Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/129855?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "type": "deb", "namespace": "debian", "name": "subversion", "version": "1.14.2-4+deb12u1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.14.5-1", "latest_non_vulnerable_version": "1.14.5-6", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101603?format=api", "vulnerability_id": "VCID-18cg-68h3-cybr", "summary": "The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4505.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4505.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4505", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0164", "scoring_system": "epss", "scoring_elements": "0.82283", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0164", "scoring_system": "epss", "scoring_elements": "0.82313", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4505" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4505", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4505" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033995", "reference_id": "1033995", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033995" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730541", "reference_id": "730541", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730541" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129883?format=api", "purl": "pkg:deb/debian/subversion@1.7.14-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.7.14-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4505" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-18cg-68h3-cybr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101577?format=api", "vulnerability_id": "VCID-2d22-14d2-n7ek", "summary": "Subversion 1.4.3 and earlier does not properly implement the \"partial access\" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2448.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2448.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-2448", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52609", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52668", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-2448" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2448", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2448" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=243757", "reference_id": "243757", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=243757" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=428194", "reference_id": "428194", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=428194" }, { "reference_url": "https://usn.ubuntu.com/1053-1/", "reference_id": "USN-1053-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1053-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129864?format=api", "purl": "pkg:deb/debian/subversion@1.4.4dfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.4.4dfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2007-2448" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2d22-14d2-n7ek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101612?format=api", "vulnerability_id": "VCID-3jv4-38f5-nkf5", "summary": "Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3528.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3528.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3528", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03375", "scoring_system": "epss", "scoring_elements": "0.87592", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03375", "scoring_system": "epss", "scoring_elements": "0.87614", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3528" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1125799", "reference_id": "1125799", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1125799" }, { "reference_url": "https://security.gentoo.org/glsa/201610-05", "reference_id": "GLSA-201610-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201610-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0165", "reference_id": "RHSA-2015:0165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0166", "reference_id": "RHSA-2015:0166", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0166" }, { "reference_url": "https://usn.ubuntu.com/2316-1/", "reference_id": "USN-2316-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2316-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129887?format=api", "purl": "pkg:deb/debian/subversion@1.8.10-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.8.10-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-3528" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3jv4-38f5-nkf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101614?format=api", "vulnerability_id": "VCID-3n43-a397-yydj", "summary": "The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3580.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3580.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3580", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.13653", "scoring_system": "epss", "scoring_elements": "0.94383", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.13653", "scoring_system": "epss", "scoring_elements": "0.94391", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3580" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3580", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3580" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174054", "reference_id": "1174054", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174054" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773263", "reference_id": "773263", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773263" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0165", "reference_id": "RHSA-2015:0165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0166", "reference_id": "RHSA-2015:0166", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0166" }, { "reference_url": "https://usn.ubuntu.com/2721-1/", "reference_id": "USN-2721-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2721-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129888?format=api", "purl": "pkg:deb/debian/subversion@1.8.10-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.8.10-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-3580" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3n43-a397-yydj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101574?format=api", "vulnerability_id": "VCID-4mam-pfwb-bbfn", "summary": "The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2004-0749", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00619", "scoring_system": "epss", "scoring_elements": "0.70361", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00619", "scoring_system": "epss", "scoring_elements": "0.70403", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2004-0749" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0749" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129861?format=api", "purl": "pkg:deb/debian/subversion@1.0.9-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.0.9-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2004-0749" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4mam-pfwb-bbfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101620?format=api", "vulnerability_id": "VCID-6h35-rv8q-nbcm", "summary": "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3187.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3187.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3187", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00944", "scoring_system": "epss", "scoring_elements": "0.76662", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00944", "scoring_system": "epss", "scoring_elements": "0.76691", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3187" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3184", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3184" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3187", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3187" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1247252", "reference_id": "1247252", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1247252" }, { "reference_url": "https://security.gentoo.org/glsa/201610-05", "reference_id": "GLSA-201610-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201610-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1633", "reference_id": "RHSA-2015:1633", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1633" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1742", "reference_id": "RHSA-2015:1742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1742" }, { "reference_url": "https://usn.ubuntu.com/2721-1/", "reference_id": "USN-2721-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2721-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129892?format=api", "purl": "pkg:deb/debian/subversion@1.9.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.9.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-3187" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6h35-rv8q-nbcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101595?format=api", "vulnerability_id": "VCID-6k4a-5tuh-qbgf", "summary": "The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2112.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2112.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2112", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03697", "scoring_system": "epss", "scoring_elements": "0.88155", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03697", "scoring_system": "epss", "scoring_elements": "0.88175", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2112" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1968", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1968" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2112", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2112" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711033", "reference_id": "711033", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711033" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=970037", "reference_id": "970037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=970037" }, { "reference_url": "https://security.gentoo.org/glsa/201309-11", "reference_id": "GLSA-201309-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0255", "reference_id": "RHSA-2014:0255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0255" }, { "reference_url": "https://usn.ubuntu.com/1893-1/", "reference_id": "USN-1893-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1893-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129875?format=api", "purl": "pkg:deb/debian/subversion@1.7.9-1%2Bnmu2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.7.9-1%252Bnmu2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-2112" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6k4a-5tuh-qbgf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101573?format=api", "vulnerability_id": "VCID-6qwg-jbqz-cqam", "summary": "libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) svn://, (2) svn+ssh://, and (3) other svn protocol URL strings, which allows remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via an integer overflow that leads to a heap-based buffer overflow.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2004-0413", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10823", "scoring_system": "epss", "scoring_elements": "0.93496", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.10823", "scoring_system": "epss", "scoring_elements": "0.93507", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2004-0413" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0413", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0413" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129860?format=api", "purl": "pkg:deb/debian/subversion@1.0.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.0.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2004-0413" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6qwg-jbqz-cqam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101593?format=api", "vulnerability_id": "VCID-6yyq-w9bz-9yed", "summary": "contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2088.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2088.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2088", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06485", "scoring_system": "epss", "scoring_elements": "0.91257", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06485", "scoring_system": "epss", "scoring_elements": "0.9127", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2088" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2088", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2088" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=970027", "reference_id": "970027", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=970027" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/40507.py", "reference_id": "CVE-2013-2088", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/40507.py" }, { "reference_url": "https://security.gentoo.org/glsa/201309-11", "reference_id": "GLSA-201309-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129876?format=api", "purl": "pkg:deb/debian/subversion@1.7.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.7.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-2088" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6yyq-w9bz-9yed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101587?format=api", "vulnerability_id": "VCID-775h-cjq3-1bce", "summary": "The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1845.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1845.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1845", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01156", "scoring_system": "epss", "scoring_elements": "0.78882", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01156", "scoring_system": "epss", "scoring_elements": "0.78908", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1845" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1845", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1845" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704940", "reference_id": "704940", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704940" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=929082", "reference_id": "929082", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=929082" }, { "reference_url": "https://security.gentoo.org/glsa/201309-11", "reference_id": "GLSA-201309-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0737", "reference_id": "RHSA-2013:0737", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0737" }, { "reference_url": "https://usn.ubuntu.com/1893-1/", "reference_id": "USN-1893-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1893-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129873?format=api", "purl": "pkg:deb/debian/subversion@1.7.9-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.7.9-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-1845" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-775h-cjq3-1bce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101599?format=api", "vulnerability_id": "VCID-7fh5-bd9g-ubhc", "summary": "libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive information by editing packed revision properties.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4246.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4246.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4246", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.60174", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00387", "scoring_system": "epss", "scoring_elements": "0.60221", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4246" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000192", "reference_id": "1000192", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000192" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129879?format=api", "purl": "pkg:deb/debian/subversion@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4246" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7fh5-bd9g-ubhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101583?format=api", "vulnerability_id": "VCID-7sq7-gjgr-xqfs", "summary": "The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1752.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1752.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1752", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.22709", "scoring_system": "epss", "scoring_elements": "0.95968", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.22709", "scoring_system": "epss", "scoring_elements": "0.95972", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1752" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=709111", "reference_id": "709111", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709111" }, { "reference_url": "https://security.gentoo.org/glsa/201309-11", "reference_id": "GLSA-201309-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0861", "reference_id": "RHSA-2011:0861", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0862", "reference_id": "RHSA-2011:0862", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0862" }, { "reference_url": "https://usn.ubuntu.com/1144-1/", "reference_id": "USN-1144-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1144-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129871?format=api", "purl": "pkg:deb/debian/subversion@1.6.17dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.6.17dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-1752" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7sq7-gjgr-xqfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101590?format=api", "vulnerability_id": "VCID-86ac-9dts-33gh", "summary": "The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1849.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1849.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1849", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08746", "scoring_system": "epss", "scoring_elements": "0.92651", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08746", "scoring_system": "epss", "scoring_elements": "0.92664", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1849" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1849", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1849" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704940", "reference_id": "704940", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704940" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=929093", "reference_id": "929093", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=929093" }, { "reference_url": "https://security.gentoo.org/glsa/201309-11", "reference_id": "GLSA-201309-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0737", "reference_id": "RHSA-2013:0737", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0737" }, { "reference_url": "https://usn.ubuntu.com/1893-1/", "reference_id": "USN-1893-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1893-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129873?format=api", "purl": "pkg:deb/debian/subversion@1.7.9-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.7.9-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-1849" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-86ac-9dts-33gh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101623?format=api", "vulnerability_id": "VCID-911j-4sf9-1ue5", "summary": "The canonicalize_username function in svnserve/cyrus_auth.c in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4, when Cyrus SASL authentication is used, allows remote attackers to authenticate and bypass intended access restrictions via a realm string that is a prefix of an expected repository realm string.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2167.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2167.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2167", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00968", "scoring_system": "epss", "scoring_elements": "0.76937", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00968", "scoring_system": "epss", "scoring_elements": "0.76969", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2168", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2168" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:S/C:P/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1331686", "reference_id": "1331686", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1331686" }, { "reference_url": "https://security.gentoo.org/glsa/201610-05", "reference_id": "GLSA-201610-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201610-05" }, { "reference_url": "https://usn.ubuntu.com/3388-1/", "reference_id": "USN-3388-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3388-1/" }, { "reference_url": "https://usn.ubuntu.com/3388-2/", "reference_id": "USN-3388-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3388-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129895?format=api", "purl": "pkg:deb/debian/subversion@1.9.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.9.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-2167" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-911j-4sf9-1ue5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101578?format=api", "vulnerability_id": "VCID-9asc-2cmw-zkac", "summary": "Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2411.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2411.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2411", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06173", "scoring_system": "epss", "scoring_elements": "0.90996", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06173", "scoring_system": "epss", "scoring_elements": "0.91009", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2411" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2411", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2411" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=514744", "reference_id": "514744", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=514744" }, { "reference_url": "https://security.gentoo.org/glsa/200908-05", "reference_id": "GLSA-200908-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200908-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1203", "reference_id": "RHSA-2009:1203", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1203" }, { "reference_url": "https://usn.ubuntu.com/812-1/", "reference_id": "USN-812-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/812-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129865?format=api", "purl": "pkg:deb/debian/subversion@1.6.4dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.6.4dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-2411" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9asc-2cmw-zkac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101588?format=api", "vulnerability_id": "VCID-9dbe-qvky-5ygd", "summary": "The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1846.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1846.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1846", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00755", "scoring_system": "epss", "scoring_elements": "0.73605", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00755", "scoring_system": "epss", "scoring_elements": "0.73641", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1846" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1846" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704940", "reference_id": "704940", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704940" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=929087", "reference_id": "929087", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=929087" }, { "reference_url": "https://security.gentoo.org/glsa/201309-11", "reference_id": "GLSA-201309-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0737", "reference_id": "RHSA-2013:0737", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0737" }, { "reference_url": "https://usn.ubuntu.com/1893-1/", "reference_id": "USN-1893-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1893-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129873?format=api", "purl": "pkg:deb/debian/subversion@1.7.9-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.7.9-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-1846" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9dbe-qvky-5ygd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101609?format=api", "vulnerability_id": "VCID-9hdz-4dqf-37bw", "summary": "The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the \"svn ls http://svn.example.com\" command.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0032.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0032.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0032", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.27105", "scoring_system": "epss", "scoring_elements": "0.96476", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.27105", "scoring_system": "epss", "scoring_elements": "0.96479", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0032" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0032", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0032" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062042", "reference_id": "1062042", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062042" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737815", "reference_id": "737815", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737815" }, { "reference_url": "https://security.gentoo.org/glsa/201610-05", "reference_id": "GLSA-201610-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201610-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0255", "reference_id": "RHSA-2014:0255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0255" }, { "reference_url": "https://usn.ubuntu.com/2316-1/", "reference_id": "USN-2316-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2316-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129886?format=api", "purl": "pkg:deb/debian/subversion@1.8.8-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.8.8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-0032" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9hdz-4dqf-37bw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101626?format=api", "vulnerability_id": "VCID-9rvw-dw2a-97h2", "summary": "Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17525.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-17525.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17525", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.14805", "scoring_system": "epss", "scoring_elements": "0.94631", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.14805", "scoring_system": "epss", "scoring_elements": "0.9464", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17525" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17525", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17525" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922303", "reference_id": "1922303", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922303" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982464", "reference_id": "982464", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982464" }, { "reference_url": "https://security.archlinux.org/AVG-1563", "reference_id": "AVG-1563", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1563" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0507", "reference_id": "RHSA-2021:0507", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0507" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0508", "reference_id": "RHSA-2021:0508", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0508" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0509", "reference_id": "RHSA-2021:0509", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0509" }, { "reference_url": "https://usn.ubuntu.com/5322-1/", "reference_id": "USN-5322-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5322-1/" }, { "reference_url": "https://usn.ubuntu.com/5445-1/", "reference_id": "USN-5445-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5445-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129900?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-17525" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9rvw-dw2a-97h2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101579?format=api", "vulnerability_id": "VCID-adtp-jcyv-eqd3", "summary": "authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3315.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3315.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3315", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58494", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00361", "scoring_system": "epss", "scoring_elements": "0.58541", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3315" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3315", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3315" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=640317", "reference_id": "640317", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=640317" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0258", "reference_id": "RHSA-2011:0258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0258" }, { "reference_url": "https://usn.ubuntu.com/1053-1/", "reference_id": "USN-1053-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1053-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129866?format=api", "purl": "pkg:deb/debian/subversion@1.6.12dfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.6.12dfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2010-3315" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-adtp-jcyv-eqd3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101581?format=api", "vulnerability_id": "VCID-bu2k-qj7m-xkfd", "summary": "Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4644.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4644.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4644", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01955", "scoring_system": "epss", "scoring_elements": "0.83807", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01955", "scoring_system": "epss", "scoring_elements": "0.8383", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4644" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4644", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4644" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608989", "reference_id": "608989", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608989" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=667763", "reference_id": "667763", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=667763" }, { "reference_url": "https://security.gentoo.org/glsa/201309-11", "reference_id": "GLSA-201309-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0257", "reference_id": "RHSA-2011:0257", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0257" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0258", "reference_id": "RHSA-2011:0258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0258" }, { "reference_url": "https://usn.ubuntu.com/1053-1/", "reference_id": "USN-1053-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1053-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129868?format=api", "purl": "pkg:deb/debian/subversion@1.6.12dfsg-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.6.12dfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2010-4644" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bu2k-qj7m-xkfd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101621?format=api", "vulnerability_id": "VCID-byfb-b8p8-6kaz", "summary": "Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5259.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5259.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5259", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.34284", "scoring_system": "epss", "scoring_elements": "0.97076", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.34284", "scoring_system": "epss", "scoring_elements": "0.97079", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5259" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5259", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5259" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1289958", "reference_id": "1289958", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1289958" }, { "reference_url": "https://security.gentoo.org/glsa/201610-05", "reference_id": "GLSA-201610-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201610-05" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129894?format=api", "purl": "pkg:deb/debian/subversion@1.9.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.9.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-5259" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-byfb-b8p8-6kaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101572?format=api", "vulnerability_id": "VCID-c925-j7dx-qke3", "summary": "Stack-based buffer overflow during the apr_time_t data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a (1) DAV2 REPORT query or (2) get-dated-rev svn-protocol command.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2004-0397", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.86588", "scoring_system": "epss", "scoring_elements": "0.99435", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.86588", "scoring_system": "epss", "scoring_elements": "0.99436", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2004-0397" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0397", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0397" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=249791", "reference_id": "249791", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=249791" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/9935.rb", "reference_id": "CVE-2004-0397;OSVDB-6301", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/9935.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/dos/16284.rb", "reference_id": "CVE-2004-0397;OSVDB-6301", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/dos/16284.rb" }, { "reference_url": "https://security.gentoo.org/glsa/200405-14", "reference_id": "GLSA-200405-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200405-14" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/304.c", "reference_id": "OSVDB-6301;CVE-2004-0397", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/304.c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129856?format=api", "purl": "pkg:deb/debian/subversion@1.0.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.0.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2004-0397" ], "risk_score": 1.6, "exploitability": "2.0", "weighted_severity": "0.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c925-j7dx-qke3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101617?format=api", "vulnerability_id": "VCID-cpt9-yf1w-rqep", "summary": "The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0248.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0248.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0248", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.15803", "scoring_system": "epss", "scoring_elements": "0.94859", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.15803", "scoring_system": "epss", "scoring_elements": "0.94868", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0251", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0251" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205138", "reference_id": "1205138", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205138" }, { "reference_url": "https://security.gentoo.org/glsa/201610-05", "reference_id": "GLSA-201610-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201610-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1633", "reference_id": "RHSA-2015:1633", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1633" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1742", "reference_id": "RHSA-2015:1742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1742" }, { "reference_url": "https://usn.ubuntu.com/2721-1/", "reference_id": "USN-2721-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2721-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129890?format=api", "purl": "pkg:deb/debian/subversion@1.8.10-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.8.10-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-0248" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cpt9-yf1w-rqep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6049?format=api", "vulnerability_id": "VCID-cxez-cmdb-e7fn", "summary": "denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0203.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0203.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0203", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06024", "scoring_system": "epss", "scoring_elements": "0.90873", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06024", "scoring_system": "epss", "scoring_elements": "0.90887", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11782", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11782" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0203" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1733073", "reference_id": "1733073", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1733073" }, { "reference_url": "https://security.archlinux.org/ASA-201908-10", "reference_id": "ASA-201908-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-10" }, { "reference_url": "https://security.archlinux.org/AVG-1016", "reference_id": "AVG-1016", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2512", "reference_id": "RHSA-2019:2512", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2512" }, { "reference_url": "https://usn.ubuntu.com/4082-1/", "reference_id": "USN-4082-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4082-1/" }, { "reference_url": "https://usn.ubuntu.com/4082-2/", "reference_id": "USN-4082-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4082-2/" }, { "reference_url": "https://usn.ubuntu.com/5445-1/", "reference_id": "USN-5445-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5445-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129898?format=api", "purl": "pkg:deb/debian/subversion@1.10.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.10.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-0203" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cxez-cmdb-e7fn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6175?format=api", "vulnerability_id": "VCID-da8u-6gtk-w7ga", "summary": "denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11803.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11803.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11803", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06566", "scoring_system": "epss", "scoring_elements": "0.9131", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06566", "scoring_system": "epss", "scoring_elements": "0.91324", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11803" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11803", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11803" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668807", "reference_id": "1668807", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668807" }, { "reference_url": "https://security.archlinux.org/ASA-201901-17", "reference_id": "ASA-201901-17", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201901-17" }, { "reference_url": "https://security.archlinux.org/AVG-858", "reference_id": "AVG-858", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-858" }, { "reference_url": "https://security.gentoo.org/glsa/201904-08", "reference_id": "GLSA-201904-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201904-08" }, { "reference_url": "https://usn.ubuntu.com/3869-1/", "reference_id": "USN-3869-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3869-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129899?format=api", "purl": "pkg:deb/debian/subversion@1.10.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.10.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-11803" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-da8u-6gtk-w7ga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101627?format=api", "vulnerability_id": "VCID-dqm8-3v44-u7ek", "summary": "On Windows platforms, a \"best fit\" character encoding conversion of command line arguments to Subversion's executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretation, including argument injection and execution of other programs, if a specially crafted command line argument string is processed. All versions of Subversion up to and including Subversion 1.14.3 are affected on Windows platforms only. Users are recommended to upgrade to version Subversion 1.14.4, which fixes this issue. Subversion is not affected on UNIX-like platforms.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45720", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22264", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45720" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://subversion.apache.org/security/CVE-2024-45720-advisory.txt", "reference_id": "CVE-2024-45720-advisory.txt", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-09T13:20:38Z/" } ], "url": "https://subversion.apache.org/security/CVE-2024-45720-advisory.txt" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129879?format=api", "purl": "pkg:deb/debian/subversion@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-45720" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dqm8-3v44-u7ek" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101580?format=api", "vulnerability_id": "VCID-e6ar-678j-xkac", "summary": "The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4539.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4539.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4539", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01388", "scoring_system": "epss", "scoring_elements": "0.80674", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01388", "scoring_system": "epss", "scoring_elements": "0.80701", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4539" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4539", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4539" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608989", "reference_id": "608989", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608989" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=667407", "reference_id": "667407", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=667407" }, { "reference_url": "https://security.gentoo.org/glsa/201309-11", "reference_id": "GLSA-201309-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0257", "reference_id": "RHSA-2011:0257", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0257" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0258", "reference_id": "RHSA-2011:0258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0258" }, { "reference_url": "https://usn.ubuntu.com/1053-1/", "reference_id": "USN-1053-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1053-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129867?format=api", "purl": "pkg:deb/debian/subversion@1.6.12dfsg-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.6.12dfsg-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2010-4539" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e6ar-678j-xkac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101591?format=api", "vulnerability_id": "VCID-eehh-xh98-57bd", "summary": "The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1884.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1884.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1884", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.31605", "scoring_system": "epss", "scoring_elements": "0.96886", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.31605", "scoring_system": "epss", "scoring_elements": "0.96891", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1884" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1884", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1884" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704940", "reference_id": "704940", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704940" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=929095", "reference_id": "929095", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=929095" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/38422.txt", "reference_id": "CVE-2013-1884;OSVDB-92092", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/38422.txt" }, { "reference_url": "https://www.securityfocus.com/bid/58898/info", "reference_id": "CVE-2013-1884;OSVDB-92092", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/58898/info" }, { "reference_url": "https://security.gentoo.org/glsa/201309-11", "reference_id": "GLSA-201309-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-11" }, { "reference_url": "https://usn.ubuntu.com/1893-1/", "reference_id": "USN-1893-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1893-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129873?format=api", "purl": "pkg:deb/debian/subversion@1.7.9-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.7.9-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-1884" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eehh-xh98-57bd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4879?format=api", "vulnerability_id": "VCID-ek5d-6n6b-t3ex", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24070.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24070.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24070", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0161", "scoring_system": "epss", "scoring_elements": "0.82098", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0161", "scoring_system": "epss", "scoring_elements": "0.82127", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24070" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28544", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28544" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24070", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24070" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074772", "reference_id": "2074772", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074772" }, { "reference_url": "https://security.archlinux.org/AVG-2750", "reference_id": "AVG-2750", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2750" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:2222", "reference_id": "RHSA-2022:2222", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:2222" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:2234", "reference_id": "RHSA-2022:2234", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:2234" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:2236", "reference_id": "RHSA-2022:2236", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:2236" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:2237", "reference_id": "RHSA-2022:2237", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:2237" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4591", "reference_id": "RHSA-2022:4591", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4591" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4722", "reference_id": "RHSA-2022:4722", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4722" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4941", "reference_id": "RHSA-2022:4941", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4941" }, { "reference_url": "https://usn.ubuntu.com/5372-1/", "reference_id": "USN-5372-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5372-1/" }, { "reference_url": "https://usn.ubuntu.com/5450-1/", "reference_id": "USN-5450-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5450-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129901?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-24070" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ek5d-6n6b-t3ex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101582?format=api", "vulnerability_id": "VCID-euta-9afu-dkbu", "summary": "The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0715.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0715.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0715", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08517", "scoring_system": "epss", "scoring_elements": "0.92521", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08517", "scoring_system": "epss", "scoring_elements": "0.92533", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0715" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=680755", "reference_id": "680755", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=680755" }, { "reference_url": "https://security.gentoo.org/glsa/201309-11", "reference_id": "GLSA-201309-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0327", "reference_id": "RHSA-2011:0327", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0327" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0328", "reference_id": "RHSA-2011:0328", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0328" }, { "reference_url": "https://usn.ubuntu.com/1096-1/", "reference_id": "USN-1096-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1096-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129870?format=api", "purl": "pkg:deb/debian/subversion@1.6.16dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.6.16dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-0715" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-euta-9afu-dkbu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101592?format=api", "vulnerability_id": "VCID-fg3n-7rg5-rbh7", "summary": "Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1968.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1968.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1968", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01238", "scoring_system": "epss", "scoring_elements": "0.79563", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01238", "scoring_system": "epss", "scoring_elements": "0.7959", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1968" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1968", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1968" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2112", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2112" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711033", "reference_id": "711033", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711033" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=970014", "reference_id": "970014", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=970014" }, { "reference_url": "https://security.gentoo.org/glsa/201309-11", "reference_id": "GLSA-201309-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0255", "reference_id": "RHSA-2014:0255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0255" }, { "reference_url": "https://usn.ubuntu.com/1893-1/", "reference_id": "USN-1893-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1893-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129875?format=api", "purl": "pkg:deb/debian/subversion@1.7.9-1%2Bnmu2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.7.9-1%252Bnmu2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-1968" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fg3n-7rg5-rbh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101607?format=api", "vulnerability_id": "VCID-gpjg-3c41-9uf8", "summary": "The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions (ADT3).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7393.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-7393.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7393", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38546", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38635", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7393" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7393", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7393" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000194", "reference_id": "1000194", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000194" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129880?format=api", "purl": "pkg:deb/debian/subversion@1.8.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.8.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-7393" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gpjg-3c41-9uf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101597?format=api", "vulnerability_id": "VCID-gyj1-f8yq-33dg", "summary": "The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4131.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4131.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4131", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00665", "scoring_system": "epss", "scoring_elements": "0.71612", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00665", "scoring_system": "epss", "scoring_elements": "0.71655", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4131" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4131", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4131" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717794", "reference_id": "717794", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717794" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=986194", "reference_id": "986194", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=986194" }, { "reference_url": "https://security.gentoo.org/glsa/201309-11", "reference_id": "GLSA-201309-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129878?format=api", "purl": "pkg:deb/debian/subversion@1.7.13-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.7.13-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4131" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gyj1-f8yq-33dg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4880?format=api", "vulnerability_id": "VCID-hnea-rtet-8kgm", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28544.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28544.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28544", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.58492", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0036", "scoring_system": "epss", "scoring_elements": "0.58539", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28544" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28544", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28544" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24070", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24070" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074780", "reference_id": "2074780", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074780" }, { "reference_url": "https://security.archlinux.org/AVG-2750", "reference_id": "AVG-2750", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2750" }, { "reference_url": "https://usn.ubuntu.com/5372-1/", "reference_id": "USN-5372-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5372-1/" }, { "reference_url": "https://usn.ubuntu.com/5450-1/", "reference_id": "USN-5450-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5450-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129901?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-28544" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hnea-rtet-8kgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101600?format=api", "vulnerability_id": "VCID-j4c2-dbw4-7bhk", "summary": "svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-2013-7393.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4262.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4262.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4262", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49666", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00261", "scoring_system": "epss", "scoring_elements": "0.49729", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4262" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4262", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4262" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000194", "reference_id": "1000194", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000194" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129880?format=api", "purl": "pkg:deb/debian/subversion@1.8.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.8.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4262" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j4c2-dbw4-7bhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101589?format=api", "vulnerability_id": "VCID-jx2d-xe8c-puex", "summary": "The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1847.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1847.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1847", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.20821", "scoring_system": "epss", "scoring_elements": "0.95721", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.20821", "scoring_system": "epss", "scoring_elements": "0.95727", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1847" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1847", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1847" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704940", "reference_id": "704940", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704940" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=929090", "reference_id": "929090", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=929090" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/38421.txt", "reference_id": "CVE-2013-1847;OSVDB-92094", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/38421.txt" }, { "reference_url": "https://www.securityfocus.com/bid/58897/info", "reference_id": "CVE-2013-1847;OSVDB-92094", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/58897/info" }, { "reference_url": "https://security.gentoo.org/glsa/201309-11", "reference_id": "GLSA-201309-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0737", "reference_id": "RHSA-2013:0737", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0737" }, { "reference_url": "https://usn.ubuntu.com/1893-1/", "reference_id": "USN-1893-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1893-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129873?format=api", "purl": "pkg:deb/debian/subversion@1.7.9-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.7.9-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-1847" ], "risk_score": 0.4, "exploitability": "2.0", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jx2d-xe8c-puex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101616?format=api", "vulnerability_id": "VCID-k4r3-qnjx-93fu", "summary": "The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0202.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0202.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0202", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02082", "scoring_system": "epss", "scoring_elements": "0.84307", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02082", "scoring_system": "epss", "scoring_elements": "0.8433", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0202" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205134", "reference_id": "1205134", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205134" }, { "reference_url": "https://security.gentoo.org/glsa/201610-05", "reference_id": "GLSA-201610-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201610-05" }, { "reference_url": "https://usn.ubuntu.com/2721-1/", "reference_id": "USN-2721-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2721-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129890?format=api", "purl": "pkg:deb/debian/subversion@1.8.10-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.8.10-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-0202" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k4r3-qnjx-93fu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101604?format=api", "vulnerability_id": "VCID-kag2-zjgb-vfa1", "summary": "The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service (assertion failure and Apache process abort) via a non-canonical URL in a request, as demonstrated using a trailing /.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4558.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4558.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4558", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01783", "scoring_system": "epss", "scoring_elements": "0.83068", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01783", "scoring_system": "epss", "scoring_elements": "0.83095", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4558" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4558", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4558" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033431", "reference_id": "1033431", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033431" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129883?format=api", "purl": "pkg:deb/debian/subversion@1.7.14-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.7.14-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4558" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kag2-zjgb-vfa1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101585?format=api", "vulnerability_id": "VCID-mdj4-znus-3uex", "summary": "The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1783.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1783.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1783", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11093", "scoring_system": "epss", "scoring_elements": "0.936", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.11093", "scoring_system": "epss", "scoring_elements": "0.9361", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1783" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1783", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1783" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=709112", "reference_id": "709112", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709112" }, { "reference_url": "https://security.gentoo.org/glsa/201309-11", "reference_id": "GLSA-201309-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0862", "reference_id": "RHSA-2011:0862", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0862" }, { "reference_url": "https://usn.ubuntu.com/1144-1/", "reference_id": "USN-1144-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1144-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129871?format=api", "purl": "pkg:deb/debian/subversion@1.6.17dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.6.17dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-1783" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mdj4-znus-3uex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86758?format=api", "vulnerability_id": "VCID-q3rh-6s43-sqa9", "summary": "Subversion: Apache Subversion: mod_dav_svn denial-of-service via control characters in paths", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-46901.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-46901.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-46901", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05806", "scoring_system": "epss", "scoring_elements": "0.90691", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-46901" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46901", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46901" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331127", "reference_id": "2331127", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331127" }, { "reference_url": "https://subversion.apache.org/security/CVE-2024-46901-advisory.txt", "reference_id": "CVE-2024-46901-advisory.txt", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T15:23:08Z/" } ], "url": "https://subversion.apache.org/security/CVE-2024-46901-advisory.txt" }, { "reference_url": "https://usn.ubuntu.com/7818-1/", "reference_id": "USN-7818-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7818-1/" }, { "reference_url": "https://usn.ubuntu.com/7818-2/", "reference_id": "USN-7818-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7818-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129902?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129903?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-46901" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q3rh-6s43-sqa9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101618?format=api", "vulnerability_id": "VCID-qdbd-71zg-2bdy", "summary": "The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0251.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0251.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0251", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01065", "scoring_system": "epss", "scoring_elements": "0.78027", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01065", "scoring_system": "epss", "scoring_elements": "0.78055", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-0251" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0248" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0251", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0251" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205140", "reference_id": "1205140", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205140" }, { "reference_url": "https://security.gentoo.org/glsa/201610-05", "reference_id": "GLSA-201610-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201610-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1633", "reference_id": "RHSA-2015:1633", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1633" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1742", "reference_id": "RHSA-2015:1742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1742" }, { "reference_url": "https://usn.ubuntu.com/2721-1/", "reference_id": "USN-2721-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2721-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129890?format=api", "purl": "pkg:deb/debian/subversion@1.8.10-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.8.10-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-0251" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qdbd-71zg-2bdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101611?format=api", "vulnerability_id": "VCID-qsfe-f1es-1bef", "summary": "The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3522.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3522.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3522", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02619", "scoring_system": "epss", "scoring_elements": "0.85942", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02619", "scoring_system": "epss", "scoring_elements": "0.85964", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3522" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3522", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3522" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127063", "reference_id": "1127063", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127063" }, { "reference_url": "https://security.gentoo.org/glsa/201610-05", "reference_id": "GLSA-201610-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201610-05" }, { "reference_url": "https://usn.ubuntu.com/2316-1/", "reference_id": "USN-2316-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2316-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129887?format=api", "purl": "pkg:deb/debian/subversion@1.8.10-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.8.10-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-3522" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qsfe-f1es-1bef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101575?format=api", "vulnerability_id": "VCID-r6vr-9t4c-pbfn", "summary": "The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2004-1438", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00246", "scoring_system": "epss", "scoring_elements": "0.48054", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00246", "scoring_system": "epss", "scoring_elements": "0.48117", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2004-1438" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1438", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1438" }, { "reference_url": "https://security.gentoo.org/glsa/200407-20", "reference_id": "GLSA-200407-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200407-20" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129862?format=api", "purl": "pkg:deb/debian/subversion@1.0.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.0.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2004-1438" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r6vr-9t4c-pbfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6050?format=api", "vulnerability_id": "VCID-sb8r-tzh1-zbgp", "summary": "denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11782.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11782.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11782", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01167", "scoring_system": "epss", "scoring_elements": "0.78986", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01167", "scoring_system": "epss", "scoring_elements": "0.79012", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-11782" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11782", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11782" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0203" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1733088", "reference_id": "1733088", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1733088" }, { "reference_url": "https://security.archlinux.org/ASA-201908-10", "reference_id": "ASA-201908-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-10" }, { "reference_url": "https://security.archlinux.org/AVG-1016", "reference_id": "AVG-1016", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1016" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3972", "reference_id": "RHSA-2020:3972", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3972" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4712", "reference_id": "RHSA-2020:4712", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4712" }, { "reference_url": "https://usn.ubuntu.com/4082-1/", "reference_id": "USN-4082-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4082-1/" }, { "reference_url": "https://usn.ubuntu.com/4082-2/", "reference_id": "USN-4082-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4082-2/" }, { "reference_url": "https://usn.ubuntu.com/5445-1/", "reference_id": "USN-5445-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5445-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129898?format=api", "purl": "pkg:deb/debian/subversion@1.10.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.10.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-11782" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sb8r-tzh1-zbgp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101602?format=api", "vulnerability_id": "VCID-uawf-gsk4-p3ba", "summary": "Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4277.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4277.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43168", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43241", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4277" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4277" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000202", "reference_id": "1000202", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000202" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721542", "reference_id": "721542", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721542" }, { "reference_url": "https://security.gentoo.org/glsa/201309-11", "reference_id": "GLSA-201309-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129878?format=api", "purl": "pkg:deb/debian/subversion@1.7.13-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.7.13-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4277" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uawf-gsk4-p3ba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101619?format=api", "vulnerability_id": "VCID-utyp-k276-abhz", "summary": "mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3184.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3184.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3184", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17005", "scoring_system": "epss", "scoring_elements": "0.95103", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.17005", "scoring_system": "epss", "scoring_elements": "0.95112", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3184" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3184", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3184" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3187", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3187" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1247249", "reference_id": "1247249", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1247249" }, { "reference_url": "https://security.gentoo.org/glsa/201610-05", "reference_id": "GLSA-201610-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201610-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1742", "reference_id": "RHSA-2015:1742", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1742" }, { "reference_url": "https://usn.ubuntu.com/2721-1/", "reference_id": "USN-2721-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2721-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129892?format=api", "purl": "pkg:deb/debian/subversion@1.9.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.9.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-3184" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-utyp-k276-abhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101625?format=api", "vulnerability_id": "VCID-w7td-4yv4-m3fm", "summary": "Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8734.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8734.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8734", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12879", "scoring_system": "epss", "scoring_elements": "0.94181", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.12879", "scoring_system": "epss", "scoring_elements": "0.9419", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8734" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8734", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8734" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397403", "reference_id": "1397403", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397403" }, { "reference_url": "https://usn.ubuntu.com/3388-1/", "reference_id": "USN-3388-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3388-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129896?format=api", "purl": "pkg:deb/debian/subversion@1.9.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.9.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-8734" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w7td-4yv4-m3fm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101622?format=api", "vulnerability_id": "VCID-wv7x-qer6-b7f1", "summary": "Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5343.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5343.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5343", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.2393", "scoring_system": "epss", "scoring_elements": "0.96128", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.2393", "scoring_system": "epss", "scoring_elements": "0.96134", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5343" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5343", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5343" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1289959", "reference_id": "1289959", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1289959" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129894?format=api", "purl": "pkg:deb/debian/subversion@1.9.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.9.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-5343" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wv7x-qer6-b7f1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101624?format=api", "vulnerability_id": "VCID-x6q8-pssz-ekcw", "summary": "The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2168.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2168.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2168", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07364", "scoring_system": "epss", "scoring_elements": "0.91851", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07364", "scoring_system": "epss", "scoring_elements": "0.91864", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2168" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2168", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2168" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:N/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1331683", "reference_id": "1331683", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1331683" }, { "reference_url": "https://security.gentoo.org/glsa/201610-05", "reference_id": "GLSA-201610-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201610-05" }, { "reference_url": "https://usn.ubuntu.com/3388-2/", "reference_id": "USN-3388-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3388-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129895?format=api", "purl": "pkg:deb/debian/subversion@1.9.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.9.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-2168" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x6q8-pssz-ekcw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4404?format=api", "vulnerability_id": "VCID-xf8u-an5v-u7e6", "summary": "arbitrary command execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9800.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9800.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9800", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.67275", "scoring_system": "epss", "scoring_elements": "0.9858", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.67275", "scoring_system": "epss", "scoring_elements": "0.98582", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9800" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P" }, { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1479686", "reference_id": "1479686", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1479686" }, { "reference_url": "https://security.archlinux.org/ASA-201708-14", "reference_id": "ASA-201708-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-14" }, { "reference_url": "https://security.archlinux.org/AVG-379", "reference_id": "AVG-379", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-379" }, { "reference_url": "https://security.gentoo.org/glsa/201709-09", "reference_id": "GLSA-201709-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201709-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2480", "reference_id": "RHSA-2017:2480", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2480" }, { "reference_url": "https://usn.ubuntu.com/3388-1/", "reference_id": "USN-3388-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3388-1/" }, { "reference_url": "https://usn.ubuntu.com/3388-2/", "reference_id": "USN-3388-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3388-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129897?format=api", "purl": "pkg:deb/debian/subversion@1.9.7-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.9.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-9800" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xf8u-an5v-u7e6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101615?format=api", "vulnerability_id": "VCID-xg85-a65u-kqet", "summary": "The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8108.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8108.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8108", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04996", "scoring_system": "epss", "scoring_elements": "0.89881", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04996", "scoring_system": "epss", "scoring_elements": "0.89897", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8108" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8108", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8108" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174057", "reference_id": "1174057", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174057" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773315", "reference_id": "773315", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773315" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0166", "reference_id": "RHSA-2015:0166", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0166" }, { "reference_url": "https://usn.ubuntu.com/2721-1/", "reference_id": "USN-2721-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2721-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129888?format=api", "purl": "pkg:deb/debian/subversion@1.8.10-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.8.10-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-8108" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xg85-a65u-kqet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101576?format=api", "vulnerability_id": "VCID-ygsw-63nz-pfbm", "summary": "Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-1564", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22469", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22554", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-1564" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1564", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1564" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359234", "reference_id": "359234", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359234" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129863?format=api", "purl": "pkg:deb/debian/subversion@1.3.0-5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.3.0-5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2006-1564" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ygsw-63nz-pfbm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/101586?format=api", "vulnerability_id": "VCID-zqz3-19qj-suh8", "summary": "The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1921.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1921.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1921", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04037", "scoring_system": "epss", "scoring_elements": "0.88704", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04037", "scoring_system": "epss", "scoring_elements": "0.88721", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1921" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1921", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1921" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=709114", "reference_id": "709114", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709114" }, { "reference_url": "https://security.gentoo.org/glsa/201309-11", "reference_id": "GLSA-201309-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0862", "reference_id": "RHSA-2011:0862", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0862" }, { "reference_url": "https://usn.ubuntu.com/1144-1/", "reference_id": "USN-1144-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1144-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/129871?format=api", "purl": "pkg:deb/debian/subversion@1.6.17dfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.6.17dfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129857?format=api", "purl": "pkg:deb/debian/subversion@1.14.1-3%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.1-3%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129855?format=api", "purl": "pkg:deb/debian/subversion@1.14.2-4%2Bdeb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129859?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/129858?format=api", "purl": "pkg:deb/debian/subversion@1.14.5-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.5-6%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-1921" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zqz3-19qj-suh8" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/subversion@1.14.2-4%252Bdeb12u1%3Fdistro=trixie" }