Xcode Security Vulnerabilities
6.7AI Score
0.0004EPSS
This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 15. An app may be able to access App Store...
5.5CVSS
5AI Score
0.001EPSS
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14, Xcode 15. An app may be able to disclose kernel...
5.5CVSS
5.2AI Score
0.001EPSS
This issue was addressed with improved checks. This issue is fixed in Xcode 15, tvOS 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to gain elevated...
7.8CVSS
6.9AI Score
0.001EPSS
The issue was addressed with improved checks. This issue is fixed in Xcode 14.0. Parsing a file may lead to disclosure of user...
5.5CVSS
4.5AI Score
0.001EPSS
The issue was addressed with improved memory handling. This issue is fixed in Xcode 14.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated...
8.6CVSS
8.2AI Score
0.001EPSS
This issue was addressed with improved entitlements. This issue is fixed in Xcode 14.3, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A sandboxed app may be able to collect system...
6.3CVSS
6.3AI Score
0.001EPSS
An injection issue was addressed with improved input validation. This issue is fixed in Xcode 14.1. An app may be able to gain root...
7.8CVSS
7.2AI Score
0.001EPSS
This issue was addressed with improved checks. This issue is fixed in Xcode 13.4. An app may be able to gain elevated...
7.8CVSS
6.8AI Score
0.001EPSS
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code...
7.8CVSS
7.9AI Score
0.001EPSS
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code...
7.8CVSS
7.9AI Score
0.001EPSS
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code...
7.8CVSS
7.9AI Score
0.001EPSS
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code...
7.8CVSS
7.9AI Score
0.001EPSS
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code...
7.8CVSS
7.9AI Score
0.001EPSS
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code...
7.8CVSS
7.9AI Score
0.001EPSS
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code...
7.8CVSS
7.9AI Score
0.001EPSS
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code...
7.8CVSS
7.9AI Score
0.001EPSS
Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE)...
7.1CVSS
6.8AI Score
0.001EPSS
A path handling issue was addressed with improved validation. This issue is fixed in Xcode 12.4. A malicious application may be able to access arbitrary files on the host device while running an app that uses on-demand resources with...
5.5CVSS
4.5AI Score
0.001EPSS
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 11.3. Compiling with untrusted sources may lead to arbitrary code execution with user...
8.8CVSS
8.2AI Score
0.001EPSS
This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on a paired device...
7.8CVSS
7.4AI Score
0.001EPSS
Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before...
9.8CVSS
9.1AI Score
0.951EPSS
NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load...
5.3CVSS
5.2AI Score
0.003EPSS
Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user...
8.8CVSS
8.8AI Score
0.004EPSS
Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user...
8.8CVSS
8.8AI Score
0.004EPSS
A memory corruption issue was addressed with improved validation. This issue is fixed in Xcode 11.2. Processing a maliciously crafted file may lead to arbitrary code...
7.8CVSS
7.6AI Score
0.001EPSS
Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user...
8.8CVSS
8.8AI Score
0.004EPSS
Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user...
8.8CVSS
8.8AI Score
0.004EPSS
A memory corruption issue was addressed with improved state management. This issue is fixed in Xcode 11.0. Processing a maliciously crafted file may lead to arbitrary code...
7.8CVSS
8.4AI Score
0.001EPSS
A memory corruption issue was addressed with improved validation. This issue is fixed in Xcode 11.2. Processing a maliciously crafted file may lead to arbitrary code...
7.8CVSS
7.6AI Score
0.001EPSS
A memory corruption issue was addressed with improved state management. This issue is fixed in Xcode 11.0. Processing a maliciously crafted file may lead to arbitrary code...
7.8CVSS
8.4AI Score
0.001EPSS
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code...
9.8CVSS
9.6AI Score
0.006EPSS
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to Xcode...
7.8CVSS
7.1AI Score
0.001EPSS
An issue was discovered in certain Apple products. Xcode before 9.3 is affected. The issue, which is unspecified, involves the "LLVM"...
9.8CVSS
8.1AI Score
0.014EPSS
An issue was discovered in certain Apple products. Xcode before 9.2 is affected. The issue involves the "ld64" component. A buffer overflow allows remote attackers to execute arbitrary code via crafted source...
7.8CVSS
7.3AI Score
0.008EPSS
An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the "ld64" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Mach-O...
7.8CVSS
9AI Score
0.011EPSS
An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the "ld64" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Mach-O...
7.8CVSS
9AI Score
0.011EPSS
An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the "ld64" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Mach-O...
7.8CVSS
9AI Score
0.011EPSS
An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the "ld64" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Mach-O...
7.8CVSS
9AI Score
0.011EPSS
otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than...
7.8CVSS
7.4AI Score
0.0004EPSS
otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than...
7.8CVSS
7.4AI Score
0.0004EPSS
otool in Apple Xcode before 7.3 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified...
7.8CVSS
7.2AI Score
0.0004EPSS
Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response...
9.8CVSS
9.5AI Score
0.045EPSS
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name...
5.3CVSS
6.8AI Score
0.011EPSS
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS...
7.5CVSS
7.9AI Score
0.871EPSS
otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than...
6.4AI Score
0.0004EPSS
IDE SCM in Apple Xcode before 7.2 does not recognize .gitignore files, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging the presence of a file matching an ignore...
5.8AI Score
0.003EPSS
otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than...
6.4AI Score
0.0004EPSS
The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack...
6.3AI Score
0.003EPSS
IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attackers to obtain potentially sensitive build information in opportunistic circumstances by leveraging incorrect notification...
5.8AI Score
0.003EPSS