CVE-2024-46901

< 1.14.5

Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows au

3.1LOW

CVE-2024-45720

< 1.14.4

On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables (e.g., svn.

8.2HIGH

CVE-2022-29048

<= 2.15.3

A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to a

4.3MEDIUM

CVE-2022-29046

<= 2.15.3

Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name and description of List Subversion tags (and more) parameter

5.4MEDIUM

CVE-2022-24070

>= 1.10.0 and < 1.10.8

Subversion's mod_dav_svn is vulnerable to memory corruption. While looking up path-based authorization rules, mod_dav_svn servers

7.5HIGH

CVE-2021-28544

>= 1.10.0 and <= 1.14.1

Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden a

4.3MEDIUM

CVE-2021-21698

<= 2.15.0

Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the con

7.5HIGH

CVE-2020-17525

>= 1.9.0 and < 1.10.7

Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccess

7.5HIGH

CVE-2020-2304

<= 2.13.1

Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

6.5MEDIUM

CVE-2020-2111

<= 2.13.0

Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error message for the Project Repository Base URL field form vali

5.4MEDIUM

CVE-2019-0203

<= 1.9.10

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a cli

7.5HIGH

CVE-2018-11782

<= 1.9.10

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a wel

6.5MEDIUM

CVE-2018-11803

>= 1.10.0 and <= 1.10.3

Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized

7.5HIGH

CVE-2018-1000111

<= 2.10.2

An improper authorization vulnerability exists in Jenkins Subversion Plugin version 2.10.2 and earlier in SubversionStatus.java an

5.3MEDIUM

CVE-2013-4246

all versions

libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt

8.8HIGH

CVE-2016-8734

all versions

Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denia

6.5MEDIUM

CVE-2017-1000085

<= 2.8

Subversion Plugin connects to a user-specified Subversion repository as part of form validation (e.g. to retrieve a list of tags).

6.5MEDIUM

CVE-2017-9800

<= 1.8.18

A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.

9.8CRITICAL

CVE-2016-2168

<= 1.8.15

The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before

6.5MEDIUM

CVE-2016-2167

<= 1.8.15

The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus

6.8MEDIUM

CVE-2015-5343

>= 1.7.0 and <= 1.7.20

Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote au

7.6HIGH

CVE-2015-5259

all versions

Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote atta

8.6HIGH

CVE-2015-3187

<= 1.7.20

The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorizat

CVE-2015-3184

all versions

mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly r

CVE-2015-0251

all versions

The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the

CVE-2015-0248

all versions

The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to

CVE-2015-0202

all versions

The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption

CVE-2014-8108

all versions

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attacker

CVE-2014-3580

all versions

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers

CVE-2014-3528

all versions

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm t

CVE-2014-3522

all versions

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcard

CVE-2014-3504

all versions

The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x b

CVE-2013-7393

all versions

The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid fil

CVE-2013-4262

all versions

svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users t

CVE-2014-0032

<= 1.7.14

The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVN

CVE-2013-4558

all versions

The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.

CVE-2013-4505

all versions

The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote atta

CVE-2013-4277

all versions

Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill

CVE-2013-4131

all versions

The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated u

CVE-2013-2112

<= 1.6.21

The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit

CVE-2013-2088

<= 1.6.21

contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to

CVE-2013-1968

<= 1.6.21

Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository c

CVE-2013-1884

all versions

The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service

CVE-2013-1849

all versions

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to c

CVE-2013-1847

all versions

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to c

CVE-2013-1846

<= 1.6.20

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated u

CVE-2013-1845

all versions

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated u

CVE-2011-1921

all versions

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVN

CVE-2011-1783

>= 1.5.0 and <= 1.5.8

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVN

CVE-2011-1752

< 1.6.17

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to c

CVE-2011-0715

<= 1.6.15

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to c

CVE-2010-4644

<= 1.6.14

Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of servi

CVE-2010-4539

<= 1.6.14

The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.

CVE-2010-3315

all versions

authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x bef

CVE-2009-2411

<= 1.5.6

Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authentica

CVE-2007-3846

<= 1.4.4

Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, whe

CVE-2007-2448

<= 1.4.3

Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths

CVE-2004-1438

all versions

The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the re

CVE-2004-0749

all versions

The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, wh

CVE-2004-0413

all versions

libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) svn://, (2) svn+ssh://, and (3) other svn protocol URL strings, w

CVE-2004-0397

all versions

Stack-based buffer overflow during the apr_time_t data conversion in Subversion 1.0.2 and earlier allows remote attackers to execu