Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2015-AVI-092
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OS X Mavericks",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple TV",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "OS X Moutain Lion",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "OS X Yosemite",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS 8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Xcode 6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-8108",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8108"
},
{
"name": "CVE-2015-1064",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1064"
},
{
"name": "CVE-2014-3580",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3580"
},
{
"name": "CVE-2015-1066",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1066"
},
{
"name": "CVE-2015-1062",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1062"
},
{
"name": "CVE-2015-1063",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1063"
},
{
"name": "CVE-2014-3522",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3522"
},
{
"name": "CVE-2014-3528",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3528"
},
{
"name": "CVE-2014-9390",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9390"
},
{
"name": "CVE-2015-1067",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1067"
},
{
"name": "CVE-2015-1065",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1065"
},
{
"name": "CVE-2014-4496",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4496"
},
{
"name": "CVE-2015-1061",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1061"
}
],
"initial_release_date": "2015-03-10T00:00:00",
"last_revision_date": "2015-03-10T00:00:00",
"links": [],
"reference": "CERTFR-2015-AVI-092",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-03-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eApple\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT204426 du 09 mars 2015",
"url": "https://support.apple.com/en-us/HT204426"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT204427 du 09 mars 2015",
"url": "https://support.apple.com/en-us/HT204427"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple 2015-002 du 09 mars 2015",
"url": "https://support.apple.com/en-us/HT204413"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT204423 du 09 mars 2015",
"url": "https://support.apple.com/en-us/HT204423"
}
]
}
CVE-2014-3528 (GCVE-0-2014-3528)
Vulnerability from cvelistv5
Published
2014-08-19 18:00
Modified
2024-08-06 10:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:16.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "59432",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59432"
},
{
"name": "USN-2316-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2316-1"
},
{
"name": "RHSA-2015:0166",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0166.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204427"
},
{
"name": "68995",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68995"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://subversion.apache.org/security/CVE-2014-3528-advisory.txt"
},
{
"name": "APPLE-SA-2015-03-09-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html"
},
{
"name": "RHSA-2015:0165",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0165.html"
},
{
"name": "60722",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60722"
},
{
"name": "openSUSE-SU-2014:1059",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html"
},
{
"name": "GLSA-201610-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201610-05"
},
{
"name": "59584",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59584"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "59432",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59432"
},
{
"name": "USN-2316-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2316-1"
},
{
"name": "RHSA-2015:0166",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0166.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204427"
},
{
"name": "68995",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68995"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://subversion.apache.org/security/CVE-2014-3528-advisory.txt"
},
{
"name": "APPLE-SA-2015-03-09-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html"
},
{
"name": "RHSA-2015:0165",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0165.html"
},
{
"name": "60722",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60722"
},
{
"name": "openSUSE-SU-2014:1059",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html"
},
{
"name": "GLSA-201610-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201610-05"
},
{
"name": "59584",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59584"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "59432",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59432"
},
{
"name": "USN-2316-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2316-1"
},
{
"name": "RHSA-2015:0166",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0166.html"
},
{
"name": "https://support.apple.com/HT204427",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204427"
},
{
"name": "68995",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68995"
},
{
"name": "http://subversion.apache.org/security/CVE-2014-3528-advisory.txt",
"refsource": "CONFIRM",
"url": "http://subversion.apache.org/security/CVE-2014-3528-advisory.txt"
},
{
"name": "APPLE-SA-2015-03-09-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html"
},
{
"name": "RHSA-2015:0165",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0165.html"
},
{
"name": "60722",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60722"
},
{
"name": "openSUSE-SU-2014:1059",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html"
},
{
"name": "GLSA-201610-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-05"
},
{
"name": "59584",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59584"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3528",
"datePublished": "2014-08-19T18:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:16.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1067 (GCVE-0-2015-1067)
Vulnerability from cvelistv5
Published
2015-03-11 01:00
Modified
2024-08-06 04:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "73009",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73009"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204659"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT204870"
},
{
"name": "APPLE-SA-2015-03-09-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html"
},
{
"name": "1031829",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031829"
},
{
"name": "1031830",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031830"
},
{
"name": "APPLE-SA-2015-03-09-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204426"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://freakattack.com/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204413"
},
{
"name": "APPLE-SA-2015-04-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "APPLE-SA-2015-03-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204423"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the \"FREAK\" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T15:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "73009",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73009"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204659"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT204870"
},
{
"name": "APPLE-SA-2015-03-09-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html"
},
{
"name": "1031829",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031829"
},
{
"name": "1031830",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031830"
},
{
"name": "APPLE-SA-2015-03-09-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204426"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://freakattack.com/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204413"
},
{
"name": "APPLE-SA-2015-04-08-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "APPLE-SA-2015-03-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204423"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-1067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the \"FREAK\" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "73009",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73009"
},
{
"name": "https://support.apple.com/HT204659",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204659"
},
{
"name": "https://support.apple.com/kb/HT204870",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT204870"
},
{
"name": "APPLE-SA-2015-03-09-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html"
},
{
"name": "1031829",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031829"
},
{
"name": "1031830",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031830"
},
{
"name": "APPLE-SA-2015-03-09-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html"
},
{
"name": "https://support.apple.com/HT204426",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204426"
},
{
"name": "https://freakattack.com/",
"refsource": "MISC",
"url": "https://freakattack.com/"
},
{
"name": "https://support.apple.com/HT204413",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204413"
},
{
"name": "APPLE-SA-2015-04-08-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name": "APPLE-SA-2015-03-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
},
{
"name": "https://support.apple.com/HT204423",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204423"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2015-1067",
"datePublished": "2015-03-11T01:00:00",
"dateReserved": "2015-01-16T00:00:00",
"dateUpdated": "2024-08-06T04:33:20.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1064 (GCVE-0-2015-1064)
Vulnerability from cvelistv5
Published
2015-03-12 10:00
Modified
2024-08-06 04:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2015-03-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
},
{
"name": "1031864",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031864"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204423"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-16T16:57:00",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2015-03-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
},
{
"name": "1031864",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031864"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204423"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-1064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activation process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2015-03-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
},
{
"name": "1031864",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031864"
},
{
"name": "https://support.apple.com/HT204423",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204423"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2015-1064",
"datePublished": "2015-03-12T10:00:00",
"dateReserved": "2015-01-16T00:00:00",
"dateUpdated": "2024-08-06T04:33:20.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3580 (GCVE-0-2014-3580)
Vulnerability from cvelistv5
Published
2014-12-18 15:00
Modified
2024-08-06 10:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:17.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3107",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3107"
},
{
"name": "RHSA-2015:0166",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0166.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204427"
},
{
"name": "71726",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71726"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://subversion.apache.org/security/CVE-2014-3580-advisory.txt"
},
{
"name": "APPLE-SA-2015-03-09-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html"
},
{
"name": "RHSA-2015:0165",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0165.html"
},
{
"name": "61131",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61131"
},
{
"name": "USN-2721-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2721-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-22T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-3107",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3107"
},
{
"name": "RHSA-2015:0166",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0166.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204427"
},
{
"name": "71726",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71726"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://subversion.apache.org/security/CVE-2014-3580-advisory.txt"
},
{
"name": "APPLE-SA-2015-03-09-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html"
},
{
"name": "RHSA-2015:0165",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0165.html"
},
{
"name": "61131",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61131"
},
{
"name": "USN-2721-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2721-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3107",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3107"
},
{
"name": "RHSA-2015:0166",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0166.html"
},
{
"name": "https://support.apple.com/HT204427",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204427"
},
{
"name": "71726",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71726"
},
{
"name": "http://subversion.apache.org/security/CVE-2014-3580-advisory.txt",
"refsource": "CONFIRM",
"url": "http://subversion.apache.org/security/CVE-2014-3580-advisory.txt"
},
{
"name": "APPLE-SA-2015-03-09-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html"
},
{
"name": "RHSA-2015:0165",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0165.html"
},
{
"name": "61131",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61131"
},
{
"name": "USN-2721-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2721-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3580",
"datePublished": "2014-12-18T15:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:17.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1062 (GCVE-0-2015-1062)
Vulnerability from cvelistv5
Published
2015-03-12 10:00
Modified
2024-08-06 04:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2015-03-09-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204426"
},
{
"name": "APPLE-SA-2015-03-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
},
{
"name": "1031864",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031864"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204423"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-16T16:57:00",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2015-03-09-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204426"
},
{
"name": "APPLE-SA-2015-03-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
},
{
"name": "1031864",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031864"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204423"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-1062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2015-03-09-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html"
},
{
"name": "https://support.apple.com/HT204426",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204426"
},
{
"name": "APPLE-SA-2015-03-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
},
{
"name": "1031864",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031864"
},
{
"name": "https://support.apple.com/HT204423",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204423"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2015-1062",
"datePublished": "2015-03-12T10:00:00",
"dateReserved": "2015-01-16T00:00:00",
"dateUpdated": "2024-08-06T04:33:20.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1061 (GCVE-0-2015-1061)
Vulnerability from cvelistv5
Published
2015-03-12 10:00
Modified
2024-08-06 04:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2015-03-09-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html"
},
{
"name": "APPLE-SA-2015-03-09-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204426"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204413"
},
{
"name": "APPLE-SA-2015-03-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
},
{
"name": "1031864",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031864"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT204563"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204423"
},
{
"name": "73004",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73004"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages \"type confusion\" during serialized-object handling."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2015-03-09-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html"
},
{
"name": "APPLE-SA-2015-03-09-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204426"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204413"
},
{
"name": "APPLE-SA-2015-03-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
},
{
"name": "1031864",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031864"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT204563"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204423"
},
{
"name": "73004",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73004"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-1061",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages \"type confusion\" during serialized-object handling."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2015-03-09-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00001.html"
},
{
"name": "APPLE-SA-2015-03-09-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html"
},
{
"name": "https://support.apple.com/HT204426",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204426"
},
{
"name": "https://support.apple.com/HT204413",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204413"
},
{
"name": "APPLE-SA-2015-03-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
},
{
"name": "1031864",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031864"
},
{
"name": "https://support.apple.com/kb/HT204563",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT204563"
},
{
"name": "https://support.apple.com/HT204423",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204423"
},
{
"name": "73004",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73004"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2015-1061",
"datePublished": "2015-03-12T10:00:00",
"dateReserved": "2015-01-16T00:00:00",
"dateUpdated": "2024-08-06T04:33:20.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4496 (GCVE-0-2014-4496)
Vulnerability from cvelistv5
Published
2015-01-30 11:00
Modified
2024-08-06 11:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:20:25.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/HT204245"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/HT204246"
},
{
"name": "72334",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72334"
},
{
"name": "APPLE-SA-2015-03-09-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html"
},
{
"name": "APPLE-SA-2015-01-27-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
},
{
"name": "1031652",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031652"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204413"
},
{
"name": "APPLE-SA-2015-01-27-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/HT204245"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/HT204246"
},
{
"name": "72334",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72334"
},
{
"name": "APPLE-SA-2015-03-09-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html"
},
{
"name": "APPLE-SA-2015-01-27-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
},
{
"name": "1031652",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031652"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204413"
},
{
"name": "APPLE-SA-2015-01-27-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2014-4496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/HT204245",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204245"
},
{
"name": "http://support.apple.com/HT204246",
"refsource": "CONFIRM",
"url": "http://support.apple.com/HT204246"
},
{
"name": "72334",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72334"
},
{
"name": "APPLE-SA-2015-03-09-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html"
},
{
"name": "APPLE-SA-2015-01-27-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00001.html"
},
{
"name": "1031652",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031652"
},
{
"name": "https://support.apple.com/HT204413",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204413"
},
{
"name": "APPLE-SA-2015-01-27-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2014-4496",
"datePublished": "2015-01-30T11:00:00",
"dateReserved": "2014-06-20T00:00:00",
"dateUpdated": "2024-08-06T11:20:25.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8108 (GCVE-0-2014-8108)
Vulnerability from cvelistv5
Published
2014-12-18 15:00
Modified
2024-08-06 13:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:50.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://subversion.apache.org/security/CVE-2014-8108-advisory.txt"
},
{
"name": "RHSA-2015:0166",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0166.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204427"
},
{
"name": "71725",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71725"
},
{
"name": "APPLE-SA-2015-03-09-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html"
},
{
"name": "61131",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61131"
},
{
"name": "USN-2721-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2721-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://subversion.apache.org/security/CVE-2014-8108-advisory.txt"
},
{
"name": "RHSA-2015:0166",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0166.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204427"
},
{
"name": "71725",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71725"
},
{
"name": "APPLE-SA-2015-03-09-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html"
},
{
"name": "61131",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61131"
},
{
"name": "USN-2721-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2721-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8108",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://subversion.apache.org/security/CVE-2014-8108-advisory.txt",
"refsource": "CONFIRM",
"url": "http://subversion.apache.org/security/CVE-2014-8108-advisory.txt"
},
{
"name": "RHSA-2015:0166",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0166.html"
},
{
"name": "https://support.apple.com/HT204427",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204427"
},
{
"name": "71725",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71725"
},
{
"name": "APPLE-SA-2015-03-09-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html"
},
{
"name": "61131",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61131"
},
{
"name": "USN-2721-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2721-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-8108",
"datePublished": "2014-12-18T15:00:00",
"dateReserved": "2014-10-10T00:00:00",
"dateUpdated": "2024-08-06T13:10:50.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1065 (GCVE-0-2015-1065)
Vulnerability from cvelistv5
Published
2015-03-12 10:00
Modified
2024-08-06 04:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2015-03-09-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html"
},
{
"name": "73007",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73007"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204413"
},
{
"name": "APPLE-SA-2015-03-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
},
{
"name": "1031864",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031864"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT204563"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204423"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2015-03-09-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html"
},
{
"name": "73007",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73007"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204413"
},
{
"name": "APPLE-SA-2015-03-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
},
{
"name": "1031864",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031864"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT204563"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204423"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-1065",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2015-03-09-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html"
},
{
"name": "73007",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73007"
},
{
"name": "https://support.apple.com/HT204413",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204413"
},
{
"name": "APPLE-SA-2015-03-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
},
{
"name": "1031864",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031864"
},
{
"name": "https://support.apple.com/kb/HT204563",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT204563"
},
{
"name": "https://support.apple.com/HT204423",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204423"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2015-1065",
"datePublished": "2015-03-12T10:00:00",
"dateReserved": "2015-01-16T00:00:00",
"dateUpdated": "2024-08-06T04:33:20.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9390 (GCVE-0-2014-9390)
Vulnerability from cvelistv5
Published
2020-02-12 01:58
Modified
2024-08-06 13:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:25.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=8769667"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.linux.kernel/1853266"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mercurial.selenic.com/wiki/WhatsNew"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT204147"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/blog/1938-git-client-vulnerability-announced"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://securitytracker.com/id?1031404"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://libgit2.org/security/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-09T17:07:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://news.ycombinator.com/item?id=8769667"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://article.gmane.org/gmane.linux.kernel/1853266"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mercurial.selenic.com/wiki/WhatsNew"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.apple.com/kb/HT204147"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/blog/1938-git-client-vulnerability-announced"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://securitytracker.com/id?1031404"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://libgit2.org/security/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a git~1/config representation, or (3) mixed case that is improperly handled on a case-insensitive filesystem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://news.ycombinator.com/item?id=8769667",
"refsource": "MISC",
"url": "https://news.ycombinator.com/item?id=8769667"
},
{
"name": "http://article.gmane.org/gmane.linux.kernel/1853266",
"refsource": "MISC",
"url": "http://article.gmane.org/gmane.linux.kernel/1853266"
},
{
"name": "http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html",
"refsource": "MISC",
"url": "http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html"
},
{
"name": "http://mercurial.selenic.com/wiki/WhatsNew",
"refsource": "MISC",
"url": "http://mercurial.selenic.com/wiki/WhatsNew"
},
{
"name": "http://support.apple.com/kb/HT204147",
"refsource": "MISC",
"url": "http://support.apple.com/kb/HT204147"
},
{
"name": "https://github.com/blog/1938-git-client-vulnerability-announced",
"refsource": "MISC",
"url": "https://github.com/blog/1938-git-client-vulnerability-announced"
},
{
"name": "http://securitytracker.com/id?1031404",
"refsource": "MISC",
"url": "http://securitytracker.com/id?1031404"
},
{
"name": "https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915",
"refsource": "MISC",
"url": "https://github.com/libgit2/libgit2/commit/928429c5c96a701bcbcafacb2421a82602b36915"
},
{
"name": "https://libgit2.org/security/",
"refsource": "MISC",
"url": "https://libgit2.org/security/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9390",
"datePublished": "2020-02-12T01:58:27",
"dateReserved": "2014-12-17T00:00:00",
"dateUpdated": "2024-08-06T13:40:25.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3522 (GCVE-0-2014-3522)
Vulnerability from cvelistv5
Published
2014-08-19 18:00
Modified
2024-08-06 10:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:16.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "59432",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59432"
},
{
"name": "USN-2316-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2316-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204427"
},
{
"name": "109996",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/109996"
},
{
"name": "APPLE-SA-2015-03-09-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html"
},
{
"name": "apache-subversion-cve20143522-spoofing(95311)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95311"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://subversion.apache.org/security/CVE-2014-3522-advisory.txt"
},
{
"name": "60100",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60100"
},
{
"name": "60722",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60722"
},
{
"name": "69237",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69237"
},
{
"name": "openSUSE-SU-2014:1059",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html"
},
{
"name": "GLSA-201610-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201610-05"
},
{
"name": "59584",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59584"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name": "apache-subversion-cve20143528-info-disc(95090)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95090"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "59432",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59432"
},
{
"name": "USN-2316-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2316-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204427"
},
{
"name": "109996",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/109996"
},
{
"name": "APPLE-SA-2015-03-09-4",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html"
},
{
"name": "apache-subversion-cve20143522-spoofing(95311)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95311"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://subversion.apache.org/security/CVE-2014-3522-advisory.txt"
},
{
"name": "60100",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60100"
},
{
"name": "60722",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60722"
},
{
"name": "69237",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69237"
},
{
"name": "openSUSE-SU-2014:1059",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html"
},
{
"name": "GLSA-201610-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201610-05"
},
{
"name": "59584",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59584"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name": "apache-subversion-cve20143528-info-disc(95090)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95090"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "59432",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59432"
},
{
"name": "USN-2316-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2316-1"
},
{
"name": "https://support.apple.com/HT204427",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204427"
},
{
"name": "109996",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/109996"
},
{
"name": "APPLE-SA-2015-03-09-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html"
},
{
"name": "apache-subversion-cve20143522-spoofing(95311)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95311"
},
{
"name": "https://subversion.apache.org/security/CVE-2014-3522-advisory.txt",
"refsource": "CONFIRM",
"url": "https://subversion.apache.org/security/CVE-2014-3522-advisory.txt"
},
{
"name": "60100",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60100"
},
{
"name": "60722",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60722"
},
{
"name": "69237",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69237"
},
{
"name": "openSUSE-SU-2014:1059",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html"
},
{
"name": "GLSA-201610-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201610-05"
},
{
"name": "59584",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59584"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name": "apache-subversion-cve20143528-info-disc(95090)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95090"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3522",
"datePublished": "2014-08-19T18:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:16.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1063 (GCVE-0-2015-1063)
Vulnerability from cvelistv5
Published
2015-03-12 10:00
Modified
2024-08-06 04:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
CoreTelephony in Apple iOS before 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a Class 0 SMS message.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2015-03-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
},
{
"name": "1031864",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031864"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204423"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CoreTelephony in Apple iOS before 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a Class 0 SMS message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-16T16:57:00",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2015-03-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
},
{
"name": "1031864",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031864"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204423"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-1063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CoreTelephony in Apple iOS before 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a Class 0 SMS message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2015-03-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00000.html"
},
{
"name": "1031864",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031864"
},
{
"name": "https://support.apple.com/HT204423",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204423"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2015-1063",
"datePublished": "2015-03-12T10:00:00",
"dateReserved": "2015-01-16T00:00:00",
"dateUpdated": "2024-08-06T04:33:20.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1066 (GCVE-0-2015-1066)
Vulnerability from cvelistv5
Published
2015-03-12 10:00
Modified
2024-08-06 04:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Off-by-one error in IOAcceleratorFamily in Apple OS X through 10.10.2 allows attackers to execute arbitrary code in a privileged context via a crafted app.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:33:20.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2015-03-09-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT204413"
},
{
"name": "1031869",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031869"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in IOAcceleratorFamily in Apple OS X through 10.10.2 allows attackers to execute arbitrary code in a privileged context via a crafted app."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-16T16:57:00",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2015-03-09-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT204413"
},
{
"name": "1031869",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031869"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-1066",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in IOAcceleratorFamily in Apple OS X through 10.10.2 allows attackers to execute arbitrary code in a privileged context via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2015-03-09-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00002.html"
},
{
"name": "https://support.apple.com/HT204413",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204413"
},
{
"name": "1031869",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031869"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2015-1066",
"datePublished": "2015-03-12T10:00:00",
"dateReserved": "2015-01-16T00:00:00",
"dateUpdated": "2024-08-06T04:33:20.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…