Subversion

subversion

Vendor: Subversion • 7 CVEs

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2009-2411 1Subversion 1Subversion Apr 23, 2026 Aug 7, 2009 N/A· v4 N/A· v3 8.5 HIGH· v2 Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream wi...Show more Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.Show less
CVE-2007-3846 2Subversion Tortoisesvn 2Subversion Tortoisesvn Apr 23, 2026 Aug 28, 2007 N/A· v4 N/A· v3 6.0 MEDIUM· v2 Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create...Show more Directory traversal vulnerability in Subversion before 1.4.5, as used by TortoiseSVN before 1.4.5 and possibly other products, when run on Windows-based systems, allows remote authenticated users to overwrite and create arbitrary files via a ..\ (dot dot backslash) sequence in the filename, as stored in the file repository.Show less
CVE-2007-2448 1Subversion 1Subversion Apr 23, 2026 Jun 14, 2007 N/A· v4 N/A· v3 2.1 LOW· v2 Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive informa...Show more Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit.Show less
CVE-2004-1438 1Subversion 1Subversion Apr 16, 2026 Dec 31, 2004 N/A· v4 N/A· v3 2.1 LOW· v2 The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
CVE-2004-0749 2Gentoo Subversion 2Linux Subversion Apr 16, 2026 Dec 23, 2004 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn...Show more The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames.Show less
CVE-2004-0413 2Openpkg Subversion 2Openpkg Subversion Apr 16, 2026 Aug 6, 2004 N/A· v4 N/A· v3 10.0 HIGH· v2 libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) svn://, (2) svn+ssh://, and (3) other svn protocol URL strings, which allows remote attackers to cause a denial of service (memory consumption) and possibl...Show more libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) svn://, (2) svn+ssh://, and (3) other svn protocol URL strings, which allows remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via an integer overflow that leads to a heap-based buffer overflow.Show less
CVE-2004-0397 1Subversion 1Subversion Apr 16, 2026 Jul 7, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 Stack-based buffer overflow during the apr_time_t data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a (1) DAV2 REPORT query or (2) get-dated-rev svn-protocol command.