Vulnerabilities > Apache > Subversion > Low

DATE CVE VULNERABILITY TITLE RISK
2014-07-28 CVE-2013-4262 Link Following vulnerability in Apache Subversion 1.8.0/1.8.1/1.8.2
svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file.
local
high complexity
apache CWE-59
2.4
2014-07-28 CVE-2013-7393 Link Following vulnerability in Apache Subversion 1.8.0/1.8.1
The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used.
local
high complexity
apache CWE-59
2.4
2013-12-07 CVE-2013-4505 Permissions, Privileges, and Access Controls vulnerability in Apache MOD Dontdothat and Subversion
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request.
network
high complexity
apache CWE-264
2.6
2013-09-16 CVE-2013-4277 Permissions, Privileges, and Access Controls vulnerability in Apache Subversion
Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option.
local
apache CWE-264
3.3
2013-05-02 CVE-2013-1845 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
network
high complexity
apache opensuse CWE-119
2.1