CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2015-3187 – subversion: svn_repos_trace_node_locations() reveals paths hidden by authz
https://notcve.org/view.php?id=CVE-2015-3187
12 Aug 2015 — The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. Vulnerabilidad en la función svn_repos_trace_node_locations en Apache Subversion en versiones anteriores a 1.7.21 y 1.8.x en versiones anteriores a 1.8.14, cuando se utiliza autorización basada en ruta, permite a usuarios rem... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 24%CPEs: 18EXPL: 0CVE-2015-3185 – httpd: ap_some_auth_required() does not properly indicate authenticated request in 2.4
https://notcve.org/view.php?id=CVE-2015-3185
20 Jul 2015 — The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior. Vulnerabilidad en la función ap_some_auth_required en ap_some_auth_required del Servidor HTTP Apache en s... • http://httpd.apache.org/security/vulnerabilities_24.html • CWE-264: Permissions, Privileges, and Access Controls CWE-287: Improper Authentication •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3027
https://notcve.org/view.php?id=CVE-2015-3027
10 Apr 2015 — Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers to bypass a stack-guard protection mechanism via crafted input to an affected C program. Clang en LLVM, utilizado en Apple Xcode anterior a 6.3, realiza reservas del registro incorrectas de una forma que provoca almacenaje de pila para punteros de las cookies de la pila, lo que podría permitir a atacantes depend... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1149 – Apple Security Advisory 2015-04-08-5
https://notcve.org/view.php?id=CVE-2015-1149
09 Apr 2015 — Integer overflow in the simulator in Swift in Apple Xcode before 6.3 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact by triggering an incorrect result of a type conversion. Desbordamiento de enteros en el simulador en Swift en Apple Xcode anterior a 6.3 permite a atacantes dependientes de contexto causar una denegación de servicioo posiblemente tener otro impacto no especificado mediante la provocación de un resulto incorrecto de una conversión de ti... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00004.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 58%CPEs: 17EXPL: 1CVE-2014-9390 – Ubuntu Security Notice USN-2470-1
https://notcve.org/view.php?id=CVE-2014-9390
20 Dec 2014 — Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config ... • https://packetstorm.news/files/id/129784 • CWE-20: Improper Input Validation •
CVSS: 6.2EPSS: 0%CPEs: 27EXPL: 0CVE-2012-3698
https://notcve.org/view.php?id=CVE-2012-3698
26 Jul 2012 — Apple Xcode before 4.4 does not properly compose a designated requirement (DR) during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a crafted app, as demonstrated by the keychain entries of a (1) helper tool or (2) command-line tool. Apple Xcode antes de v4.4 no compone adecuadamente una solicitud designada (DR) durante la firma de programas que no cuenta con identificadores de paquetes, lo que permite a atacantes remotos leer las entradas de la... • http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 11EXPL: 0CVE-2008-2318
https://notcve.org/view.php?id=CVE-2008-2318
14 Jul 2008 — The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs. La implementación WOHyperlink de WebObjects de Apple Xcode tools anterior a 3.1 , añade los IDs de sesiones locales a URLs no generadas en local, esto permite a atacantes remotos obtener información potencialmente sensible leyendo las solicitudes de estas URLs. • http://lists.apple.com/archives/security-announce//2008/Jul/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •