CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7049 – Apple Security Advisory 2015-12-08-6
https://notcve.org/view.php?id=CVE-2015-7049
10 Dec 2015 — otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7057. otools en Apple Xcode en versiones anteriores a 7.2 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (corrupción de memoria) a través de una archivo mach-o manipulado, una vulnerabilidad diferente a CVE-2015-7057. Xcode 7.2 is now available and addresses four vulnerabilities. • http://lists.apple.com/archives/security-announce/2015/Dec/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7056 – Apple Security Advisory 2015-12-08-6
https://notcve.org/view.php?id=CVE-2015-7056
10 Dec 2015 — IDE SCM in Apple Xcode before 7.2 does not recognize .gitignore files, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging the presence of a file matching an ignore pattern. IDE SCM en Apple Xcode en versiones anteriores a 7.2 no reconoce los archivos .gitignore, lo que permite a atacantes remotos obtener información sensible en circunstancias oportunistas aprovechando la presencia de un archivo que coincide con un patrón a ignorar. Xcode 7.2 is now ava... • http://lists.apple.com/archives/security-announce/2015/Dec/msg00004.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7057 – Apple Security Advisory 2015-12-08-6
https://notcve.org/view.php?id=CVE-2015-7057
10 Dec 2015 — otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7049. otools en Apple Xcode en versiones anteriores a 7.2 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (corrupción de memoria) a través de una archivo mach-o manipulado, una vulnerabilidad diferente a CVE-2015-7049. Xcode 7.2 is now available and addresses four vulnerabilities. • http://lists.apple.com/archives/security-announce/2015/Dec/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7082 – Apple Security Advisory 2015-12-08-6
https://notcve.org/view.php?id=CVE-2015-7082
10 Dec 2015 — Multiple unspecified vulnerabilities in Git before 2.5.4, as used in Apple Xcode before 7.2, have unknown impact and attack vectors. NOTE: this CVE is associated only with Xcode use cases. Múltiples vulnerabilidades no especificadas en Git en versiones anteriores a 2.5.4, como se utiliza en Apple Xcode en versiones anteriores a 7.2, tienen impacto y vectores de ataque desconocidos. NOTA: ésta CVE esta asociada solo con casos de uso Xcode. Xcode 7.2 is now available and addresses four vulnerabilities. • http://lists.apple.com/archives/security-announce/2015/Dec/msg00004.html •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7030 – Apple Security Advisory 2015-10-21-7
https://notcve.org/view.php?id=CVE-2015-7030
21 Oct 2015 — The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack vectors. La implementación de Swift en Apple Xcode en versiones anteriores a 7.1 no maneja correctamente la conversión de tipo, lo que tiene un impacto y vectores no especificados. Xcode 7.1 is now available and addresses a type conversion issue. • http://lists.apple.com/archives/security-announce/2015/Oct/msg00008.html • CWE-17: DEPRECATED: Code •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5909 – Apple Security Advisory 2015-09-16-2
https://notcve.org/view.php?id=CVE-2015-5909
18 Sep 2015 — IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attackers to obtain potentially sensitive build information in opportunistic circumstances by leveraging incorrect notification delivery. Vulnerabilidad en IDE Xcode Server en Apple Xcode en versiones anteriores a 7.0, no restringe adecuadamente el acceso al repositorio de las listas de correo electrónico, lo que permite a atacantes remotos obtener información potencialmente sensible ... • http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5910 – Apple Security Advisory 2015-09-16-2
https://notcve.org/view.php?id=CVE-2015-5910
18 Sep 2015 — IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server traffic is encrypted, which allows remote attackers to obtain sensitive information by sniffing the network. Vulnerabilidad en IDE Xcode Server en Apple Xcode en versiones anteriores a 7.0, no asegura que el tráfico del servidor esté cifrado, lo que permite a atacantes remotos obtener información sensible husmeando la red. Xcode 7.0 is now available and addresses traffic inspection, access bypass, and various other vulnerabilities. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 25%CPEs: 46EXPL: 0CVE-2015-3184 – subversion: Mixed anonymous/authenticated path-based authz with httpd 2.4
https://notcve.org/view.php?id=CVE-2015-3184
12 Aug 2015 — mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. Vulnerabilidad en mod_authz_svn en Apache Subversion 1.7.x en versiones anteriores a 1.7.21 y 1.8.x en versiones anteriores a 1.8.14, al utilizar Apache httpd 2.4.x, no restringe correctamente el acceso anónimo, lo que permite a usuarios anónimos remotos leer archivos ocultos a t... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-285: Improper Authorization •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2015-3187 – subversion: svn_repos_trace_node_locations() reveals paths hidden by authz
https://notcve.org/view.php?id=CVE-2015-3187
12 Aug 2015 — The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. Vulnerabilidad en la función svn_repos_trace_node_locations en Apache Subversion en versiones anteriores a 1.7.21 y 1.8.x en versiones anteriores a 1.8.14, cuando se utiliza autorización basada en ruta, permite a usuarios rem... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 24%CPEs: 18EXPL: 0CVE-2015-3185 – httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4
https://notcve.org/view.php?id=CVE-2015-3185
20 Jul 2015 — The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior. Vulnerabilidad en la función ap_some_auth_required en ap_some_auth_required del Servidor HTTP Apache en s... • http://httpd.apache.org/security/vulnerabilities_24.html • CWE-264: Permissions, Privileges, and Access Controls CWE-287: Improper Authentication •