95 matches found
CVE-2025-30441
CVE-2025-30441 affects Apple Xcode and is tied to an out-of-bounds write that could allow an app to overwrite arbitrary files. The issue is described as being addressed through improved state management and fixed in Xcode 16.3. Connected sources corroborate the vulnerability in the Xcode IDE and ...
CVE-2014-6394
The CVE-2014-6394 entry concerns visionmedia send before 0.8.4 for Node.js. The vulnerability arises from a partial directory-root verification, which can allow a remote attacker to escape the intended restricted directory and access files such as those under a public-restricted path (e.g., publi...
CVE-2019-8806
CVE-2019-8806 is tied to Apple Xcode/LLVM. The issue is described as a memory corruption vulnerability in LLVM that was fixed in Xcode 11.2, with exploitation possible by processing a maliciously crafted file and potentially leading to arbitrary code execution. The Apple advisory HT210729 confirm...
CVE-2024-44162
CVE-2024-44162 affects the Apple Xcode IDE. A malicious application could gain access to a user’s Keychain items. The issue was addressed by enabling the hardened runtime and is fixed in Xcode 16. The Red Hat/OSS feeds corroborate: impact remains local and requires the hardened runtime mitigation...
CVE-2006-5327
CVE-2006-5327 describes an untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, including usage in Apple Xcode 2.2 and earlier. A local attacker can execute arbitrary code by placing a malicious gzip executable on a modified PATH, which is then invoked by gnutar under certain TAR...
CVE-2008-2318
The CVE-2008-2318 issue affects Apple’s Xcode WebObjects: the WOHyperlink API in WebObjects before Xcode 3.1 appends local session IDs to generated non-local URLs, enabling potential information disclosure by remote attackers reading those requests. Impact is information leakage without exploitat...
CVE-2019-8800
CVE-2019-8800 concerns Apple Xcode’s LLVM component. The vulnerability is described as a memory corruption issue fixed in Xcode 11.2, with failure triggered by processing a maliciously crafted file that may lead to arbitrary code execution. Public sources in the connected dataset consistently tie...
CVE-2025-24226
The CVE-2025-24226 entry concerns Apple Xcode 16.3 where a malicious app may access private information due to insufficient checks. Public records consistently state that the issue is fixed in Xcode 16.3 through improved checks. Affected component is Xcode (IDE assets, as described by Apple’s adv...
CVE-2017-7134
CVE-2017-7134 affects Apple Xcode prior to 9, with the ld64 linker component. A crafted Mach-O file can trigger arbitrary code execution or memory corruption, potentially causing an application crash. Public sources (NVD entry) describe remote code execution risk, while Apple’s advisory for Xcode...
CVE-2015-7049
CVE-2015-7049 affects Apple Xcode before 7.2, via the otools component’s handling of Mach-O files. The underlying issue allows local users to gain privileges or cause a denial of service (memory corruption). This is a separate vulnerability from CVE-2015-7057, which also targets otools Mach-O pro...
CVE-2017-7135
CVE-2017-7135 affects Apple Xcode before 9, involving the ld64 linker. A crafted Mach-O file can lead to arbitrary code execution or memory corruption causing a crash. Public sources (Apple KB HT208103, NVD entry) corroborate memory-corruption/Code Execution risks and indicate fixes were addresse...
CVE-2019-8721
CVE-2019-8721 affects the ld64 component of the Xcode toolchains. The underlying issue is a failure to properly validate input in ld64, which could allow arbitrary code execution with user privileges. The vulnerability is addressed by updating to ld64-507.4 as part of Xcode 11.0. Affected context...
CVE-2015-5909
CVE-2015-5909 affects the IDE Xcode Server component of Apple Xcode prior to 7.0. The root cause is insufficient access restriction on repository email lists, allowing a remote, unauthenticated attacker to obtain potentially sensitive build information via incorrect notification delivery. Impact ...
CVE-2016-1765
CVE-2016-1765 is an Apple Xcode 7.3-era memory corruption issue in otool (and related memory handling) that allows a local attacker to gain privileges or cause a denial of service. Affected: Xcode prior to 7.3 on macOS (OS X El Capitan v10.11 and later). Root cause: memory corruption from imprope...
CVE-2024-44228
CVE-2024-44228 relates to Apple Xcode 16 security updates. The connected sources indicate a permissions-checking weakness where a malicious or misbehaving app (notably within Xcode’s Playgrounds) could potentially inherit permissions from Xcode and access user data. The root cause is described as...
CVE-2015-5910
Apple Xcode IDE Xcode Server prior to version 7.0 is affected by CVE-2015-5910: server traffic is transmitted in cleartext, allowing remote attackers to sniff sensitive information. Affected product: IDE Xcode Server within Apple Xcode. Root cause: unencrypted server communications. Impact: poten...
CVE-2019-8722
CVE-2019-8722 refers to an arbitrary code execution vulnerability in the ld64 component of Apple’s Xcode toolchains. The issue arises from insufficient input validation during compilation, enabling code execution with user privileges. Apple fixed this in Xcode 11.0 by updating ld64 to version 507...
CVE-2019-8724
CVE-2019-8724 concerns ld64 in the Xcode toolchains. The vulnerability arises from input validation failures in ld64, allowing arbitrary code execution with user privileges. Affected product: Apple Xcode 11.0 toolchain (macOS Mojave 10.14.4 and later) where the issue is fixed by updating to ld64-...
CVE-2022-32920
Apple Xcode is affected by CVE-2022-32920. The issue arises from parsing a file, which could disclose user information. Affected product: Xcode (prior to 14.0). Underlying cause: insufficient checks during file parsing. Impact (as stated): potential disclosure of user information. Remediation: fi...
CVE-2015-7030
CVE-2015-7030 affects Apple Xcode before 7.1, where the Swift implementation mishandles certain type conversions. Multiple sources describe it as an information-disclosure/logic-conversion issue that could allow an attacker to obtain sensitive information or circumvent program logic; the vendor a...
CVE-2017-7137
Apple Xcode before version 9 is affected by ld64 memory-handling issues that can be triggered by a crafted Mach-O file, potentially enabling arbitrary code execution or a denial of service. Connected sources confirm CVE-2017-7137 (and related CVEs) apply to the ld64 component within Xcode 9 era. ...
CVE-2015-1149
CVE-2015-1149 affects the Swift simulator in Apple Xcode prior to 6.3. The issue is an integer overflow during type-conversion in the Swift simulator, which can cause conversions to return unexpected values and enable a denial-of-service or related unspecified impact. Affected product: Xcode and ...
CVE-2024-40862
CVE-2024-40862 pertains to an Apple Xcode security issue where an attacker could determine the Apple ID of the computer owner. All connected documents identify this as a privacy flaw that was addressed by removing sensitive data and fixes are available in Xcode 16. The vulnerability is described ...
CVE-2015-7057
Apple Xcode before 7.2 is affected by CVE-2015-7057 due to otools handling Mach-O files, enabling local privilege escalation or denial of service via a crafted Mach-O file. The vulnerability is tied to memory corruption in otools when processing Mach-O inputs. Affected product is Xcode (Mac OS X)...
CVE-2016-4704
CVE-2016-4704 affects Apple Xcode 8 and earlier, where the otool component may allow a local attacker to gain privileges or cause a denial of service via memory corruption. Apple’s security content for Xcode 8 documents multiple memory corruption issues addressed by improved memory handling, with...
CVE-2017-7136
CVE-2017-7136 is documented as a memory corruption vulnerability in the ld64 linker used by Apple Xcode prior to version 9, exploitable via parsing a crafted Mach‑O file to achieve arbitrary code execution or a denial of service. The connected sources (Apple security content for Xcode 9 and relat...
CVE-2023-40435
CVE-2023-40435 affects Apple’s Xcode toolchain, specifically the iTMSTransporter workflow. The issue allowed an app to access App Store credentials; the root cause (per security advisories) was mitigated by enabling the hardened runtime, with the fix present in Xcode 15. The reported CVSS metrics...
CVE-2016-4705
Apple Xcode 8 and earlier contain memory-corruption vulnerabilities in the otool component that can allow a local attacker to gain privileges or cause a denial of service (application crash). CVE-2016-4704 and CVE-2016-4705 are tied to this issue; Apple indicates these were addressed via memory-h...
CVE-2019-8723
CVE-2019-8723 affects the ld64 component in Apple Xcode toolchains. The issue stems from insufficient input validation in ld64, enabling arbitrary code execution with user privileges when compiling code. The vulnerability is addressed by updating to Xcode 11.0, which includes ld64-507.4. Public d...
CVE-2019-8739
CVE-2019-8739 affects Apple’s Xcode toolchain, specifically the otool component. A memory corruption issue in otool could be triggered by processing a maliciously crafted file, potentially enabling arbitrary code execution. Apple’s security content confirms the fix in Xcode 11.0 and advises upgra...
CVE-2017-7167
CVE-2017-7167 affects Apple Xcode before 9.2, where the ld64 linker component contains a buffer overflow. The flaw allows arbitrary code execution with user privileges when compiling with untrusted sources, leading to a high-severity outcome in the 3.0 CVSS (local, exploitable with no user intera...
CVE-2019-8738
CVE-2019-8738 affects the otool component of Apple Xcode prior to version 11.0. It is a memory corruption issue that could allow arbitrary code execution when processing a maliciously crafted file. Apple fixed this in Xcode 11.0 by updating the affected component and improving state management. T...
CVE-2006-5328
OpenBase SQL 10.0 and earlier (as used in Apple Xcode 2.2 and earlier) is affected by a local privilege escalation vulnerability where an attacker can create arbitrary files via a symlink attack on the simulation.sql file. The root cause is a symlink handling flaw that allows a local user to leve...
CVE-2015-3027
CVE-2015-3027 concerns Clang in LLVM as used in Apple Xcode prior to 6.3, where incorrect register allocation triggers stack storage for stack-cookie pointers. This behavior can allow context-dependent attackers to bypass the stack-guard protection mechanism in an affected C program. The provided...
CVE-2006-1466
The CVE-2006-1466 entry concerns Xcode Tools prior to 2.3 on Mac OS X 10.4. The vulnerability is triggered when the WebObjects plugin runs, allowing remote attackers to access or modify WebObjects projects via a network service. The available sources identify the affected software and the impact ...
CVE-2015-7056
Apple Xcode prior to 7.2 is affected by CVE-2015-7056 due to a failure of the IDE SCM to honor .gitignore directives. This allows remote attackers to disclose sensitive information by exploiting the presence of a file that matches an ignore pattern. The issue is corroborated by multiple sources i...
CVE-2025-43375
The CVE-2025-43375 entry is tied to Xcode 26 where a path-handling issue can cause a process crash when processing an overly large path value. Technical details across connected sources consistently cite the vulnerability in the Xcode 26 development tools and the fix implemented by Apple (improve...
CVE-2025-43263
CVE-2025-43263 affects Apple Xcode (26) with a sandbox check insufficiency in components such as IDE CoreML and Xcode itself. The issue allows an app to read and write files outside its sandbox due to insufficient path/file handling checks. The vulnerability is addressed in Xcode 26 via improved ...
CVE-2025-43371
The CVE describes an Improper Access Control in Xcode where insufficient sandbox checks could allow an app to break out of its sandbox. Reports converge on Xcode 26 fixes; remediation is to update to Xcode 26 or later. The vulnerability is characterized by local attack vector with required user i...
CVE-2025-43370
CVE-2025-43370 affects Apple Xcode 26, where a path handling issue can crash a process when processing an oversized path. The root cause is improved validation of path input in Xcode 26 development tooling, with confirmed fix in the Xcode 26 release. Public sources across Red Hat, CNVD, NVD, and ...
CVE-2025-31186
CVE-2025-31186 affects Apple Xcode components (notably Playgrounds) where a permissions issue could allow an app to bypass Privacy preferences. Root cause: insufficient restrictions. Impact: potential exposure of private information or privacy policy circumvention, as described by multiple source...
CVE-2025-43504
CVE-2025-43504 is tied to an out-of-bounds/write/ buffer overflow in Apple's Xcode 26.1 (specifically the LLDB component per Apple’s security content) that can be triggered by a crafted input from a user in a privileged network position, potentially causing a denial-of-service. The CNVD/CNNVD ent...
CVE-2026-28890
CVE-2026-28890 describes an out-of-bounds read in Xcode that was addressed by improved bounds checking. Connected sources confirm the affected product is Xcode and indicate the fix is included in Xcode 26.4, with the impact stated as an app may terminate unexpectedly. The vulnerability details ac...
CVE-2025-43505
Apple Xcode 26.1 fixes CVE-2025-43505, an out-of-bounds write caused by insufficient input validation that could allow heap corruption when processing a maliciously crafted file. Affected product: Xcode (and LLDB noted in Apple advisory). Remediation: update to Xcode 26.1. Notes from connected so...
CVE-2026-28889
The CVE-2026-28889 entry pertains to Xcode prior to version 26.4, where a permissions issue could allow an app to read arbitrary files as root. The root cause is described as insufficient/added restrictions around permissions in the affected components. Apple’s advisory (Xcode 26.4) fixes the iss...