Lucene search
K
AppleXcode

95 matches found

CVE
CVE
added 2025/03/31 10:23 p.m.82 views

CVE-2025-30441

CVE-2025-30441 affects Apple Xcode and is tied to an out-of-bounds write that could allow an app to overwrite arbitrary files. The issue is described as being addressed through improved state management and fixed in Xcode 16.3. Connected sources corroborate the vulnerability in the Xcode IDE and ...

5.5CVSS6.5AI score0.00211EPSS
CVE
CVE
added 2014/10/08 5:0 p.m.75 views

CVE-2014-6394

The CVE-2014-6394 entry concerns visionmedia send before 0.8.4 for Node.js. The vulnerability arises from a partial directory-root verification, which can allow a remote attacker to escape the intended restricted directory and access files such as those under a public-restricted path (e.g., publi...

7.5CVSS6.3AI score0.04257EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.74 views

CVE-2019-8806

CVE-2019-8806 is tied to Apple Xcode/LLVM. The issue is described as a memory corruption vulnerability in LLVM that was fixed in Xcode 11.2, with exploitation possible by processing a maliciously crafted file and potentially leading to arbitrary code execution. The Apple advisory HT210729 confirm...

7.8CVSS7.6AI score0.0098EPSS
CVE
CVE
added 2024/09/16 11:23 p.m.72 views

CVE-2024-44162

CVE-2024-44162 affects the Apple Xcode IDE. A malicious application could gain access to a user’s Keychain items. The issue was addressed by enabling the hardened runtime and is fixed in Xcode 16. The Red Hat/OSS feeds corroborate: impact remains local and requires the hardened runtime mitigation...

7.8CVSS6.8AI score0.00208EPSS
CVE
CVE
added 2006/10/17 9:0 p.m.71 views

CVE-2006-5327

CVE-2006-5327 describes an untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, including usage in Apple Xcode 2.2 and earlier. A local attacker can execute arbitrary code by placing a malicious gzip executable on a modified PATH, which is then invoked by gnutar under certain TAR...

7.2CVSS7.7AI score0.00569EPSS
CVE
CVE
added 2008/07/14 6:0 p.m.70 views

CVE-2008-2318

The CVE-2008-2318 issue affects Apple’s Xcode WebObjects: the WOHyperlink API in WebObjects before Xcode 3.1 appends local session IDs to generated non-local URLs, enabling potential information disclosure by remote attackers reading those requests. Impact is information leakage without exploitat...

5CVSS5.4AI score0.0146EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.70 views

CVE-2019-8800

CVE-2019-8800 concerns Apple Xcode’s LLVM component. The vulnerability is described as a memory corruption issue fixed in Xcode 11.2, with failure triggered by processing a maliciously crafted file that may lead to arbitrary code execution. Public sources in the connected dataset consistently tie...

7.8CVSS7.6AI score0.0098EPSS
CVE
CVE
added 2025/03/31 10:23 p.m.70 views

CVE-2025-24226

The CVE-2025-24226 entry concerns Apple Xcode 16.3 where a malicious app may access private information due to insufficient checks. Public records consistently state that the issue is fixed in Xcode 16.3 through improved checks. Affected component is Xcode (IDE assets, as described by Apple’s adv...

5.5CVSS6AI score0.00238EPSS
CVE
CVE
added 2017/10/23 1:0 a.m.69 views

CVE-2017-7134

CVE-2017-7134 affects Apple Xcode prior to 9, with the ld64 linker component. A crafted Mach-O file can trigger arbitrary code execution or memory corruption, potentially causing an application crash. Public sources (NVD entry) describe remote code execution risk, while Apple’s advisory for Xcode...

7.8CVSS8.7AI score0.01518EPSS
CVE
CVE
added 2015/12/11 11:0 a.m.66 views

CVE-2015-7049

CVE-2015-7049 affects Apple Xcode before 7.2, via the otools component’s handling of Mach-O files. The underlying issue allows local users to gain privileges or cause a denial of service (memory corruption). This is a separate vulnerability from CVE-2015-7057, which also targets otools Mach-O pro...

4.6CVSS6.2AI score0.00303EPSS
CVE
CVE
added 2017/10/23 1:0 a.m.66 views

CVE-2017-7135

CVE-2017-7135 affects Apple Xcode before 9, involving the ld64 linker. A crafted Mach-O file can lead to arbitrary code execution or memory corruption causing a crash. Public sources (Apple KB HT208103, NVD entry) corroborate memory-corruption/Code Execution risks and indicate fixes were addresse...

7.8CVSS8.7AI score0.01518EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.65 views

CVE-2019-8721

CVE-2019-8721 affects the ld64 component of the Xcode toolchains. The underlying issue is a failure to properly validate input in ld64, which could allow arbitrary code execution with user privileges. The vulnerability is addressed by updating to ld64-507.4 as part of Xcode 11.0. Affected context...

9.3CVSS8.8AI score0.01792EPSS
CVE
CVE
added 2015/09/18 10:0 a.m.64 views

CVE-2015-5909

CVE-2015-5909 affects the IDE Xcode Server component of Apple Xcode prior to 7.0. The root cause is insufficient access restriction on repository email lists, allowing a remote, unauthenticated attacker to obtain potentially sensitive build information via incorrect notification delivery. Impact ...

5CVSS5.6AI score0.01921EPSS
CVE
CVE
added 2016/03/24 1:0 a.m.63 views

CVE-2016-1765

CVE-2016-1765 is an Apple Xcode 7.3-era memory corruption issue in otool (and related memory handling) that allows a local attacker to gain privileges or cause a denial of service. Affected: Xcode prior to 7.3 on macOS (OS X El Capitan v10.11 and later). Root cause: memory corruption from imprope...

7.8CVSS6AI score0.00329EPSS
CVE
CVE
added 2024/10/28 9:8 p.m.62 views

CVE-2024-44228

CVE-2024-44228 relates to Apple Xcode 16 security updates. The connected sources indicate a permissions-checking weakness where a malicious or misbehaving app (notably within Xcode’s Playgrounds) could potentially inherit permissions from Xcode and access user data. The root cause is described as...

7.5CVSS5.7AI score0.00412EPSS
CVE
CVE
added 2015/09/18 10:0 a.m.60 views

CVE-2015-5910

Apple Xcode IDE Xcode Server prior to version 7.0 is affected by CVE-2015-5910: server traffic is transmitted in cleartext, allowing remote attackers to sniff sensitive information. Affected product: IDE Xcode Server within Apple Xcode. Root cause: unencrypted server communications. Impact: poten...

3.3CVSS5.5AI score0.00753EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.59 views

CVE-2019-8722

CVE-2019-8722 refers to an arbitrary code execution vulnerability in the ld64 component of Apple’s Xcode toolchains. The issue arises from insufficient input validation during compilation, enabling code execution with user privileges. Apple fixed this in Xcode 11.0 by updating ld64 to version 507...

9.3CVSS8.8AI score0.01792EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.59 views

CVE-2019-8724

CVE-2019-8724 concerns ld64 in the Xcode toolchains. The vulnerability arises from input validation failures in ld64, allowing arbitrary code execution with user privileges. Affected product: Apple Xcode 11.0 toolchain (macOS Mojave 10.14.4 and later) where the issue is fixed by updating to ld64-...

9.3CVSS8.8AI score0.01881EPSS
CVE
CVE
added 2023/09/06 1:36 a.m.59 views

CVE-2022-32920

Apple Xcode is affected by CVE-2022-32920. The issue arises from parsing a file, which could disclose user information. Affected product: Xcode (prior to 14.0). Underlying cause: insufficient checks during file parsing. Impact (as stated): potential disclosure of user information. Remediation: fi...

5.5CVSS4.7AI score0.00181EPSS
CVE
CVE
added 2015/10/23 10:0 a.m.58 views

CVE-2015-7030

CVE-2015-7030 affects Apple Xcode before 7.1, where the Swift implementation mishandles certain type conversions. Multiple sources describe it as an information-disclosure/logic-conversion issue that could allow an attacker to obtain sensitive information or circumvent program logic; the vendor a...

7.5CVSS6.2AI score0.01619EPSS
CVE
CVE
added 2017/10/23 1:0 a.m.58 views

CVE-2017-7137

Apple Xcode before version 9 is affected by ld64 memory-handling issues that can be triggered by a crafted Mach-O file, potentially enabling arbitrary code execution or a denial of service. Connected sources confirm CVE-2017-7137 (and related CVEs) apply to the ld64 component within Xcode 9 era. ...

7.8CVSS8.7AI score0.01518EPSS
CVE
CVE
added 2015/04/10 2:0 p.m.57 views

CVE-2015-1149

CVE-2015-1149 affects the Swift simulator in Apple Xcode prior to 6.3. The issue is an integer overflow during type-conversion in the Swift simulator, which can cause conversions to return unexpected values and enable a denial-of-service or related unspecified impact. Affected product: Xcode and ...

7.5CVSS7.3AI score0.01619EPSS
CVE
CVE
added 2024/09/16 11:23 p.m.57 views

CVE-2024-40862

CVE-2024-40862 pertains to an Apple Xcode security issue where an attacker could determine the Apple ID of the computer owner. All connected documents identify this as a privacy flaw that was addressed by removing sensitive data and fixes are available in Xcode 16. The vulnerability is described ...

7.5CVSS6.1AI score0.00478EPSS
CVE
CVE
added 2015/12/11 11:0 a.m.56 views

CVE-2015-7057

Apple Xcode before 7.2 is affected by CVE-2015-7057 due to otools handling Mach-O files, enabling local privilege escalation or denial of service via a crafted Mach-O file. The vulnerability is tied to memory corruption in otools when processing Mach-O inputs. Affected product is Xcode (Mac OS X)...

4.6CVSS6.2AI score0.00303EPSS
CVE
CVE
added 2016/09/18 10:0 p.m.56 views

CVE-2016-4704

CVE-2016-4704 affects Apple Xcode 8 and earlier, where the otool component may allow a local attacker to gain privileges or cause a denial of service via memory corruption. Apple’s security content for Xcode 8 documents multiple memory corruption issues addressed by improved memory handling, with...

7.8CVSS7.4AI score0.00314EPSS
CVE
CVE
added 2017/10/23 1:0 a.m.56 views

CVE-2017-7136

CVE-2017-7136 is documented as a memory corruption vulnerability in the ld64 linker used by Apple Xcode prior to version 9, exploitable via parsing a crafted Mach‑O file to achieve arbitrary code execution or a denial of service. The connected sources (Apple security content for Xcode 9 and relat...

7.8CVSS8.7AI score0.01518EPSS
CVE
CVE
added 2023/09/26 8:14 p.m.56 views

CVE-2023-40435

CVE-2023-40435 affects Apple’s Xcode toolchain, specifically the iTMSTransporter workflow. The issue allowed an app to access App Store credentials; the root cause (per security advisories) was mitigated by enabling the hardened runtime, with the fix present in Xcode 15. The reported CVSS metrics...

5.5CVSS5AI score0.00236EPSS
CVE
CVE
added 2016/09/18 10:0 p.m.55 views

CVE-2016-4705

Apple Xcode 8 and earlier contain memory-corruption vulnerabilities in the otool component that can allow a local attacker to gain privileges or cause a denial of service (application crash). CVE-2016-4704 and CVE-2016-4705 are tied to this issue; Apple indicates these were addressed via memory-h...

7.8CVSS7.4AI score0.00345EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.55 views

CVE-2019-8723

CVE-2019-8723 affects the ld64 component in Apple Xcode toolchains. The issue stems from insufficient input validation in ld64, enabling arbitrary code execution with user privileges when compiling code. The vulnerability is addressed by updating to Xcode 11.0, which includes ld64-507.4. Public d...

9.3CVSS8.8AI score0.01881EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.55 views

CVE-2019-8739

CVE-2019-8739 affects Apple’s Xcode toolchain, specifically the otool component. A memory corruption issue in otool could be triggered by processing a maliciously crafted file, potentially enabling arbitrary code execution. Apple’s security content confirms the fix in Xcode 11.0 and advises upgra...

7.8CVSS8.1AI score0.0098EPSS
CVE
CVE
added 2018/04/03 6:0 a.m.54 views

CVE-2017-7167

CVE-2017-7167 affects Apple Xcode before 9.2, where the ld64 linker component contains a buffer overflow. The flaw allows arbitrary code execution with user privileges when compiling with untrusted sources, leading to a high-severity outcome in the 3.0 CVSS (local, exploitable with no user intera...

7.8CVSS7.5AI score0.01364EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.53 views

CVE-2019-8738

CVE-2019-8738 affects the otool component of Apple Xcode prior to version 11.0. It is a memory corruption issue that could allow arbitrary code execution when processing a maliciously crafted file. Apple fixed this in Xcode 11.0 by updating the affected component and improving state management. T...

7.8CVSS8.1AI score0.0098EPSS
CVE
CVE
added 2006/10/17 9:0 p.m.52 views

CVE-2006-5328

OpenBase SQL 10.0 and earlier (as used in Apple Xcode 2.2 and earlier) is affected by a local privilege escalation vulnerability where an attacker can create arbitrary files via a symlink attack on the simulation.sql file. The root cause is a symlink handling flaw that allows a local user to leve...

7.2CVSS6.4AI score0.00337EPSS
CVE
CVE
added 2015/04/10 2:0 p.m.52 views

CVE-2015-3027

CVE-2015-3027 concerns Clang in LLVM as used in Apple Xcode prior to 6.3, where incorrect register allocation triggers stack storage for stack-cookie pointers. This behavior can allow context-dependent attackers to bypass the stack-guard protection mechanism in an affected C program. The provided...

5CVSS6.2AI score0.01299EPSS
CVE
CVE
added 2006/05/24 1:0 a.m.51 views

CVE-2006-1466

The CVE-2006-1466 entry concerns Xcode Tools prior to 2.3 on Mac OS X 10.4. The vulnerability is triggered when the WebObjects plugin runs, allowing remote attackers to access or modify WebObjects projects via a network service. The available sources identify the affected software and the impact ...

4CVSS6.7AI score0.02081EPSS
CVE
CVE
added 2015/12/11 11:0 a.m.43 views

CVE-2015-7056

Apple Xcode prior to 7.2 is affected by CVE-2015-7056 due to a failure of the IDE SCM to honor .gitignore directives. This allows remote attackers to disclose sensitive information by exploiting the presence of a file that matches an ignore pattern. The issue is corroborated by multiple sources i...

5CVSS5.6AI score0.01285EPSS
CVE
CVE
added 2025/09/15 10:35 p.m.28 views

CVE-2025-43375

The CVE-2025-43375 entry is tied to Xcode 26 where a path-handling issue can cause a process crash when processing an overly large path value. Technical details across connected sources consistently cite the vulnerability in the Xcode 26 development tools and the fix implemented by Apple (improve...

7.5CVSS6AI score0.00318EPSS
CVE
CVE
added 2025/09/15 10:34 p.m.25 views

CVE-2025-43263

CVE-2025-43263 affects Apple Xcode (26) with a sandbox check insufficiency in components such as IDE CoreML and Xcode itself. The issue allows an app to read and write files outside its sandbox due to insufficient path/file handling checks. The vulnerability is addressed in Xcode 26 via improved ...

7.1CVSS5.8AI score0.00197EPSS
CVE
CVE
added 2025/09/15 10:34 p.m.24 views

CVE-2025-43371

The CVE describes an Improper Access Control in Xcode where insufficient sandbox checks could allow an app to break out of its sandbox. Reports converge on Xcode 26 fixes; remediation is to update to Xcode 26 or later. The vulnerability is characterized by local attack vector with required user i...

8.2CVSS5.8AI score0.00184EPSS
CVE
CVE
added 2025/09/15 10:34 p.m.23 views

CVE-2025-43370

CVE-2025-43370 affects Apple Xcode 26, where a path handling issue can crash a process when processing an oversized path. The root cause is improved validation of path input in Xcode 26 development tooling, with confirmed fix in the Xcode 26 release. Public sources across Red Hat, CNVD, NVD, and ...

4CVSS6AI score0.00321EPSS
CVE
CVE
added 2026/01/16 5:6 p.m.18 views

CVE-2025-31186

CVE-2025-31186 affects Apple Xcode components (notably Playgrounds) where a permissions issue could allow an app to bypass Privacy preferences. Root cause: insufficient restrictions. Impact: potential exposure of private information or privacy policy circumvention, as described by multiple source...

3.3CVSS6AI score0.00141EPSS
CVE
CVE
added 2025/11/04 1:17 a.m.17 views

CVE-2025-43504

CVE-2025-43504 is tied to an out-of-bounds/write/ buffer overflow in Apple's Xcode 26.1 (specifically the LLDB component per Apple’s security content) that can be triggered by a crafted input from a user in a privileged network position, potentially causing a denial-of-service. The CNVD/CNNVD ent...

4.9CVSS6.3AI score0.00312EPSS
CVE
CVE
added 2026/03/25 12:32 a.m.16 views

CVE-2026-28890

CVE-2026-28890 describes an out-of-bounds read in Xcode that was addressed by improved bounds checking. Connected sources confirm the affected product is Xcode and indicate the fix is included in Xcode 26.4, with the impact stated as an app may terminate unexpectedly. The vulnerability details ac...

5.5CVSS5.8AI score0.00103EPSS
CVE
CVE
added 2025/11/04 1:16 a.m.13 views

CVE-2025-43505

Apple Xcode 26.1 fixes CVE-2025-43505, an out-of-bounds write caused by insufficient input validation that could allow heap corruption when processing a maliciously crafted file. Affected product: Xcode (and LLDB noted in Apple advisory). Remediation: update to Xcode 26.1. Notes from connected so...

8.8CVSS6.2AI score0.00234EPSS
CVE
CVE
added 2026/03/25 12:31 a.m.7 views

CVE-2026-28889

The CVE-2026-28889 entry pertains to Xcode prior to version 26.4, where a permissions issue could allow an app to read arbitrary files as root. The root cause is described as insufficient/added restrictions around permissions in the affected components. Apple’s advisory (Xcode 26.4) fixes the iss...

6.2CVSS5.9AI score0.00112EPSS
Total number of security vulnerabilities95