Vulnerabilities > Apache > Subversion

DATE CVE VULNERABILITY TITLE RISK
2022-04-12 CVE-2021-28544 Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules.
network
low complexity
apache debian fedoraproject apple
4.3
2022-04-12 CVE-2022-24070 Use After Free vulnerability in multiple products
Subversion's mod_dav_svn is vulnerable to memory corruption.
network
low complexity
apache debian fedoraproject apple CWE-416
7.5
2021-03-17 CVE-2020-17525 NULL Pointer Dereference vulnerability in multiple products
Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL.
network
low complexity
apache debian CWE-476
7.5
2019-09-26 CVE-2019-0203 Improper Handling of Exceptional Conditions vulnerability in Apache Subversion
In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands.
network
low complexity
apache CWE-755
7.5
2019-09-26 CVE-2018-11782 Improper Input Validation vulnerability in Apache Subversion
In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer.
network
low complexity
apache CWE-20
6.5
2019-02-05 CVE-2018-11803 Access of Uninitialized Pointer vulnerability in multiple products
Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation.
network
low complexity
apache canonical CWE-824
7.5
2017-10-30 CVE-2013-4246 Improper Access Control vulnerability in Apache Subversion 1.8.0/1.8.1
libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive information by editing packed revision properties.
network
low complexity
apache CWE-284
8.8
2017-10-16 CVE-2016-8734 Resource Exhaustion vulnerability in multiple products
Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion.
network
low complexity
apache debian CWE-400
6.5
2017-08-11 CVE-2017-9800 Improper Input Validation vulnerability in Apache Subversion
A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command.
network
low complexity
apache CWE-20
critical
9.8
2016-05-05 CVE-2016-2168 Unspecified vulnerability in Apache Subversion
The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.
network
low complexity
apache
6.5