Every CVE whose affected-product data names Apache Subversion, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (47)
CVE-2017-9800 — CVSS 9.8 (critical): A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through…
CVE-2013-4246 — CVSS 8.8 (high): libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS…
CVE-2015-5259 — CVSS 8.6 (high): Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to…
CVE-2024-45720 — CVSS 8.2 (high): On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables (e.g., svn.exe…
CVE-2013-2112 — CVSS 7.8 (high): The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by…
CVE-2015-0202 — CVSS 7.8 (high): The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a…
CVE-2015-5343 — CVSS 7.6 (high): Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote…
CVE-2018-11803 — CVSS 7.5 (high): Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer…
CVE-2022-24070 — CVSS 7.5 (high): Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may…
CVE-2020-17525 — CVSS 7.5 (high): Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile…
CVE-2019-0203 — CVSS 7.5 (high): In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends…
CVE-2013-2088 — CVSS 7.1 (high): contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute…
CVE-2010-4539 — CVSS 6.8 (medium): The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15…
CVE-2016-2167 — CVSS 6.8 (medium): The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL…
CVE-2016-2168 — CVSS 6.5 (medium): The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4…
CVE-2018-11782 — CVSS 6.5 (medium): In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed…
CVE-2016-8734 — CVSS 6.5 (medium): Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a…
CVE-2010-3315 — CVSS 6.0 (medium): authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before…
CVE-2013-1968 — CVSS 5.5 (medium): Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository…
CVE-2014-8108 — CVSS 5.0 (medium): The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to…
CVE-2014-3580 — CVSS 5.0 (medium): The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause…
CVE-2013-1884 — CVSS 5.0 (medium): The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service…
CVE-2013-1847 — CVSS 5.0 (medium): The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a…
CVE-2015-3184 — CVSS 5.0 (medium): mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict…
CVE-2011-1752 — CVSS 5.0 (medium): The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a…
CVE-2015-0248 — CVSS 5.0 (medium): The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a…
CVE-2013-1849 — CVSS 4.3 (medium): The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a…
CVE-2011-0715 — CVSS 4.3 (medium): The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a…
CVE-2011-1783 — CVSS 4.3 (medium): The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz…
CVE-2011-1921 — CVSS 4.3 (medium): The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz…
CVE-2014-0032 — CVSS 4.3 (medium): The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when…
CVE-2021-28544 — CVSS 4.3 (medium): Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according…
CVE-2015-3187 — CVSS 4.0 (medium): The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is…
CVE-2014-3528 — CVSS 4.0 (medium): Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store…
CVE-2014-3522 — CVSS 4.0 (medium): The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the…
CVE-2014-3504 — CVSS 4.0 (medium): The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before…
CVE-2013-4131 — CVSS 4.0 (medium): The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to…
CVE-2013-1846 — CVSS 4.0 (medium): The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to…
CVE-2015-0251 — CVSS 4.0 (medium): The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the…
CVE-2010-4644 — CVSS 3.5 (low): Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service…
CVE-2013-4558 — CVSS 3.5 (low): The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through…
CVE-2013-4277 — CVSS 3.3 (low): Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill…
CVE-2024-46901 — CVSS 3.1 (low): Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows…
CVE-2013-4505 — CVSS 2.6 (low): The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to…
CVE-2013-7393 — CVSS 2.4 (low): The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created…
CVE-2013-4262 — CVSS 2.4 (low): svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain…
CVE-2013-1845 — CVSS 2.1 (low): The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to…