Lucene search
K

63 matches found

CVE
CVE
added 2018/04/03 6:0 a.m.54 views

CVE-2017-7167

CVE-2017-7167 affects Apple Xcode before 9.2, where the ld64 linker component contains a buffer overflow. The flaw allows arbitrary code execution with user privileges when compiling with untrusted sources, leading to a high-severity outcome in the 3.0 CVSS (local, exploitable with no user intera...

7.8CVSS7.5AI score0.01364EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.54 views

CVE-2019-8723

CVE-2019-8723 affects the ld64 component in Apple Xcode toolchains. The issue stems from insufficient input validation in ld64, enabling arbitrary code execution with user privileges when compiling code. The vulnerability is addressed by updating to Xcode 11.0, which includes ld64-507.4. Public d...

9.3CVSS8.8AI score0.01881EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.54 views

CVE-2019-8739

CVE-2019-8739 affects Apple’s Xcode toolchain, specifically the otool component. A memory corruption issue in otool could be triggered by processing a maliciously crafted file, potentially enabling arbitrary code execution. Apple’s security content confirms the fix in Xcode 11.0 and advises upgra...

7.8CVSS8.1AI score0.0098EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.53 views

CVE-2019-8738

CVE-2019-8738 affects the otool component of Apple Xcode prior to version 11.0. It is a memory corruption issue that could allow arbitrary code execution when processing a maliciously crafted file. Apple fixed this in Xcode 11.0 by updating the affected component and improving state management. T...

7.8CVSS8.1AI score0.0098EPSS
CVE
CVE
added 2025/09/15 10:35 p.m.28 views

CVE-2025-43375

The CVE-2025-43375 entry is tied to Xcode 26 where a path-handling issue can cause a process crash when processing an overly large path value. Technical details across connected sources consistently cite the vulnerability in the Xcode 26 development tools and the fix implemented by Apple (improve...

7.5CVSS6AI score0.00318EPSS
CVE
CVE
added 2025/09/15 10:34 p.m.25 views

CVE-2025-43263

CVE-2025-43263 affects Apple Xcode (26) with a sandbox check insufficiency in components such as IDE CoreML and Xcode itself. The issue allows an app to read and write files outside its sandbox due to insufficient path/file handling checks. The vulnerability is addressed in Xcode 26 via improved ...

7.1CVSS5.8AI score0.00197EPSS
CVE
CVE
added 2025/09/15 10:34 p.m.24 views

CVE-2025-43371

The CVE describes an Improper Access Control in Xcode where insufficient sandbox checks could allow an app to break out of its sandbox. Reports converge on Xcode 26 fixes; remediation is to update to Xcode 26 or later. The vulnerability is characterized by local attack vector with required user i...

8.2CVSS5.8AI score0.00184EPSS
CVE
CVE
added 2025/09/15 10:34 p.m.23 views

CVE-2025-43370

CVE-2025-43370 affects Apple Xcode 26, where a path handling issue can crash a process when processing an oversized path. The root cause is improved validation of path input in Xcode 26 development tooling, with confirmed fix in the Xcode 26 release. Public sources across Red Hat, CNVD, NVD, and ...

4CVSS6AI score0.00321EPSS
CVE
CVE
added 2026/01/16 5:6 p.m.18 views

CVE-2025-31186

CVE-2025-31186 affects Apple Xcode components (notably Playgrounds) where a permissions issue could allow an app to bypass Privacy preferences. Root cause: insufficient restrictions. Impact: potential exposure of private information or privacy policy circumvention, as described by multiple source...

3.3CVSS6AI score0.00141EPSS
CVE
CVE
added 2025/11/04 1:17 a.m.17 views

CVE-2025-43504

CVE-2025-43504 is tied to an out-of-bounds/write/ buffer overflow in Apple's Xcode 26.1 (specifically the LLDB component per Apple’s security content) that can be triggered by a crafted input from a user in a privileged network position, potentially causing a denial-of-service. The CNVD/CNNVD ent...

4.9CVSS6.3AI score0.00312EPSS
CVE
CVE
added 2026/03/25 12:32 a.m.16 views

CVE-2026-28890

CVE-2026-28890 describes an out-of-bounds read in Xcode that was addressed by improved bounds checking. Connected sources confirm the affected product is Xcode and indicate the fix is included in Xcode 26.4, with the impact stated as an app may terminate unexpectedly. The vulnerability details ac...

5.5CVSS5.8AI score0.00103EPSS
CVE
CVE
added 2025/11/04 1:16 a.m.13 views

CVE-2025-43505

Apple Xcode 26.1 fixes CVE-2025-43505, an out-of-bounds write caused by insufficient input validation that could allow heap corruption when processing a maliciously crafted file. Affected product: Xcode (and LLDB noted in Apple advisory). Remediation: update to Xcode 26.1. Notes from connected so...

8.8CVSS6.2AI score0.00234EPSS
CVE
CVE
added 2026/03/25 12:31 a.m.7 views

CVE-2026-28889

The CVE-2026-28889 entry pertains to Xcode prior to version 26.4, where a permissions issue could allow an app to read arbitrary files as root. The root cause is described as insufficient/added restrictions around permissions in the affected components. Apple’s advisory (Xcode 26.4) fixes the iss...

6.2CVSS5.9AI score0.00112EPSS
Total number of security vulnerabilities63