Lucene search
K
AppleXcode

95 matches found

CVE
CVE
added 2021/12/10 12:0 a.m.6762 views

CVE-2021-44228

CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...

10CVSS10AI score0.99999EPSS
In wild
CVE
CVE
added 2018/11/07 2:0 p.m.5263 views

CVE-2018-16843

CVE-2018-16843 affects nginx before 1.15.6 and 1.14.1, where HTTP/2 implementation vulnerabilities in ngx_http_v2_module (if http2 is enabled) can cause excessive memory usage. Connected advisories also reference related CVEs (16844/16845) and show multiple distributions (Debian, Fedora/Red Hat, ...

7.8CVSS7.3AI score0.47057EPSS
CVE
CVE
added 2018/11/07 2:0 p.m.5121 views

CVE-2018-16844

CVE-2018-16844 affects nginx before versions 1.15.6 and 1.14.1 where HTTP/2 implementation can cause excessive CPU usage when nginx is built with the ngx_http_v2_module and the listen directive uses http2. The issue is triggered by HTTP/2 handling and is report-backed across multiple providers (D...

7.8CVSS7.3AI score0.124EPSS
CVE
CVE
added 2018/11/07 2:0 p.m.4516 views

CVE-2018-16845

The CVE-2018-16845 issue affects nginx builds that include the ngx_http_mp4_module and the mp4 directive. Vulnerable are nginx versions earlier than 1.15.6 and 1.14.1 (when built with the module). The vulnerability arises from processing a specially crafted MP4 file, which could cause an infinite...

8.2CVSS6.4AI score0.09801EPSS
CVE
CVE
added 2020/01/09 8:5 p.m.4418 views

CVE-2019-20372

NGINX (on Amazon Linux 2) is affected by CVE-2019-20372 when configured with certain error_page settings, enabling HTTP request smuggling. The Amazon Linux 2 ALAS advisory ALAS2NGINX1-2023-004 confirms vulnerable 1.17.x/older configurations and provides patched packages: nginx 1.18.0 and related ...

5.3CVSS5.2AI score0.14961EPSS
CVE
CVE
added 2017/07/13 1:0 p.m.1985 views

CVE-2017-7529

The CVE-2017-7529 entry concerns nginx’s range filter module. Affected software: nginx (and nginx-mainline in Arch advisories). Vulnerable component: the HTTP range/filter logic within nginx range filter/module. Root cause: integer overflow when processing crafted byte ranges, leading to informat...

7.5CVSS7.3AI score0.62597EPSS
CVE
CVE
added 2015/07/20 11:0 p.m.1586 views

CVE-2015-3185

CVE-2015-3185 affects Apache HTTP Server (httpd) 2.4.x up to before 2.4.14. The ap_some_auth_required() function in server/request.c could incorrectly treat a request as authenticated, allowing modules using this API to bypass intended access controls. The issue’s fix/backport is described as imp...

4.3CVSS6.6AI score0.18795EPSS
CVE
CVE
added 2016/02/15 7:0 p.m.1351 views

CVE-2016-0746

CVE-2016-0746 is a use-after-free in nginx’s resolver when processing DNS CNAME responses. The issue affects nginx versions before 1.8.1 and 1.9.x before 1.9.10; exploitation could crash worker processes or yield other unspecified impacts. Remediation per connected docs: upgrade to non‑vulnerable...

9.8CVSS9.5AI score0.08625EPSS
CVE
CVE
added 2012/07/26 7:0 p.m.1293 views

CVE-2012-3698

Apple Xcode before 4.4 is affected by CVE-2012-3698 due to a design issue in composing a designated requirement (DR) during signing of programs without bundle identifiers. This allows remote attackers to read keychain entries via a crafted app, demonstrated with keychain data from a helper tool o...

5CVSS6.2AI score0.01104EPSS
CVE
CVE
added 2021/03/09 12:0 a.m.1015 views

CVE-2021-21300

Summary: CVE-2021-21300 affects Git when cloning into case-insensitive file systems and using certain clean/smudge filters (e.g., Git LFS). A specially crafted repository containing symbolic links and files processed by these filters can cause an unchecked script to run during checkout. Affected ...

8CVSS7.7AI score0.88644EPSS
CVE
CVE
added 2022/10/19 12:0 a.m.781 views

CVE-2022-39253

Summary (facts grounded to provided docs): CVE-2022-39253 affects Git versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, exposing sensitive data via local clones where source and target are on the same volume. The vulnerability arises when cloning a repository l...

5.5CVSS6.5AI score0.01336EPSS
CVE
CVE
added 2019/03/21 8:13 p.m.612 views

CVE-2019-3855

CVE-2019-3855 is a libssh2 integer overflow in the transport read path that may cause an out-of-bounds write when processing server packets. The issue appears in libssh2 prior to 1.8.1 and could enable code exposure or other impact if a user connects to a malicious SSH server. Connected advisorie...

9.3CVSS8.7AI score0.09219EPSS
CVE
CVE
added 2007/09/23 11:0 p.m.607 views

CVE-2004-2687

CVE-2004-2687 concerns distcc (distccd) where, if the server port is not access-restricted, remote attackers can execute arbitrary commands via compilation jobs. The core issue is lack of authorization checks in the distccd daemon when handling distributed compilation requests. Affected scope app...

9.3CVSS9.7AI score0.80978EPSS
In wild
CVE
CVE
added 2022/10/19 12:0 a.m.596 views

CVE-2022-39260

Git Shell command-argument parsing bug (CVE-2022-39260) in pre-2.30.6…2.37.4 allows an attacker with SSH access to a Git shell login to overflow an int-based count when building the argv array, enabling arbitrary heap writes and potential remote code execution via execv(). Affected setups require...

8.8CVSS9.2AI score0.02938EPSS
CVE
CVE
added 2022/04/12 12:0 a.m.520 views

CVE-2022-24765

CVE-2022-24765 affects Git on multi-user systems where untrusted users can create a C:.git directory; Git would then read and apply configuration from that directory, potentially altering behavior outside the intended repository. The issue arises from Git not checking directory ownership when rea...

7.8CVSS7AI score0.00782EPSS
CVE
CVE
added 2025/07/08 6:23 p.m.461 views

CVE-2025-48384

Git vulnerability CVE-2025-48384 arises from Git’s handling of trailing CR characters in config and submodule paths, which can cause a submodule to checkout to an incorrect location and potentially execute a post-checkout hook if a symlink points to the hooks directory. The issue affects Git and ...

8CVSS6.4AI score0.02775EPSS
In wildWeb
CVE
CVE
added 2019/07/29 11:42 a.m.314 views

CVE-2019-14379

CVE-2019-14379 affects FasterXML jackson-databind prior to 2.9.9.2, where default typing mishandling when ehcache is present (via net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup) leads to remote code execution. Affected component is jackson-databind’s data-binding implementatio...

9.8CVSS9.7AI score0.08045EPSS
CVE
CVE
added 2016/02/15 7:0 p.m.290 views

CVE-2016-0742

The CVE-2016-0742 issue affects nginx resolver prior to 1.8.1 and 1.9.x prior to 1.9.10. A crafted UDP DNS response can trigger an invalid pointer dereference, crashing a worker process and causing a denial of service. Affected component: resolver in nginx; root cause: dereference of invalid poin...

7.5CVSS7.8AI score0.81958EPSS
CVE
CVE
added 2016/02/15 7:0 p.m.262 views

CVE-2016-0747

The CVE-2016-0747 entry affects nginx rescanner behavior: the resolver in nginx (versions prior to 1.8.1 and 1.9.x prior to 1.9.10) does not properly limit CNAME resolution, allowing remote attackers to cause denial of service via excessive name-resolution work. Public details across multiple sou...

5.3CVSS6.8AI score0.08433EPSS
CVE
CVE
added 2022/07/12 12:0 a.m.257 views

CVE-2022-29187

CVE-2022-29187 – Git privilege escalation (details from connected docs): Affects Git on multi-user/local systems where the repository owner can influence commands via local repo configuration ownership checks. The root cause is failure to properly enforce ownership checks in local multi-user envi...

7.8CVSS7.2AI score0.00445EPSS
CVE
CVE
added 2024/03/15 10:29 p.m.256 views

CVE-2024-23298

CVE-2024-23298 affects Apple Xcode (prior to version 15.3). The issue is described as a logic problem in state management that enables Gatekeeper bypass. Multiple connected sources corroborate a local/remote-leaning impact tied to Gatekeeper checks being bypassed, with Apple noting the fix in Xco...

5.5CVSS5.8AI score0.00525EPSS
CVE
CVE
added 2015/08/12 2:0 p.m.224 views

CVE-2015-3184

CVE-2015-3184 affects Subversion’s mod_authz_svn when used with Apache httpd 2.4.x. The issue is an improper restriction of anonymous access in Subversion 1.7.x (before 1.7.21) and 1.8.x (before 1.8.14), which allows remote anonymous users to read hidden files via the path name. Affected product:...

5CVSS7.6AI score0.10607EPSS
CVE
CVE
added 2020/02/12 1:58 a.m.210 views

CVE-2014-9390

CVE-2014-9390 describes a remote command-execution risk in Git and several VCS clients when interacting with repositories on case-insensitive filesystems. A crafted .git/config in a tree can trigger arbitrary commands on the server/client, depending on the tool. Affected versions (per provided so...

9.8CVSS9.1AI score0.63178EPSS
CVE
CVE
added 2015/04/08 6:0 p.m.139 views

CVE-2015-0248

CVE-2015-0248 affects Subversion (mod_dav_svn and svnserve) versions 1.6.0–1.7.19 and 1.8.0–1.8.11. The issue is an assertion failure DoS triggered by crafted requests with dynamically evaluated revision numbers, potentially crashing the server. Multiple connected advisories confirm this vulnerab...

5CVSS7.9AI score0.12841EPSS
CVE
CVE
added 2022/03/18 5:59 p.m.134 views

CVE-2022-22602

The CVE-2022-22602 issue affects Apple Xcode components (notably the otool tool) where an out-of-bounds read could occur due to insufficient bounds checking. The vulnerability is fixed in Xcode 13.3. Impact described in sources: opening a maliciously crafted file may cause the application to term...

7.8CVSS8.2AI score0.00913EPSS
CVE
CVE
added 2015/04/08 6:0 p.m.132 views

CVE-2015-0251

CVE-2015-0251 affects Subversion’s mod_dav_svn server. The vulnerability arises from improper handling of the svn:author property in crafted v1 HTTP protocol request sequences, allowing remote authenticated users to spoof author information. Affected products/versions include Subversion 1.5.0–1.7...

4CVSS7.7AI score0.07558EPSS
CVE
CVE
added 2020/10/16 4:56 p.m.125 views

CVE-2020-9992

CVE-2020-9992 affects Apple's IDE Device Support in Xcode 12.0 and iOS/iPadOS 14 (paired-device remote debugging). The vulnerability allows an attacker in a privileged network position to execute arbitrary code on a paired device during a debug session over the network. Apple addressed this by en...

9.3CVSS7.5AI score0.02986EPSS
Web
CVE
CVE
added 2022/03/18 5:59 p.m.118 views

CVE-2022-22605

CVE-2022-22605 affects Apple Xcode components (notably otol) with an out-of-bounds read; exploitation would occur when opening a maliciously crafted file and could lead to arbitrary code execution. Apple fixes this in Xcode 13.3; update to that version or later to mitigate. The vulnerability is s...

7.8CVSS8.2AI score0.0078EPSS
CVE
CVE
added 2022/05/26 7:9 p.m.118 views

CVE-2022-26747

CVE-2022-26747 affects Apple Xcode IDE (macOS Monterey 12) due to a vulnerability in the IDE component where insufficient input checks could allow an app to gain elevated privileges. The issue is addressed in Xcode 13.4; CVSS indicates local exploitation with user interaction required and high im...

7.8CVSS6.9AI score0.0059EPSS
CVE
CVE
added 2023/02/27 12:0 a.m.117 views

CVE-2022-42797

The CVE-2022-42797 entry corresponds to an injection issue in Apple Xcode, specifically affecting the IDE Xcode Server component. According to multiple connected sources, the root cause is an input validation weakness that could allow an (unprivileged) app to gain root privileges. The vulnerabili...

7.8CVSS7AI score0.0031EPSS
CVE
CVE
added 2021/04/02 6:4 p.m.115 views

CVE-2021-1800

CVE-2021-1800 is tied to Apple Xcode 12.4. The vulnerability is a path handling issue in on-demand resources that could allow a malicious app to access arbitrary host files when using Xcode. Apple fixed this by improving path validation in Xcode 12.4. The cited sources (Apple advisory HT212153 an...

5.5CVSS4.6AI score0.00642EPSS
CVE
CVE
added 2015/08/12 2:0 p.m.114 views

CVE-2015-3187

CVE-2015-3187 affects Apache Subversion: the svn_repos_trace_node_locations function in Subversion before 1.7.21 and in 1.8.x before 1.8.14 can disclose sensitive path information. When path-based authorization is used, remote authenticated users could read the history of a node that has been mov...

4CVSS7.3AI score0.06464EPSS
CVE
CVE
added 2018/04/03 6:0 a.m.111 views

CVE-2018-4164

CVE-2018-4164 affects Apple Xcode 9.3 and its bundled LLVM component. The related EUVD/CNVD/PRION and Apple security pages indicate multiple issues in LLVM were addressed by updating to the LLVM version shipped with Xcode 9.3. The exact root cause and vulnerable subcomponents are not detailed in ...

10CVSS8.1AI score0.025EPSS
CVE
CVE
added 2022/03/18 5:59 p.m.111 views

CVE-2022-22608

CVE-2022-22608 affects Apple Xcode and describes an out-of-bounds read in a component exposed during file handling (notably the otool path in Xcode’s tooling) due to insufficient bounds checking. Multiple connected sources confirm the issue is fixed in Xcode 13.3; incident impact is described as ...

7.8CVSS8.2AI score0.00828EPSS
CVE
CVE
added 2022/03/18 5:59 p.m.108 views

CVE-2022-22603

CVE-2022-22603 affects Apple Xcode’s otool component. A boundary check vulnerability (out-of-bounds read) can be triggered by opening a maliciously crafted file, potentially causing an application termination or arbitrary code execution. Apple’s remedy is patching in Xcode 13.3. The available doc...

7.8CVSS8.2AI score0.00913EPSS
CVE
CVE
added 2022/03/18 5:59 p.m.106 views

CVE-2022-22604

CVE-2022-22604 is an Apple Xcode vulnerability describing an out-of-bounds read in the otool processing path of Xcode. The issue may cause application termination or allow arbitrary code execution when parsing a maliciously crafted file. Apple’s security content for Xcode 13.3 indicates the fix i...

7.8CVSS8.2AI score0.00913EPSS
CVE
CVE
added 2022/03/18 5:59 p.m.106 views

CVE-2022-22606

Apple Xcode is affected by an out-of-bounds read in the otool component when processing files. The issue is due to insufficient bounds checking and can lead to application termination or arbitrary code execution when opening a maliciously crafted file. It has been fixed in Xcode 13.3. Affected ve...

7.8CVSS8.2AI score0.00969EPSS
CVE
CVE
added 2023/09/26 8:14 p.m.105 views

CVE-2023-40391

CVE-2023-40391 affects Apple platforms with a memory handling issue that may allow an app to disclose kernel memory. Publicly documented fixes apply to tvOS 17, iOS 17, iPadOS 17, and macOS Sonoma 14 (and Xcode 15). No exploitation status is stated in the provided sources. The vulnerability is ad...

5.5CVSS4.9AI score0.00309EPSS
CVE
CVE
added 2024/09/16 11:23 p.m.104 views

CVE-2024-44191

CVE-2024-44191 affects Apple platforms and is tied to improper state management that could allow an app to gain unauthorized Bluetooth access. Connected sources confirm the issue is resolved in multiple Apple OS updates: iOS 17.7 and iPadOS 17.7, macOS Sequoia 15, iOS 18 and iPadOS 18, visionOS 2...

5.5CVSS5.9AI score0.00252EPSS
CVE
CVE
added 2023/05/08 12:0 a.m.103 views

CVE-2023-27967

The CVE-2023-27967 issue affects Apple's Xcode stack and was resolved in Xcode 14.3 through improved memory handling. The vulnerability could allow an app to execute arbitrary code outside its sandbox or with elevated privileges. Affected component: memory handling in Xcode before 14.3. Remediati...

8.6CVSS8.2AI score0.00234EPSS
CVE
CVE
added 2014/08/19 6:0 p.m.101 views

CVE-2014-3528

CVE-2014-3528 affects Apache Subversion: cached credentials are protected by an MD5 hash of the URL and authentication realm. Subversion 1.0.0–1.7.x (before 1.7.17) and 1.8.x (before 1.8.10) store credentials in this manner, which may allow a remote server to obtain credentials via a crafted auth...

4CVSS8.6AI score0.07495EPSS
CVE
CVE
added 2014/12/18 3:0 p.m.101 views

CVE-2014-3580

CVE-2014-3580 affects the mod_dav_svn component of Apache Subversion (1.x) prior to 1.7.19 and 1.8.x prior to 1.8.11. A remote attacker can trigger a NULL pointer dereference via a REPORT request for a non-existent resource , causing a denial of service and server crash. Connected sources documen...

5CVSS8.7AI score0.1067EPSS
CVE
CVE
added 2020/10/27 7:54 p.m.101 views

CVE-2019-8840

CVE-2019-8840 affects Apple Xcode (ld64) where an out-of-bounds read was caused by insufficient bounds checking. Impact: compiling with untrusted sources may allow arbitrary code execution with user privileges. Affected/product: Xcode (ld64 component) on macOS. Root cause: out-of-bounds read due ...

8.8CVSS8.3AI score0.01274EPSS
CVE
CVE
added 2023/05/08 12:0 a.m.101 views

CVE-2023-27945

CVE-2023-27945 affects macOS and Xcode components where entitlements were improved to fix a privacy issue: a sandboxed app may be able to collect system logs due to entitlements handling. Affected products/versions listed in connected docs include Xcode 14.3, macOS Big Sur 11.7.7, and macOS Monte...

6.3CVSS6.4AI score0.00245EPSS
CVE
CVE
added 2022/03/18 5:59 p.m.98 views

CVE-2022-22601

CVE-2022-22601 corresponds to an Apple Xcode out-of-bounds read vulnerability. The connected documents confirm a flaw in Xcode that can be triggered by opening a maliciously crafted file, potentially causing unexpected termination or arbitrary code execution. The issue is addressed by improved bo...

7.8CVSS8.2AI score0.00913EPSS
CVE
CVE
added 2022/03/18 5:59 p.m.98 views

CVE-2022-22607

CVE-2022-22607 describes an out-of-bounds read in Apple Xcode. The issue is mitigated by improved bounds checking and is fixed in Xcode 13.3. Impact per sources: opening a maliciously crafted file may cause unexpected termination or arbitrary code execution. Remediation: update to Xcode 13.3 or l...

7.8CVSS8.2AI score0.00828EPSS
CVE
CVE
added 2014/08/19 6:0 p.m.92 views

CVE-2014-3522

The CVE-2014-3522 vulnerability affects Subversion’s Serf RA layer, where wildcards in X.509 CN/subjectAltName are not properly validated, enabling MITM certificate spoofing. Affected: Subversion Serf-based TLS for versions 1.4.0–1.7.x before 1.7.18 and 1.8.x before 1.8.10. Impact: potential disc...

4CVSS8.3AI score0.05581EPSS
CVE
CVE
added 2014/12/18 3:0 p.m.92 views

CVE-2014-8108

The CVE-2014-8108 issue affects the Apache Subversion mod_dav_svn module. According to connected docs, Subversion 1.7.x is vulnerable before 1.7.19 and 1.8.x is vulnerable before 1.8.11, where a remote attacker can trigger a NULL pointer dereference by requesting a URI that causes a lookup for a ...

5CVSS8.7AI score0.09692EPSS
CVE
CVE
added 2019/04/03 5:43 p.m.88 views

CVE-2018-4357

CVE-2018-4357 is an Apple Xcode/LLVM memory corruption vulnerability: the LLVM/ Xcode component prior to Xcode 10 contains a flaw that allows memory corruption due to insufficient input validation. The issue could enable code execution with kernel privileges, as described in the Xcode 10 security...

9.3CVSS7.2AI score0.00926EPSS
CVE
CVE
added 2023/09/26 8:14 p.m.86 views

CVE-2023-32396

The CVE-2023-32396 issue affects Apple platforms and is fixed in Xcode 15, tvOS 17, watchOS 10, iOS 17, iPadOS 17, and macOS Sonoma 14. The description states that an app may be able to gain elevated privileges and that the fix involved improved checks. No additional attack vectors or exploit det...

7.8CVSS7AI score0.00344EPSS
Total number of security vulnerabilities95