Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
subversion subversion vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-7393
The daemonize.py module in Subversion 1.8.0 prior to 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on differ...
Apache Subversion 1.8.0
Apache Subversion 1.8.1
7.5
CVSSv3
CVE-2018-11803
Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation.
Apache Subversion
Apache Subversion 1.11.0
Canonical Ubuntu Linux 18.10
6.5
CVSSv3
CVE-2017-1000085
Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. to retrieve a list of tags). This functionality improperly checked permissions, allowing any user with Item/Build permission (but not Item/Configure) to connect to any web server...
Jenkins Subversion
7.5
CVSSv3
CVE-2021-21698
Jenkins Subversion Plugin 2.15.0 and previous versions does not restrict the name of a file when looking up a subversion key file on the controller from an agent.
Jenkins Subversion
5.3
CVSSv3
CVE-2018-1000111
An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and previous versions in SubversionStatus.java and SubversionRepositoryStatus.java that allows an attacker with network access to obtain a list of nodes and users.
Jenkins Subversion
5.4
CVSSv3
CVE-2020-2111
Jenkins Subversion Plugin 2.13.0 and previous versions does not escape the error message for the Project Repository Base URL field form validation, resulting in a stored cross-site scripting vulnerability.
Jenkins Subversion
6.5
CVSSv3
CVE-2020-2304
Jenkins Subversion Plugin 2.13.1 and previous versions does not configure its XML parser to prevent XML external entity (XXE) attacks.
Jenkins Subversion
6.1
CVSSv3
CVE-2020-15788
A vulnerability has been identified in Polarion Subversion Webclient (All versions). The Polarion subversion web application does not filter user input in a way that prevents Cross-Site Scripting. If a user is enticed into passing specially crafted, malicious input to the web cli...
Siemens Polarion Subversion Webclient
8.1
CVSSv3
CVE-2020-15789
A vulnerability has been identified in Polarion Subversion Webclient (All versions). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a...
Siemens Polarion Subversion Webclient
5.4
CVSSv3
CVE-2022-29046
Jenkins Subversion Plugin 2.15.3 and previous versions does not escape the name and description of List Subversion tags (and more) parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configur...
Jenkins Subversion
Apple Macos
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »