Entry for CVE-2010-4539 says:
The walk function in repos.c in the mod_dav_svn module
for the Apache HTTP Server, as distributed in Apache
Subversion before 1.6.15, allows remote authenticated
users to cause a denial of service (NULL pointer
dereference and daemon crash) via vectors that trigger
the walking of SVNParentPath collections.
Entry for CVE-2010-4644 says:
Multiple memory leaks in rev_hunt.c in Apache Subversion
before 1.6.15 allow remote authenticated users to cause
a denial of service (memory consumption and daemon crash)
via the -g option to the blame command.