CVE-2021-44228

CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...

CVE-2018-16843

CVE-2018-16843 affects nginx before 1.15.6 and 1.14.1, where HTTP/2 implementation vulnerabilities in ngx_http_v2_module (if http2 is enabled) can cause excessive memory usage. Connected advisories also reference related CVEs (16844/16845) and show multiple distributions (Debian, Fedora/Red Hat, ...

CVE-2018-16844

CVE-2018-16844 affects nginx before versions 1.15.6 and 1.14.1 where HTTP/2 implementation can cause excessive CPU usage when nginx is built with the ngx_http_v2_module and the listen directive uses http2. The issue is triggered by HTTP/2 handling and is report-backed across multiple providers (D...

CVE-2018-16845

The CVE-2018-16845 issue affects nginx builds that include the ngx_http_mp4_module and the mp4 directive. Vulnerable are nginx versions earlier than 1.15.6 and 1.14.1 (when built with the module). The vulnerability arises from processing a specially crafted MP4 file, which could cause an infinite...

CVE-2019-20372

NGINX (on Amazon Linux 2) is affected by CVE-2019-20372 when configured with certain error_page settings, enabling HTTP request smuggling. The Amazon Linux 2 ALAS advisory ALAS2NGINX1-2023-004 confirms vulnerable 1.17.x/older configurations and provides patched packages: nginx 1.18.0 and related ...

CVE-2017-7529

The CVE-2017-7529 entry concerns nginx’s range filter module. Affected software: nginx (and nginx-mainline in Arch advisories). Vulnerable component: the HTTP range/filter logic within nginx range filter/module. Root cause: integer overflow when processing crafted byte ranges, leading to informat...

CVE-2015-3185

CVE-2015-3185 affects Apache HTTP Server (httpd) 2.4.x up to before 2.4.14. The ap_some_auth_required() function in server/request.c could incorrectly treat a request as authenticated, allowing modules using this API to bypass intended access controls. The issue’s fix/backport is described as imp...

CVE-2016-0746

CVE-2016-0746 is a use-after-free in nginx’s resolver when processing DNS CNAME responses. The issue affects nginx versions before 1.8.1 and 1.9.x before 1.9.10; exploitation could crash worker processes or yield other unspecified impacts. Remediation per connected docs: upgrade to non‑vulnerable...

CVE-2012-3698

Apple Xcode before 4.4 is affected by CVE-2012-3698 due to a design issue in composing a designated requirement (DR) during signing of programs without bundle identifiers. This allows remote attackers to read keychain entries via a crafted app, demonstrated with keychain data from a helper tool o...

CVE-2021-21300

Summary: CVE-2021-21300 affects Git when cloning into case-insensitive file systems and using certain clean/smudge filters (e.g., Git LFS). A specially crafted repository containing symbolic links and files processed by these filters can cause an unchecked script to run during checkout. Affected ...

CVE-2022-39253

Summary (facts grounded to provided docs): CVE-2022-39253 affects Git versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, exposing sensitive data via local clones where source and target are on the same volume. The vulnerability arises when cloning a repository l...

CVE-2019-3855

CVE-2019-3855 is a libssh2 integer overflow in the transport read path that may cause an out-of-bounds write when processing server packets. The issue appears in libssh2 prior to 1.8.1 and could enable code exposure or other impact if a user connects to a malicious SSH server. Connected advisorie...

CVE-2022-39260

Git Shell command-argument parsing bug (CVE-2022-39260) in pre-2.30.6…2.37.4 allows an attacker with SSH access to a Git shell login to overflow an int-based count when building the argv array, enabling arbitrary heap writes and potential remote code execution via execv(). Affected setups require...

CVE-2004-2687

CVE-2004-2687 concerns distcc (distccd) where, if the server port is not access-restricted, remote attackers can execute arbitrary commands via compilation jobs. The core issue is lack of authorization checks in the distccd daemon when handling distributed compilation requests. Affected scope app...

CVE-2022-24765

CVE-2022-24765 affects Git on multi-user systems where untrusted users can create a C:.git directory; Git would then read and apply configuration from that directory, potentially altering behavior outside the intended repository. The issue arises from Git not checking directory ownership when rea...

CVE-2019-14379

CVE-2019-14379 affects FasterXML jackson-databind prior to 2.9.9.2, where default typing mishandling when ehcache is present (via net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup) leads to remote code execution. Affected component is jackson-databind’s data-binding implementatio...

CVE-2016-0742

The CVE-2016-0742 issue affects nginx resolver prior to 1.8.1 and 1.9.x prior to 1.9.10. A crafted UDP DNS response can trigger an invalid pointer dereference, crashing a worker process and causing a denial of service. Affected component: resolver in nginx; root cause: dereference of invalid poin...

CVE-2016-0747

The CVE-2016-0747 entry affects nginx rescanner behavior: the resolver in nginx (versions prior to 1.8.1 and 1.9.x prior to 1.9.10) does not properly limit CNAME resolution, allowing remote attackers to cause denial of service via excessive name-resolution work. Public details across multiple sou...

CVE-2024-23298

CVE-2024-23298 affects Apple Xcode (prior to version 15.3). The issue is described as a logic problem in state management that enables Gatekeeper bypass. Multiple connected sources corroborate a local/remote-leaning impact tied to Gatekeeper checks being bypassed, with Apple noting the fix in Xco...

CVE-2025-48384

Git vulnerability CVE-2025-48384 arises from Git’s handling of trailing CR characters in config and submodule paths, which can cause a submodule to checkout to an incorrect location and potentially execute a post-checkout hook if a symlink points to the hooks directory. The issue affects Git and ...

CVE-2022-29187

CVE-2022-29187 – Git privilege escalation (details from connected docs): Affects Git on multi-user/local systems where the repository owner can influence commands via local repo configuration ownership checks. The root cause is failure to properly enforce ownership checks in local multi-user envi...

CVE-2015-3184

CVE-2015-3184 affects Subversion’s mod_authz_svn when used with Apache httpd 2.4.x. The issue is an improper restriction of anonymous access in Subversion 1.7.x (before 1.7.21) and 1.8.x (before 1.8.14), which allows remote anonymous users to read hidden files via the path name. Affected product:...

CVE-2014-9390

CVE-2014-9390 describes a remote command-execution risk in Git and several VCS clients when interacting with repositories on case-insensitive filesystems. A crafted .git/config in a tree can trigger arbitrary commands on the server/client, depending on the tool. Affected versions (per provided so...

CVE-2015-0248

CVE-2015-0248 affects Subversion (mod_dav_svn and svnserve) versions 1.6.0–1.7.19 and 1.8.0–1.8.11. The issue is an assertion failure DoS triggered by crafted requests with dynamically evaluated revision numbers, potentially crashing the server. Multiple connected advisories confirm this vulnerab...

CVE-2022-22602

The CVE-2022-22602 issue affects Apple Xcode components (notably the otool tool) where an out-of-bounds read could occur due to insufficient bounds checking. The vulnerability is fixed in Xcode 13.3. Impact described in sources: opening a maliciously crafted file may cause the application to term...

CVE-2015-0251

CVE-2015-0251 affects Subversion’s mod_dav_svn server. The vulnerability arises from improper handling of the svn:author property in crafted v1 HTTP protocol request sequences, allowing remote authenticated users to spoof author information. Affected products/versions include Subversion 1.5.0–1.7...

CVE-2020-9992

CVE-2020-9992 affects Apple's IDE Device Support in Xcode 12.0 and iOS/iPadOS 14 (paired-device remote debugging). The vulnerability allows an attacker in a privileged network position to execute arbitrary code on a paired device during a debug session over the network. Apple addressed this by en...

CVE-2022-42797

The CVE-2022-42797 entry corresponds to an injection issue in Apple Xcode, specifically affecting the IDE Xcode Server component. According to multiple connected sources, the root cause is an input validation weakness that could allow an (unprivileged) app to gain root privileges. The vulnerabili...

CVE-2022-22605

CVE-2022-22605 affects Apple Xcode components (notably otol) with an out-of-bounds read; exploitation would occur when opening a maliciously crafted file and could lead to arbitrary code execution. Apple fixes this in Xcode 13.3; update to that version or later to mitigate. The vulnerability is s...

CVE-2022-26747

CVE-2022-26747 affects Apple Xcode IDE (macOS Monterey 12) due to a vulnerability in the IDE component where insufficient input checks could allow an app to gain elevated privileges. The issue is addressed in Xcode 13.4; CVSS indicates local exploitation with user interaction required and high im...

CVE-2021-1800

CVE-2021-1800 is tied to Apple Xcode 12.4. The vulnerability is a path handling issue in on-demand resources that could allow a malicious app to access arbitrary host files when using Xcode. Apple fixed this by improving path validation in Xcode 12.4. The cited sources (Apple advisory HT212153 an...

CVE-2022-22608

CVE-2022-22608 affects Apple Xcode and describes an out-of-bounds read in a component exposed during file handling (notably the otool path in Xcode’s tooling) due to insufficient bounds checking. Multiple connected sources confirm the issue is fixed in Xcode 13.3; incident impact is described as ...

CVE-2015-3187

CVE-2015-3187 affects Apache Subversion: the svn_repos_trace_node_locations function in Subversion before 1.7.21 and in 1.8.x before 1.8.14 can disclose sensitive path information. When path-based authorization is used, remote authenticated users could read the history of a node that has been mov...

CVE-2018-4164

CVE-2018-4164 affects Apple Xcode 9.3 and its bundled LLVM component. The related EUVD/CNVD/PRION and Apple security pages indicate multiple issues in LLVM were addressed by updating to the LLVM version shipped with Xcode 9.3. The exact root cause and vulnerable subcomponents are not detailed in ...

CVE-2022-22604

CVE-2022-22604 is an Apple Xcode vulnerability describing an out-of-bounds read in the otool processing path of Xcode. The issue may cause application termination or allow arbitrary code execution when parsing a maliciously crafted file. Apple’s security content for Xcode 13.3 indicates the fix i...

CVE-2022-22603

CVE-2022-22603 affects Apple Xcode’s otool component. A boundary check vulnerability (out-of-bounds read) can be triggered by opening a maliciously crafted file, potentially causing an application termination or arbitrary code execution. Apple’s remedy is patching in Xcode 13.3. The available doc...

CVE-2022-22606

Apple Xcode is affected by an out-of-bounds read in the otool component when processing files. The issue is due to insufficient bounds checking and can lead to application termination or arbitrary code execution when opening a maliciously crafted file. It has been fixed in Xcode 13.3. Affected ve...

CVE-2024-44191

CVE-2024-44191 affects Apple platforms and is tied to improper state management that could allow an app to gain unauthorized Bluetooth access. Connected sources confirm the issue is resolved in multiple Apple OS updates: iOS 17.7 and iPadOS 17.7, macOS Sequoia 15, iOS 18 and iPadOS 18, visionOS 2...

CVE-2023-40391

CVE-2023-40391 affects Apple platforms with a memory handling issue that may allow an app to disclose kernel memory. Publicly documented fixes apply to tvOS 17, iOS 17, iPadOS 17, and macOS Sonoma 14 (and Xcode 15). No exploitation status is stated in the provided sources. The vulnerability is ad...

CVE-2023-27967

The CVE-2023-27967 issue affects Apple's Xcode stack and was resolved in Xcode 14.3 through improved memory handling. The vulnerability could allow an app to execute arbitrary code outside its sandbox or with elevated privileges. Affected component: memory handling in Xcode before 14.3. Remediati...

CVE-2023-27945

CVE-2023-27945 affects macOS and Xcode components where entitlements were improved to fix a privacy issue: a sandboxed app may be able to collect system logs due to entitlements handling. Affected products/versions listed in connected docs include Xcode 14.3, macOS Big Sur 11.7.7, and macOS Monte...

CVE-2019-8840

CVE-2019-8840 affects Apple Xcode (ld64) where an out-of-bounds read was caused by insufficient bounds checking. Impact: compiling with untrusted sources may allow arbitrary code execution with user privileges. Affected/product: Xcode (ld64 component) on macOS. Root cause: out-of-bounds read due ...

CVE-2014-3528

CVE-2014-3528 affects Apache Subversion: cached credentials are protected by an MD5 hash of the URL and authentication realm. Subversion 1.0.0–1.7.x (before 1.7.17) and 1.8.x (before 1.8.10) store credentials in this manner, which may allow a remote server to obtain credentials via a crafted auth...

CVE-2022-22607

CVE-2022-22607 describes an out-of-bounds read in Apple Xcode. The issue is mitigated by improved bounds checking and is fixed in Xcode 13.3. Impact per sources: opening a maliciously crafted file may cause unexpected termination or arbitrary code execution. Remediation: update to Xcode 13.3 or l...

CVE-2014-3580

CVE-2014-3580 affects the mod_dav_svn component of Apache Subversion (1.x) prior to 1.7.19 and 1.8.x prior to 1.8.11. A remote attacker can trigger a NULL pointer dereference via a REPORT request for a non-existent resource , causing a denial of service and server crash. Connected sources documen...

CVE-2022-22601

CVE-2022-22601 corresponds to an Apple Xcode out-of-bounds read vulnerability. The connected documents confirm a flaw in Xcode that can be triggered by opening a maliciously crafted file, potentially causing unexpected termination or arbitrary code execution. The issue is addressed by improved bo...

CVE-2014-8108

The CVE-2014-8108 issue affects the Apache Subversion mod_dav_svn module. According to connected docs, Subversion 1.7.x is vulnerable before 1.7.19 and 1.8.x is vulnerable before 1.8.11, where a remote attacker can trigger a NULL pointer dereference by requesting a URI that causes a lookup for a ...

CVE-2014-3522

The CVE-2014-3522 vulnerability affects Subversion’s Serf RA layer, where wildcards in X.509 CN/subjectAltName are not properly validated, enabling MITM certificate spoofing. Affected: Subversion Serf-based TLS for versions 1.4.0–1.7.x before 1.7.18 and 1.8.x before 1.8.10. Impact: potential disc...

CVE-2018-4357

CVE-2018-4357 is an Apple Xcode/LLVM memory corruption vulnerability: the LLVM/ Xcode component prior to Xcode 10 contains a flaw that allows memory corruption due to insufficient input validation. The issue could enable code execution with kernel privileges, as described in the Xcode 10 security...

CVE-2023-32396

The CVE-2023-32396 issue affects Apple platforms and is fixed in Xcode 15, tvOS 17, watchOS 10, iOS 17, iPadOS 17, and macOS Sonoma 14. The description states that an app may be able to gain elevated privileges and that the fix involved improved checks. No additional attack vectors or exploit det...