Vulnerabilities > Apache > Subversion > 1.6.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-09-26 | CVE-2019-0203 | Improper Input Validation vulnerability in Apache Subversion In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. | 5.0 |
2019-09-26 | CVE-2018-11782 | Improper Input Validation vulnerability in Apache Subversion In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. | 4.0 |
2017-10-16 | CVE-2016-8734 | Resource Exhaustion vulnerability in multiple products Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. | 6.5 |
2017-08-11 | CVE-2017-9800 | Improper Input Validation vulnerability in Apache Subversion A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. | 9.8 |
2016-05-05 | CVE-2016-2168 | Unspecified vulnerability in Apache Subversion The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check. | 6.5 |
2016-05-05 | CVE-2016-2167 | Improper Access Control vulnerability in Apache Subversion The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string. | 6.8 |
2015-08-12 | CVE-2015-3187 | Information Exposure vulnerability in multiple products The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. | 4.0 |
2015-04-08 | CVE-2015-0251 | Insufficient Verification of Data Authenticity vulnerability in multiple products The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences. | 4.0 |
2015-04-08 | CVE-2015-0248 | Resource Management Errors vulnerability in multiple products The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers. | 5.0 |
2014-12-18 | CVE-2014-8108 | Remote Denial of Service vulnerability in Apache Subversion The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist. | 5.0 |