CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2015-3187 – subversion: svn_repos_trace_node_locations() reveals paths hidden by authz
https://notcve.org/view.php?id=CVE-2015-3187
12 Aug 2015 — The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. Vulnerabilidad en la función svn_repos_trace_node_locations en Apache Subversion en versiones anteriores a 1.7.21 y 1.8.x en versiones anteriores a 1.8.14, cuando se utiliza autorización basada en ruta, permite a usuarios rem... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3027
https://notcve.org/view.php?id=CVE-2015-3027
10 Apr 2015 — Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers to bypass a stack-guard protection mechanism via crafted input to an affected C program. Clang en LLVM, utilizado en Apple Xcode anterior a 6.3, realiza reservas del registro incorrectas de una forma que provoca almacenaje de pila para punteros de las cookies de la pila, lo que podría permitir a atacantes depend... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1149 – Apple Security Advisory 2015-04-08-5
https://notcve.org/view.php?id=CVE-2015-1149
09 Apr 2015 — Integer overflow in the simulator in Swift in Apple Xcode before 6.3 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact by triggering an incorrect result of a type conversion. Desbordamiento de enteros en el simulador en Swift en Apple Xcode anterior a 6.3 permite a atacantes dependientes de contexto causar una denegación de servicioo posiblemente tener otro impacto no especificado mediante la provocación de un resulto incorrecto de una conversión de ti... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00004.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 58%CPEs: 17EXPL: 1CVE-2014-9390 – Ubuntu Security Notice USN-2470-1
https://notcve.org/view.php?id=CVE-2014-9390
20 Dec 2014 — Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config ... • https://packetstorm.news/files/id/129784 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 14%CPEs: 103EXPL: 0CVE-2014-3580 – subversion: NULL pointer dereference flaw in mod_dav_svn when handling REPORT requests
https://notcve.org/view.php?id=CVE-2014-3580
18 Dec 2014 — The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist. El módulo mod_dav_svn Apache HTTPD del servidor Apache Subversion 1.x anterior a 1.7.19 y 1.8.x anterior a 1.8.11 permite a atacantes remotos llevar a cabo una denegación de servicio (referencia a puntero nulo y caída de servidor) mediante una petición... • http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 5%CPEs: 96EXPL: 0CVE-2014-8108 – subversion: NULL pointer dereference flaw in mod_dav_svn when handling URIs for virtual transaction names
https://notcve.org/view.php?id=CVE-2014-8108
18 Dec 2014 — The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist. El módulo mod_dav del servidor Apache HTTPD en Apache Subversion 1.7.x anterior a 1.7.19 y 1.8.x anterior a 1.8.11 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero nulo y caída) ... • http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 1%CPEs: 72EXPL: 0CVE-2014-3522 – Ubuntu Security Notice USN-2316-1
https://notcve.org/view.php?id=CVE-2014-3522
14 Aug 2014 — The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. La capa Serf RA en Apache Subversion 1.4.0 hasta 1.7.x anterior a 1.7.18 y 1.8.x anterior a 1.8.10 no maneja debidamente los comodines (wildcards) en el campo Common Name (CN) o subjectAltName de un certificado X.509, lo ... • http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html • CWE-297: Improper Validation of Certificate with Host Mismatch •
CVSS: 7.4EPSS: 3%CPEs: 103EXPL: 0CVE-2014-3528 – subversion: credentials leak via MD5 collision
https://notcve.org/view.php?id=CVE-2014-3528
14 Aug 2014 — Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm. Apache Subversion 1.0.0 hasta 1.7.x anterior a 1.7.17 y 1.8.x anterior a 1.8.10 utiliza un hash MD5 de la URL y el reino (realm) de la autenticación para almacenar las credenciales de caché, lo que facilita a servidores remotos obtener credenciales a ... • http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-255: Credentials Management Errors •
CVSS: 6.2EPSS: 0%CPEs: 27EXPL: 0CVE-2012-3698
https://notcve.org/view.php?id=CVE-2012-3698
26 Jul 2012 — Apple Xcode before 4.4 does not properly compose a designated requirement (DR) during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a crafted app, as demonstrated by the keychain entries of a (1) helper tool or (2) command-line tool. Apple Xcode antes de v4.4 no compone adecuadamente una solicitud designada (DR) durante la firma de programas que no cuenta con identificadores de paquetes, lo que permite a atacantes remotos leer las entradas de la... • http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 11EXPL: 0CVE-2008-2318
https://notcve.org/view.php?id=CVE-2008-2318
14 Jul 2008 — The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs. La implementación WOHyperlink de WebObjects de Apple Xcode tools anterior a 3.1 , añade los IDs de sesiones locales a URLs no generadas en local, esto permite a atacantes remotos obtener información potencialmente sensible leyendo las solicitudes de estas URLs. • http://lists.apple.com/archives/security-announce//2008/Jul/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •