Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache subversion vulnerabilities and exploits
(subscribe to this query)
712
VMScore
CVE-2015-5343
Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x prior to 1.8.15, and 1.9.x prior to 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-enco...
Apache Subversion
Debian Debian Linux 8.0
1 Github repository
801
VMScore
CVE-2015-5259
Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x prior to 1.9.3 allows remote malicious users to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read.
Apache Subversion 1.9.2
Apache Subversion 1.9.1
Apache Subversion 1.9.0
694
VMScore
CVE-2015-0202
The mod_dav_svn server in Subversion 1.8.0 up to and including 1.8.11 allows remote malicious users to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes.
Apache Subversion 1.8.0
Apache Subversion 1.8.8
Apache Subversion 1.8.9
Apache Subversion 1.8.3
Apache Subversion 1.8.4
Apache Subversion 1.8.5
Apache Subversion 1.8.1
Apache Subversion 1.8.2
Apache Subversion 1.8.10
Apache Subversion 1.8.11
Apache Subversion 1.8.6
Apache Subversion 1.8.7
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
356
VMScore
CVE-2014-3522
The Serf RA layer in Apache Subversion 1.4.0 up to and including 1.7.x prior to 1.7.18 and 1.8.x prior to 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle malicious users to spoof se...
Apache Subversion 1.7.17
Apache Subversion 1.8.7
Apache Subversion 1.8.5
Apache Subversion 1.8.6
Apache Subversion 1.7.13
Apache Subversion 1.7.14
Apache Subversion 1.7.7
Apache Subversion 1.7.8
Apache Subversion 1.6.14
Apache Subversion 1.6.15
Apache Subversion 1.6.21
Apache Subversion 1.6.23
Apache Subversion 1.6.9
Apache Subversion 1.5.0
Apache Subversion 1.5.8
Apache Subversion 1.4.0
Apache Subversion 1.8.2
Apache Subversion 1.8.3
Apache Subversion 1.8.4
Apache Subversion 1.7.11
Apache Subversion 1.7.12
Apache Subversion 1.7.5
356
VMScore
CVE-2014-3504
The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 up to and including 1.3.x prior to 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, w...
Apache Subversion 1.6.10
Apache Subversion 1.6.19
Apache Subversion 1.8.2
Apache Subversion 1.4.5
Apache Subversion 1.7.3
Apache Subversion 1.6.20
Apache Subversion 1.7.17
Apache Subversion 1.8.0
Apache Subversion 1.4.2
Apache Subversion 1.6.2
Apache Subversion 1.7.1
Apache Subversion 1.7.11
Apache Subversion 1.7.16
Apache Subversion 1.6.18
Apache Subversion 1.6.16
Apache Subversion 1.5.5
Apache Subversion 1.7.4
Apache Subversion 1.6.21
Apache Subversion 1.6.5
Apache Subversion 1.7.6
Apache Subversion 1.5.3
Apache Subversion 1.4.0
214
VMScore
CVE-2013-4262
svnwcsub.py in Subversion 1.8.0 prior to 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py iss...
Apache Subversion 1.8.0
Apache Subversion 1.8.1
Apache Subversion 1.8.2
214
VMScore
CVE-2013-7393
The daemonize.py module in Subversion 1.8.0 prior to 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on differ...
Apache Subversion 1.8.0
Apache Subversion 1.8.1
231
VMScore
CVE-2013-4505
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 up to and including 1.7.13 and 1.8.0 up to and including 1.8.4 allows remote malicious users to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relativ...
Apache Mod Dontdothat -
Apache Subversion 1.8.1
Apache Subversion 1.4.0
Apache Subversion 1.5.0
Apache Subversion 1.5.1
Apache Subversion 1.5.8
Apache Subversion 1.6.0
Apache Subversion 1.6.16
Apache Subversion 1.6.17
Apache Subversion 1.6.3
Apache Subversion 1.6.4
Apache Subversion 1.7.1
Apache Subversion 1.7.10
Apache Subversion 1.4.5
Apache Subversion 1.4.6
Apache Subversion 1.5.6
Apache Subversion 1.5.7
Apache Subversion 1.6.14
Apache Subversion 1.6.15
Apache Subversion 1.6.21
Apache Subversion 1.6.23
Apache Subversion 1.6.9
312
VMScore
CVE-2013-4558
The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 up to and including 1.7.13 and 1.8.1 up to and including 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote malicious users to cause a...
Apache Subversion 1.8.2
Apache Subversion 1.7.11
Apache Subversion 1.8.1
Apache Subversion 1.7.12
Apache Mod Dav Svn -
Apache Subversion 1.7.13
Apache Subversion 1.8.4
Apache Subversion 1.8.3
294
VMScore
CVE-2013-4277
Svnserve in Apache Subversion 1.4.0 up to and including 1.7.12 and 1.8.0 up to and including 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option.
Apache Subversion 1.7.7
Apache Subversion 1.7.6
Apache Subversion 1.7.0
Apache Subversion 1.6.9
Apache Subversion 1.6.21
Apache Subversion 1.6.20
Apache Subversion 1.6.14
Apache Subversion 1.6.13
Apache Subversion 1.5.7
Apache Subversion 1.5.6
Apache Subversion 1.4.5
Apache Subversion 1.4.4
Apache Subversion 1.8.0
Apache Subversion 1.8.1
Apache Subversion 1.7.3
Apache Subversion 1.7.2
Apache Subversion 1.6.6
Apache Subversion 1.6.5
Apache Subversion 1.6.4
Apache Subversion 1.6.18
Apache Subversion 1.6.17
Apache Subversion 1.6.10
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »