Page 12 of 66 results (0.010 seconds)

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7049. otools en Apple Xcode en versiones anteriores a 7.2 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (corrupción de memoria) a través de una archivo mach-o manipulado, una vulnerabilidad diferente a CVE-2015-7049. • http://lists.apple.com/archives/security-announce/2015/Dec/msg00004.html http://www.securitytracker.com/id/1034340 https://support.apple.com/HT205642 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack vectors. La implementación de Swift en Apple Xcode en versiones anteriores a 7.1 no maneja correctamente la conversión de tipo, lo que tiene un impacto y vectores no especificados. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00008.html http://www.securitytracker.com/id/1033930 https://support.apple.com/HT205379 • CWE-17: DEPRECATED: Code •

CVSS: 4.0EPSS: 0%CPEs: 14EXPL: 0

The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. Vulnerabilidad en la función svn_repos_trace_node_locations en Apache Subversion en versiones anteriores a 1.7.21 y 1.8.x en versiones anteriores a 1.8.14, cuando se utiliza autorización basada en ruta, permite a usuarios remotos autenticados obtener información de ruta sensible leyendo el historial de un nodo que ha sido movido desde una ruta oculta. It was found that when an SVN server (both svnserve and httpd with the mod_dav_svn module) searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable (for example, if it had been moved). • http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html http://rhn.redhat.com/errata/RHSA-2015-1633.html http://rhn.redhat.com/errata/RHSA-2015-1742.html http://subversion.apache.org/security/CVE-2015-3187-advisory.txt http://www.debian.org/security/2015/dsa-3331 http://www.securityfocus.com/bid/76273 http://www.securitytracker.com/id/1033215 http://www.ubuntu.com/usn/USN-2721-1 https:/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 46EXPL: 0

mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. Vulnerabilidad en mod_authz_svn en Apache Subversion 1.7.x en versiones anteriores a 1.7.21 y 1.8.x en versiones anteriores a 1.8.14, al utilizar Apache httpd 2.4.x, no restringe correctamente el acceso anónimo, lo que permite a usuarios anónimos remotos leer archivos ocultos a través del nombre de la ruta. It was found that the mod_authz_svn module did not properly restrict anonymous access to Subversion repositories under certain configurations when used with Apache httpd 2.4.x. This could allow a user to anonymously access files in a Subversion repository, which should only be accessible to authenticated users. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00022.html http://rhn.redhat.com/errata/RHSA-2015-1742.html http://subversion.apache.org/security/CVE-2015-3184-advisory.txt http://www.debian.org/security/2015/dsa-3331 http://www.securityfocus.com/bid/76274 http://www.securitytracker.com/id/1033215 http://www.ubuntu.com/usn/USN-2721-1 https://security.gentoo.org/glsa/201610-05 https://support • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-285: Improper Authorization •

CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0

The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior. Vulnerabilidad en la función ap_some_auth_required en ap_some_auth_required del Servidor HTTP Apache en su versión 2.4.x anteriores a la 2.4.14 no considera que una directiva Require puede estar asociada con el establecimiento de una autorización en lugar de un ajuste de autenticación lo cual permite a atacantes remotos evadir las restricciones destinadas al acceso en circunstancias oportunas mediante el aprovechamiento de la presencia de un módulo que se basa en el comportamiento en la API 2.2. It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied. • http://httpd.apache.org/security/vulnerabilities_24.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html http://rhn.redhat.com/errata/RHSA-2015-1666.html http://rhn.redhat.com/errata/RHSA-2015-1667.html http://rhn.redhat.com/errata/RHSA-2016-2957.htm • CWE-264: Permissions, Privileges, and Access Controls CWE-287: Improper Authentication •