CVE-2015-7056
https://notcve.org/view.php?id=CVE-2015-7056
IDE SCM in Apple Xcode before 7.2 does not recognize .gitignore files, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging the presence of a file matching an ignore pattern. IDE SCM en Apple Xcode en versiones anteriores a 7.2 no reconoce los archivos .gitignore, lo que permite a atacantes remotos obtener información sensible en circunstancias oportunistas aprovechando la presencia de un archivo que coincide con un patrón a ignorar. • http://lists.apple.com/archives/security-announce/2015/Dec/msg00004.html http://www.securitytracker.com/id/1034340 https://support.apple.com/HT205642 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-7030
https://notcve.org/view.php?id=CVE-2015-7030
The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack vectors. La implementación de Swift en Apple Xcode en versiones anteriores a 7.1 no maneja correctamente la conversión de tipo, lo que tiene un impacto y vectores no especificados. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00008.html http://www.securitytracker.com/id/1033930 https://support.apple.com/HT205379 • CWE-17: DEPRECATED: Code •
CVE-2015-5909
https://notcve.org/view.php?id=CVE-2015-5909
IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attackers to obtain potentially sensitive build information in opportunistic circumstances by leveraging incorrect notification delivery. Vulnerabilidad en IDE Xcode Server en Apple Xcode en versiones anteriores a 7.0, no restringe adecuadamente el acceso al repositorio de las listas de correo electrónico, lo que permite a atacantes remotos obtener información potencialmente sensible de revisión en circunstancias oportunistas aprovechando la entrega de notificaciones incorrectas. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html http://www.securitytracker.com/id/1033596 https://support.apple.com/HT205217 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-5910
https://notcve.org/view.php?id=CVE-2015-5910
IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server traffic is encrypted, which allows remote attackers to obtain sensitive information by sniffing the network. Vulnerabilidad en IDE Xcode Server en Apple Xcode en versiones anteriores a 7.0, no asegura que el tráfico del servidor esté cifrado, lo que permite a atacantes remotos obtener información sensible husmeando la red. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html http://www.securitytracker.com/id/1033596 https://support.apple.com/HT205217 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-3187 – subversion: svn_repos_trace_node_locations() reveals paths hidden by authz
https://notcve.org/view.php?id=CVE-2015-3187
The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. Vulnerabilidad en la función svn_repos_trace_node_locations en Apache Subversion en versiones anteriores a 1.7.21 y 1.8.x en versiones anteriores a 1.8.14, cuando se utiliza autorización basada en ruta, permite a usuarios remotos autenticados obtener información de ruta sensible leyendo el historial de un nodo que ha sido movido desde una ruta oculta. It was found that when an SVN server (both svnserve and httpd with the mod_dav_svn module) searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable (for example, if it had been moved). • http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html http://rhn.redhat.com/errata/RHSA-2015-1633.html http://rhn.redhat.com/errata/RHSA-2015-1742.html http://subversion.apache.org/security/CVE-2015-3187-advisory.txt http://www.debian.org/security/2015/dsa-3331 http://www.securityfocus.com/bid/76273 http://www.securitytracker.com/id/1033215 http://www.ubuntu.com/usn/USN-2721-1 https:/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •