CVSS: 5.0EPSS: 0%CPEs: 27EXPL: 0CVE-2012-3698
https://notcve.org/view.php?id=CVE-2012-3698
Apple Xcode before 4.4 does not properly compose a designated requirement (DR) during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a crafted app, as demonstrated by the keychain entries of a (1) helper tool or (2) command-line tool. Apple Xcode antes de v4.4 no compone adecuadamente una solicitud designada (DR) durante la firma de programas que no cuenta con identificadores de paquetes, lo que permite a atacantes remotos leer las entradas de la keychain a través de una aplicación hecha para tal fin, tal y como se demuestra con las entradas de keychain de (1) una herramienta de ayuda o (2) de la línea de comandos. • http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 11EXPL: 0CVE-2008-2318
https://notcve.org/view.php?id=CVE-2008-2318
The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs. La implementación WOHyperlink de WebObjects de Apple Xcode tools anterior a 3.1 , añade los IDs de sesiones locales a URLs no generadas en local, esto permite a atacantes remotos obtener información potencialmente sensible leyendo las solicitudes de estas URLs. • http://lists.apple.com/archives/security-announce//2008/Jul/msg00002.html http://secunia.com/advisories/31060 http://support.apple.com/kb/HT2352 http://www.securityfocus.com/bid/30191 http://www.securitytracker.com/id?1020473 http://www.vupen.com/english/advisories/2008/2093/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43735 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •