63 matches found
CVE-2021-44228
CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...
CVE-2018-16843
CVE-2018-16843 affects nginx before 1.15.6 and 1.14.1, where HTTP/2 implementation vulnerabilities in ngx_http_v2_module (if http2 is enabled) can cause excessive memory usage. Connected advisories also reference related CVEs (16844/16845) and show multiple distributions (Debian, Fedora/Red Hat, ...
CVE-2018-16844
CVE-2018-16844 affects nginx before versions 1.15.6 and 1.14.1 where HTTP/2 implementation can cause excessive CPU usage when nginx is built with the ngx_http_v2_module and the listen directive uses http2. The issue is triggered by HTTP/2 handling and is report-backed across multiple providers (D...
CVE-2018-16845
The CVE-2018-16845 issue affects nginx builds that include the ngx_http_mp4_module and the mp4 directive. Vulnerable are nginx versions earlier than 1.15.6 and 1.14.1 (when built with the module). The vulnerability arises from processing a specially crafted MP4 file, which could cause an infinite...
CVE-2019-20372
NGINX (on Amazon Linux 2) is affected by CVE-2019-20372 when configured with certain error_page settings, enabling HTTP request smuggling. The Amazon Linux 2 ALAS advisory ALAS2NGINX1-2023-004 confirms vulnerable 1.17.x/older configurations and provides patched packages: nginx 1.18.0 and related ...
CVE-2017-7529
The CVE-2017-7529 entry concerns nginx’s range filter module. Affected software: nginx (and nginx-mainline in Arch advisories). Vulnerable component: the HTTP range/filter logic within nginx range filter/module. Root cause: integer overflow when processing crafted byte ranges, leading to informat...
CVE-2016-0746
CVE-2016-0746 is a use-after-free in nginx’s resolver when processing DNS CNAME responses. The issue affects nginx versions before 1.8.1 and 1.9.x before 1.9.10; exploitation could crash worker processes or yield other unspecified impacts. Remediation per connected docs: upgrade to non‑vulnerable...
CVE-2021-21300
Summary: CVE-2021-21300 affects Git when cloning into case-insensitive file systems and using certain clean/smudge filters (e.g., Git LFS). A specially crafted repository containing symbolic links and files processed by these filters can cause an unchecked script to run during checkout. Affected ...
CVE-2022-39253
Summary (facts grounded to provided docs): CVE-2022-39253 affects Git versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, exposing sensitive data via local clones where source and target are on the same volume. The vulnerability arises when cloning a repository l...
CVE-2019-3855
CVE-2019-3855 is a libssh2 integer overflow in the transport read path that may cause an out-of-bounds write when processing server packets. The issue appears in libssh2 prior to 1.8.1 and could enable code exposure or other impact if a user connects to a malicious SSH server. Connected advisorie...
CVE-2022-39260
Git Shell command-argument parsing bug (CVE-2022-39260) in pre-2.30.6…2.37.4 allows an attacker with SSH access to a Git shell login to overflow an int-based count when building the argv array, enabling arbitrary heap writes and potential remote code execution via execv(). Affected setups require...
CVE-2022-24765
CVE-2022-24765 affects Git on multi-user systems where untrusted users can create a C:.git directory; Git would then read and apply configuration from that directory, potentially altering behavior outside the intended repository. The issue arises from Git not checking directory ownership when rea...
CVE-2019-14379
CVE-2019-14379 affects FasterXML jackson-databind prior to 2.9.9.2, where default typing mishandling when ehcache is present (via net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup) leads to remote code execution. Affected component is jackson-databind’s data-binding implementatio...
CVE-2016-0742
The CVE-2016-0742 issue affects nginx resolver prior to 1.8.1 and 1.9.x prior to 1.9.10. A crafted UDP DNS response can trigger an invalid pointer dereference, crashing a worker process and causing a denial of service. Affected component: resolver in nginx; root cause: dereference of invalid poin...
CVE-2016-0747
The CVE-2016-0747 entry affects nginx rescanner behavior: the resolver in nginx (versions prior to 1.8.1 and 1.9.x prior to 1.9.10) does not properly limit CNAME resolution, allowing remote attackers to cause denial of service via excessive name-resolution work. Public details across multiple sou...
CVE-2024-23298
CVE-2024-23298 affects Apple Xcode (prior to version 15.3). The issue is described as a logic problem in state management that enables Gatekeeper bypass. Multiple connected sources corroborate a local/remote-leaning impact tied to Gatekeeper checks being bypassed, with Apple noting the fix in Xco...
CVE-2025-48384
Git vulnerability CVE-2025-48384 arises from Git’s handling of trailing CR characters in config and submodule paths, which can cause a submodule to checkout to an incorrect location and potentially execute a post-checkout hook if a symlink points to the hooks directory. The issue affects Git and ...
CVE-2022-29187
CVE-2022-29187 – Git privilege escalation (details from connected docs): Affects Git on multi-user/local systems where the repository owner can influence commands via local repo configuration ownership checks. The root cause is failure to properly enforce ownership checks in local multi-user envi...
CVE-2022-22602
The CVE-2022-22602 issue affects Apple Xcode components (notably the otool tool) where an out-of-bounds read could occur due to insufficient bounds checking. The vulnerability is fixed in Xcode 13.3. Impact described in sources: opening a maliciously crafted file may cause the application to term...
CVE-2020-9992
CVE-2020-9992 affects Apple's IDE Device Support in Xcode 12.0 and iOS/iPadOS 14 (paired-device remote debugging). The vulnerability allows an attacker in a privileged network position to execute arbitrary code on a paired device during a debug session over the network. Apple addressed this by en...
CVE-2022-42797
The CVE-2022-42797 entry corresponds to an injection issue in Apple Xcode, specifically affecting the IDE Xcode Server component. According to multiple connected sources, the root cause is an input validation weakness that could allow an (unprivileged) app to gain root privileges. The vulnerabili...
CVE-2022-22605
CVE-2022-22605 affects Apple Xcode components (notably otol) with an out-of-bounds read; exploitation would occur when opening a maliciously crafted file and could lead to arbitrary code execution. Apple fixes this in Xcode 13.3; update to that version or later to mitigate. The vulnerability is s...
CVE-2022-26747
CVE-2022-26747 affects Apple Xcode IDE (macOS Monterey 12) due to a vulnerability in the IDE component where insufficient input checks could allow an app to gain elevated privileges. The issue is addressed in Xcode 13.4; CVSS indicates local exploitation with user interaction required and high im...
CVE-2022-22608
CVE-2022-22608 affects Apple Xcode and describes an out-of-bounds read in a component exposed during file handling (notably the otool path in Xcode’s tooling) due to insufficient bounds checking. Multiple connected sources confirm the issue is fixed in Xcode 13.3; incident impact is described as ...
CVE-2018-4164
CVE-2018-4164 affects Apple Xcode 9.3 and its bundled LLVM component. The related EUVD/CNVD/PRION and Apple security pages indicate multiple issues in LLVM were addressed by updating to the LLVM version shipped with Xcode 9.3. The exact root cause and vulnerable subcomponents are not detailed in ...
CVE-2021-1800
CVE-2021-1800 is tied to Apple Xcode 12.4. The vulnerability is a path handling issue in on-demand resources that could allow a malicious app to access arbitrary host files when using Xcode. Apple fixed this by improving path validation in Xcode 12.4. The cited sources (Apple advisory HT212153 an...
CVE-2022-22604
CVE-2022-22604 is an Apple Xcode vulnerability describing an out-of-bounds read in the otool processing path of Xcode. The issue may cause application termination or allow arbitrary code execution when parsing a maliciously crafted file. Apple’s security content for Xcode 13.3 indicates the fix i...
CVE-2022-22603
CVE-2022-22603 affects Apple Xcode’s otool component. A boundary check vulnerability (out-of-bounds read) can be triggered by opening a maliciously crafted file, potentially causing an application termination or arbitrary code execution. Apple’s remedy is patching in Xcode 13.3. The available doc...
CVE-2022-22606
Apple Xcode is affected by an out-of-bounds read in the otool component when processing files. The issue is due to insufficient bounds checking and can lead to application termination or arbitrary code execution when opening a maliciously crafted file. It has been fixed in Xcode 13.3. Affected ve...
CVE-2024-44191
CVE-2024-44191 affects Apple platforms and is tied to improper state management that could allow an app to gain unauthorized Bluetooth access. Connected sources confirm the issue is resolved in multiple Apple OS updates: iOS 17.7 and iPadOS 17.7, macOS Sequoia 15, iOS 18 and iPadOS 18, visionOS 2...
CVE-2023-40391
CVE-2023-40391 affects Apple platforms with a memory handling issue that may allow an app to disclose kernel memory. Publicly documented fixes apply to tvOS 17, iOS 17, iPadOS 17, and macOS Sonoma 14 (and Xcode 15). No exploitation status is stated in the provided sources. The vulnerability is ad...
CVE-2023-27967
The CVE-2023-27967 issue affects Apple's Xcode stack and was resolved in Xcode 14.3 through improved memory handling. The vulnerability could allow an app to execute arbitrary code outside its sandbox or with elevated privileges. Affected component: memory handling in Xcode before 14.3. Remediati...
CVE-2023-27945
CVE-2023-27945 affects macOS and Xcode components where entitlements were improved to fix a privacy issue: a sandboxed app may be able to collect system logs due to entitlements handling. Affected products/versions listed in connected docs include Xcode 14.3, macOS Big Sur 11.7.7, and macOS Monte...
CVE-2019-8840
CVE-2019-8840 affects Apple Xcode (ld64) where an out-of-bounds read was caused by insufficient bounds checking. Impact: compiling with untrusted sources may allow arbitrary code execution with user privileges. Affected/product: Xcode (ld64 component) on macOS. Root cause: out-of-bounds read due ...
CVE-2022-22607
CVE-2022-22607 describes an out-of-bounds read in Apple Xcode. The issue is mitigated by improved bounds checking and is fixed in Xcode 13.3. Impact per sources: opening a maliciously crafted file may cause unexpected termination or arbitrary code execution. Remediation: update to Xcode 13.3 or l...
CVE-2022-22601
CVE-2022-22601 corresponds to an Apple Xcode out-of-bounds read vulnerability. The connected documents confirm a flaw in Xcode that can be triggered by opening a maliciously crafted file, potentially causing unexpected termination or arbitrary code execution. The issue is addressed by improved bo...
CVE-2018-4357
CVE-2018-4357 is an Apple Xcode/LLVM memory corruption vulnerability: the LLVM/ Xcode component prior to Xcode 10 contains a flaw that allows memory corruption due to insufficient input validation. The issue could enable code execution with kernel privileges, as described in the Xcode 10 security...
CVE-2023-32396
The CVE-2023-32396 issue affects Apple platforms and is fixed in Xcode 15, tvOS 17, watchOS 10, iOS 17, iPadOS 17, and macOS Sonoma 14. The description states that an app may be able to gain elevated privileges and that the fix involved improved checks. No additional attack vectors or exploit det...
CVE-2025-30441
CVE-2025-30441 affects Apple Xcode and is tied to an out-of-bounds write that could allow an app to overwrite arbitrary files. The issue is described as being addressed through improved state management and fixed in Xcode 16.3. Connected sources corroborate the vulnerability in the Xcode IDE and ...
CVE-2019-8806
CVE-2019-8806 is tied to Apple Xcode/LLVM. The issue is described as a memory corruption vulnerability in LLVM that was fixed in Xcode 11.2, with exploitation possible by processing a maliciously crafted file and potentially leading to arbitrary code execution. The Apple advisory HT210729 confirm...
CVE-2019-8800
CVE-2019-8800 concerns Apple Xcode’s LLVM component. The vulnerability is described as a memory corruption issue fixed in Xcode 11.2, with failure triggered by processing a maliciously crafted file that may lead to arbitrary code execution. Public sources in the connected dataset consistently tie...
CVE-2024-44162
CVE-2024-44162 affects the Apple Xcode IDE. A malicious application could gain access to a user’s Keychain items. The issue was addressed by enabling the hardened runtime and is fixed in Xcode 16. The Red Hat/OSS feeds corroborate: impact remains local and requires the hardened runtime mitigation...
CVE-2025-24226
The CVE-2025-24226 entry concerns Apple Xcode 16.3 where a malicious app may access private information due to insufficient checks. Public records consistently state that the issue is fixed in Xcode 16.3 through improved checks. Affected component is Xcode (IDE assets, as described by Apple’s adv...
CVE-2019-8721
CVE-2019-8721 affects the ld64 component of the Xcode toolchains. The underlying issue is a failure to properly validate input in ld64, which could allow arbitrary code execution with user privileges. The vulnerability is addressed by updating to ld64-507.4 as part of Xcode 11.0. Affected context...
CVE-2024-44228
CVE-2024-44228 relates to Apple Xcode 16 security updates. The connected sources indicate a permissions-checking weakness where a malicious or misbehaving app (notably within Xcode’s Playgrounds) could potentially inherit permissions from Xcode and access user data. The root cause is described as...
CVE-2019-8724
CVE-2019-8724 concerns ld64 in the Xcode toolchains. The vulnerability arises from input validation failures in ld64, allowing arbitrary code execution with user privileges. Affected product: Apple Xcode 11.0 toolchain (macOS Mojave 10.14.4 and later) where the issue is fixed by updating to ld64-...
CVE-2019-8722
CVE-2019-8722 refers to an arbitrary code execution vulnerability in the ld64 component of Apple’s Xcode toolchains. The issue arises from insufficient input validation during compilation, enabling code execution with user privileges. Apple fixed this in Xcode 11.0 by updating ld64 to version 507...
CVE-2024-40862
CVE-2024-40862 pertains to an Apple Xcode security issue where an attacker could determine the Apple ID of the computer owner. All connected documents identify this as a privacy flaw that was addressed by removing sensitive data and fixes are available in Xcode 16. The vulnerability is described ...
CVE-2023-40435
CVE-2023-40435 affects Apple’s Xcode toolchain, specifically the iTMSTransporter workflow. The issue allowed an app to access App Store credentials; the root cause (per security advisories) was mitigated by enabling the hardened runtime, with the fix present in Xcode 15. The reported CVSS metrics...
CVE-2019-8739
CVE-2019-8739 affects Apple’s Xcode toolchain, specifically the otool component. A memory corruption issue in otool could be triggered by processing a maliciously crafted file, potentially enabling arbitrary code execution. Apple’s security content confirms the fix in Xcode 11.0 and advises upgra...