CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2015-3187 – subversion: svn_repos_trace_node_locations() reveals paths hidden by authz
https://notcve.org/view.php?id=CVE-2015-3187
12 Aug 2015 — The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. Vulnerabilidad en la función svn_repos_trace_node_locations en Apache Subversion en versiones anteriores a 1.7.21 y 1.8.x en versiones anteriores a 1.8.14, cuando se utiliza autorización basada en ruta, permite a usuarios rem... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00003.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3027
https://notcve.org/view.php?id=CVE-2015-3027
10 Apr 2015 — Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers to bypass a stack-guard protection mechanism via crafted input to an affected C program. Clang en LLVM, utilizado en Apple Xcode anterior a 6.3, realiza reservas del registro incorrectas de una forma que provoca almacenaje de pila para punteros de las cookies de la pila, lo que podría permitir a atacantes depend... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1149 – Apple Security Advisory 2015-04-08-5
https://notcve.org/view.php?id=CVE-2015-1149
09 Apr 2015 — Integer overflow in the simulator in Swift in Apple Xcode before 6.3 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact by triggering an incorrect result of a type conversion. Desbordamiento de enteros en el simulador en Swift en Apple Xcode anterior a 6.3 permite a atacantes dependientes de contexto causar una denegación de servicioo posiblemente tener otro impacto no especificado mediante la provocación de un resulto incorrecto de una conversión de ti... • http://lists.apple.com/archives/security-announce/2015/Apr/msg00004.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 58%CPEs: 17EXPL: 1CVE-2014-9390 – Ubuntu Security Notice USN-2470-1
https://notcve.org/view.php?id=CVE-2014-9390
20 Dec 2014 — Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config ... • https://packetstorm.news/files/id/129784 • CWE-20: Improper Input Validation •