Search CVE reports


Toggle filters

1 – 10 of 51 results


CVE-2024-45720

Medium priority
Not affected

On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretation, including argument injection...

1 affected packages

subversion

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
subversion Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-24070

Medium priority
Fixed

Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers may attempt to use memory which has already been freed. Affected Subversion mod_dav_svn servers...

1 affected packages

subversion

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
subversion Fixed Fixed Not affected Not affected
Show less packages

CVE-2021-28544

Medium priority
Fixed

Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a node has been copied from a...

1 affected packages

subversion

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
subversion Fixed Fixed Not affected Not affected
Show less packages

CVE-2020-17525

Medium priority

Some fixes available 3 of 4

Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to...

1 affected packages

subversion

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
subversion Not affected Fixed Fixed Fixed
Show less packages

CVE-2019-0203

Medium priority

Some fixes available 2 of 3

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server.

1 affected packages

subversion

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
subversion Not affected Not affected Fixed Fixed
Show less packages

CVE-2018-11782

Medium priority

Some fixes available 2 of 3

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server.

1 affected packages

subversion

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
subversion Not affected Not affected Fixed Fixed
Show less packages

CVE-2018-11803

Medium priority

Some fixes available 1 of 5

Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation.

1 affected packages

subversion

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
subversion Not affected Not affected Not affected Not affected
Show less packages

CVE-2017-9800

Medium priority
Fixed

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server,...

1 affected packages

subversion

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
subversion Fixed
Show less packages

CVE-2016-8734

Low priority

Some fixes available 2 of 4

Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted...

1 affected packages

subversion

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
subversion Not affected Not affected Fixed
Show less packages

CVE-2016-2168

Medium priority

Some fixes available 2 of 4

The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and...

1 affected packages

subversion

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
subversion Fixed
Show less packages