IDE SCM in Apple Xcode before 7.2 does not recognize .gitignore files, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging the presence of a file matching an ignore pattern.
Max CVSS
5.0
EPSS Score
0.31%
Published
2015-12-11
Updated
2016-12-07
IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server traffic is encrypted, which allows remote attackers to obtain sensitive information by sniffing the network.
Max CVSS
3.3
EPSS Score
0.25%
Published
2015-09-18
Updated
2016-12-22
IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attackers to obtain potentially sensitive build information in opportunistic circumstances by leveraging incorrect notification delivery.
Max CVSS
5.0
EPSS Score
0.31%
Published
2015-09-18
Updated
2016-12-22
The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.
Max CVSS
4.0
EPSS Score
0.12%
Published
2015-08-12
Updated
2017-07-01
mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name.
Max CVSS
5.0
EPSS Score
0.38%
Published
2015-08-12
Updated
2017-07-01
5 vulnerabilities found