Lucene search
+L

13 matches found

CVE
CVE
added 2015/07/20 11:0 p.m.1593 views

CVE-2015-3185

CVE-2015-3185 affects Apache HTTP Server (httpd) 2.4.x up to before 2.4.14. The ap_some_auth_required() function in server/request.c could incorrectly treat a request as authenticated, allowing modules using this API to bypass intended access controls. The issue’s fix/backport is described as imp...

4.3CVSS6.6AI score0.18795EPSS
CVE
CVE
added 2015/08/12 2:0 p.m.229 views

CVE-2015-3184

CVE-2015-3184 affects Subversion’s mod_authz_svn when used with Apache httpd 2.4.x. The issue is an improper restriction of anonymous access in Subversion 1.7.x (before 1.7.21) and 1.8.x (before 1.8.14), which allows remote anonymous users to read hidden files via the path name. Affected product:...

5CVSS7.6AI score0.10607EPSS
CVE
CVE
added 2015/04/08 6:0 p.m.140 views

CVE-2015-0248

CVE-2015-0248 affects Subversion (mod_dav_svn and svnserve) versions 1.6.0–1.7.19 and 1.8.0–1.8.11. The issue is an assertion failure DoS triggered by crafted requests with dynamically evaluated revision numbers, potentially crashing the server. Multiple connected advisories confirm this vulnerab...

5CVSS7.9AI score0.12841EPSS
CVE
CVE
added 2015/04/08 6:0 p.m.133 views

CVE-2015-0251

CVE-2015-0251 affects Subversion’s mod_dav_svn server. The vulnerability arises from improper handling of the svn:author property in crafted v1 HTTP protocol request sequences, allowing remote authenticated users to spoof author information. Affected products/versions include Subversion 1.5.0–1.7...

4CVSS7.7AI score0.07558EPSS
CVE
CVE
added 2015/08/12 2:0 p.m.116 views

CVE-2015-3187

CVE-2015-3187 affects Apache Subversion: the svn_repos_trace_node_locations function in Subversion before 1.7.21 and in 1.8.x before 1.8.14 can disclose sensitive path information. When path-based authorization is used, remote authenticated users could read the history of a node that has been mov...

4CVSS7.3AI score0.06464EPSS
CVE
CVE
added 2015/12/11 11:0 a.m.74 views

CVE-2015-7049

CVE-2015-7049 affects Apple Xcode before 7.2, via the otools component’s handling of Mach-O files. The underlying issue allows local users to gain privileges or cause a denial of service (memory corruption). This is a separate vulnerability from CVE-2015-7057, which also targets otools Mach-O pro...

4.6CVSS6.2AI score0.00303EPSS
CVE
CVE
added 2015/09/18 10:0 a.m.69 views

CVE-2015-5909

CVE-2015-5909 affects the IDE Xcode Server component of Apple Xcode prior to 7.0. The root cause is insufficient access restriction on repository email lists, allowing a remote, unauthenticated attacker to obtain potentially sensitive build information via incorrect notification delivery. Impact ...

5CVSS5.6AI score0.01921EPSS
CVE
CVE
added 2015/09/18 10:0 a.m.65 views

CVE-2015-5910

Apple Xcode IDE Xcode Server prior to version 7.0 is affected by CVE-2015-5910: server traffic is transmitted in cleartext, allowing remote attackers to sniff sensitive information. Affected product: IDE Xcode Server within Apple Xcode. Root cause: unencrypted server communications. Impact: poten...

3.3CVSS5.5AI score0.00753EPSS
CVE
CVE
added 2015/04/10 2:0 p.m.64 views

CVE-2015-1149

CVE-2015-1149 affects the Swift simulator in Apple Xcode prior to 6.3. The issue is an integer overflow during type-conversion in the Swift simulator, which can cause conversions to return unexpected values and enable a denial-of-service or related unspecified impact. Affected product: Xcode and ...

7.5CVSS7.3AI score0.01619EPSS
CVE
CVE
added 2015/12/11 11:0 a.m.63 views

CVE-2015-7057

Apple Xcode before 7.2 is affected by CVE-2015-7057 due to otools handling Mach-O files, enabling local privilege escalation or denial of service via a crafted Mach-O file. The vulnerability is tied to memory corruption in otools when processing Mach-O inputs. Affected product is Xcode (Mac OS X)...

4.6CVSS6.2AI score0.00303EPSS
CVE
CVE
added 2015/10/23 10:0 a.m.61 views

CVE-2015-7030

CVE-2015-7030 affects Apple Xcode before 7.1, where the Swift implementation mishandles certain type conversions. Multiple sources describe it as an information-disclosure/logic-conversion issue that could allow an attacker to obtain sensitive information or circumvent program logic; the vendor a...

7.5CVSS6.2AI score0.01619EPSS
CVE
CVE
added 2015/04/10 2:0 p.m.55 views

CVE-2015-3027

CVE-2015-3027 concerns Clang in LLVM as used in Apple Xcode prior to 6.3, where incorrect register allocation triggers stack storage for stack-cookie pointers. This behavior can allow context-dependent attackers to bypass the stack-guard protection mechanism in an affected C program. The provided...

5CVSS6.2AI score0.01299EPSS
CVE
CVE
added 2015/12/11 11:0 a.m.47 views

CVE-2015-7056

Apple Xcode prior to 7.2 is affected by CVE-2015-7056 due to a failure of the IDE SCM to honor .gitignore directives. This allows remote attackers to disclose sensitive information by exploiting the presence of a file that matches an ignore pattern. The issue is corroborated by multiple sources i...

5CVSS5.6AI score0.01285EPSS