2022-29048 Maven MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Subversion macOS
NVD
CVSS 3.1
4.3
EPSS
1.8%
CVE-2022-29046 Maven MEDIUM PATCH This Month

Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Subversion macOS
NVD
CVSS 3.1
5.4
EPSS
2.4%
CVE-2022-24070 HIGH This Week

Subversion's mod_dav_svn is vulnerable to memory corruption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Buffer Overflow Subversion Debian Linux +2
NVD
CVSS 3.1
7.5
EPSS
9.3%
CVE-2021-21698 Maven HIGH PATCH This Week

Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Path Traversal Subversion
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2020-2304 Maven MEDIUM PATCH This Month

Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Jenkins Subversion
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2020-2111 Maven MEDIUM PATCH This Month

Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Subversion
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2019-0203 HIGH PATCH This Week

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Apache Subversion
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2018-1000111 Maven MEDIUM PATCH This Month

An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Jenkins Subversion
NVD
CVSS 3.0
5.3
EPSS
0.9%
CVE-2013-4246 HIGH PATCH This Week

libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Authentication Bypass Apache Subversion
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2016-8734 MEDIUM This Month

Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 12.9% and no vendor patch available.

Denial Of Service Apache Subversion Debian Linux
NVD
CVSS 3.0
6.5
EPSS
12.9%
CVE-2017-1000085 Maven MEDIUM PATCH This Month

Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Jenkins Subversion
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-9800 CRITICAL Emergency

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 59.1% and no vendor patch available.

Information Disclosure Subversion
NVD
CVSS 3.0
9.8
EPSS
59.1%
CVE-2016-2168 MEDIUM This Month

The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apache Subversion
NVD
CVSS 3.0
6.5
EPSS
7.4%
CVE-2016-2167 MEDIUM This Month

The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Apache Authentication Bypass Subversion
NVD
CVSS 3.0
6.8
EPSS
1.0%
CVE-2015-5343 HIGH Act Now

Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 19.1% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Apache Subversion +1
NVD
CVSS 3.0
7.6
EPSS
19.1%
CVE-2015-5259 HIGH Act Now

Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 34.3% and no vendor patch available.

RCE Buffer Overflow Apache Subversion
NVD
CVSS 3.0
8.6
EPSS
34.3%
CVE-2015-3187 MEDIUM This Month

The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Subversion Xcode
NVD
CVSS 2.0
4.0
EPSS
0.9%
CVE-2015-3184 MEDIUM This Month

mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.0% and no vendor patch available.

Information Disclosure Apache Xcode Subversion
NVD
CVSS 2.0
5.0
EPSS
17.0%
CVE-2015-0251 MEDIUM This Month

The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Subversion Opensuse Enterprise Linux Desktop Enterprise Linux Hpc Node +5
NVD
CVSS 2.0
4.0
EPSS
1.1%
CVE-2015-0248 MEDIUM This Month

The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.8% and no vendor patch available.

Denial Of Service Subversion Opensuse Xcode Enterprise Linux Desktop +5
NVD
CVSS 2.0
5.0
EPSS
15.8%
CVE-2015-0202 HIGH This Week

The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Subversion Opensuse
NVD
CVSS 2.0
7.8
EPSS
2.1%
CVE-2014-8108 MEDIUM PATCH This Month

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Apache Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server +3
NVD
CVSS 2.0
5.0
EPSS
5.0%
CVE-2014-3580 MEDIUM PATCH This Month

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.7%.

Denial Of Service Apache Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server +5
NVD
CVSS 2.0
5.0
EPSS
13.7%
CVE-2014-3528 MEDIUM This Month

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Apache Authentication Bypass Opensuse Subversion Ubuntu Linux +6
NVD
CVSS 2.0
4.0
EPSS
3.4%
CVE-2014-3522 MEDIUM PATCH This Month

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable.

Information Disclosure Apache Subversion Opensuse Ubuntu Linux +1
NVD
CVSS 2.0
4.0
EPSS
2.6%
CVE-2014-3504 MEDIUM This Month

The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Subversion Ubuntu Linux Serf
NVD
CVSS 2.0
4.0
EPSS
2.1%
CVE-2013-7393 LOW Monitor

The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the. Rated low severity (CVSS 2.4). No vendor patch available.

Information Disclosure Subversion
NVD
CVSS 2.0
2.4
EPSS
0.2%
CVE-2013-4262 LOW Monitor

svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. Rated low severity (CVSS 2.4). No vendor patch available.

Information Disclosure Subversion
NVD
CVSS 2.0
2.4
EPSS
0.3%
CVE-2014-0032 MEDIUM PATCH This Month

The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 27.1%.

Denial Of Service Apache Subversion
NVD
CVSS 2.0
4.3
EPSS
27.1%
CVE-2013-4558 LOW PATCH Monitor

The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Denial Of Service Apache Canonical Mod Dav Svn Subversion
NVD GitHub
CVSS 2.0
3.5
EPSS
1.8%
CVE-2013-4505 LOW PATCH Monitor

The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

Privilege Escalation Denial Of Service Apache Mod Dontdothat Subversion
NVD
CVSS 2.0
2.6
EPSS
1.6%
CVE-2013-4277 LOW Monitor

Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by. Rated low severity (CVSS 3.3). No vendor patch available.

Privilege Escalation Apache Subversion
NVD
CVSS 2.0
3.3
EPSS
0.2%
CVE-2013-4131 MEDIUM This Month

The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Apache Subversion
NVD
CVSS 2.0
4.0
EPSS
0.7%
CVE-2013-2112 HIGH This Week

The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Subversion Ubuntu Linux Opensuse
NVD
CVSS 2.0
7.8
EPSS
3.7%
CVE-2013-2088 HIGH POC This Week

contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Subversion Opensuse
NVD Exploit-DB
CVSS 2.0
7.1
EPSS
6.5%
CVE-2013-1968 MEDIUM This Month

Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Subversion Ubuntu Linux Opensuse
NVD
CVSS 2.0
5.5
EPSS
1.2%
CVE-2013-1884 MEDIUM POC THREAT This Month

The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 31.6%.

Buffer Overflow Denial Of Service Apache Subversion
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
31.6%
CVE-2013-1849 MEDIUM This Month

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 15.3% and no vendor patch available.

Denial Of Service Apache Subversion
NVD
CVSS 2.0
4.3
EPSS
15.3%
CVE-2013-1847 MEDIUM POC THREAT This Month

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 44.3%.

Denial Of Service Apache Subversion
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
44.3%
CVE-2013-1846 MEDIUM This Month

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Apache Subversion Opensuse
NVD
CVSS 2.0
4.0
EPSS
1.9%
CVE-2013-1845 LOW Monitor

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apache Subversion Opensuse
NVD
CVSS 2.0
2.1
EPSS
1.8%
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Subversion +1
NVD
EPSS 2% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Subversion +1
NVD
EPSS 9% CVSS 7.5
HIGH This Week

Subversion's mod_dav_svn is vulnerable to memory corruption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Buffer Overflow +4
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Path Traversal Subversion
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Jenkins Subversion
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Subversion
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Apache +1
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Jenkins +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Authentication Bypass Apache +1
NVD
EPSS 13% CVSS 6.5
MEDIUM This Month

Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 12.9% and no vendor patch available.

Denial Of Service Apache Subversion +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Jenkins Subversion
NVD
EPSS 59% CVSS 9.8
CRITICAL Emergency

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 59.1% and no vendor patch available.

Information Disclosure Subversion
NVD
EPSS 7% CVSS 6.5
MEDIUM This Month

The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apache Subversion
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Apache Authentication Bypass Subversion
NVD
EPSS 19% CVSS 7.6
HIGH Act Now

Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 19.1% and no vendor patch available.

Denial Of Service RCE Buffer Overflow +3
NVD
EPSS 34% CVSS 8.6
HIGH Act Now

Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 34.3% and no vendor patch available.

RCE Buffer Overflow Apache +1
NVD
EPSS 1% CVSS 4.0
MEDIUM This Month

The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Subversion +1
NVD
EPSS 17% CVSS 5.0
MEDIUM This Month

mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.0% and no vendor patch available.

Information Disclosure Apache Xcode +1
NVD
EPSS 1% CVSS 4.0
MEDIUM This Month

The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Subversion Opensuse +7
NVD
EPSS 16% CVSS 5.0
MEDIUM This Month

The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.8% and no vendor patch available.

Denial Of Service Subversion Opensuse +7
NVD
EPSS 2% CVSS 7.8
HIGH This Week

The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Subversion Opensuse
NVD
EPSS 5% CVSS 5.0
MEDIUM PATCH This Month

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Apache Enterprise Linux Desktop +5
NVD
EPSS 14% CVSS 5.0
MEDIUM PATCH This Month

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.7%.

Denial Of Service Apache Enterprise Linux Desktop +7
NVD
EPSS 3% CVSS 4.0
MEDIUM This Month

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Apache Authentication Bypass Opensuse +8
NVD
EPSS 3% CVSS 4.0
MEDIUM PATCH This Month

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable.

Information Disclosure Apache Subversion +3
NVD
EPSS 2% CVSS 4.0
MEDIUM This Month

The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Subversion Ubuntu Linux +1
NVD
EPSS 0% CVSS 2.4
LOW Monitor

The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the. Rated low severity (CVSS 2.4). No vendor patch available.

Information Disclosure Subversion
NVD
EPSS 0% CVSS 2.4
LOW Monitor

svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. Rated low severity (CVSS 2.4). No vendor patch available.

Information Disclosure Subversion
NVD
EPSS 27% CVSS 4.3
MEDIUM PATCH This Month

The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 27.1%.

Denial Of Service Apache Subversion
NVD
EPSS 2% CVSS 3.5
LOW PATCH Monitor

The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

Denial Of Service Apache Canonical +2
NVD GitHub
EPSS 2% CVSS 2.6
LOW PATCH Monitor

The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

Privilege Escalation Denial Of Service Apache +2
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by. Rated low severity (CVSS 3.3). No vendor patch available.

Privilege Escalation Apache Subversion
NVD
EPSS 1% CVSS 4.0
MEDIUM This Month

The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Apache +1
NVD
EPSS 4% CVSS 7.8
HIGH This Week

The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Subversion Ubuntu Linux +1
NVD
EPSS 6% CVSS 7.1
HIGH POC This Week

contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Subversion Opensuse
NVD Exploit-DB
EPSS 1% CVSS 5.5
MEDIUM This Month

Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Subversion Ubuntu Linux +1
NVD
EPSS 32% CVSS 5.0
MEDIUM POC THREAT This Month

The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 31.6%.

Buffer Overflow Denial Of Service Apache +1
NVD Exploit-DB
EPSS 15% CVSS 4.3
MEDIUM This Month

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 15.3% and no vendor patch available.

Denial Of Service Apache Subversion
NVD
EPSS 44% CVSS 5.0
MEDIUM POC THREAT This Month

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 44.3%.

Denial Of Service Apache Subversion
NVD Exploit-DB
EPSS 2% CVSS 4.0
MEDIUM This Month

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Apache +2
NVD
EPSS 2% CVSS 2.1
LOW Monitor

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apache +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy