Lucene search
K
AppleXcode

39 matches found

CVE
CVE
added 2018/11/07 2:0 p.m.5271 views

CVE-2018-16843

CVE-2018-16843 affects nginx before 1.15.6 and 1.14.1, where HTTP/2 implementation vulnerabilities in ngx_http_v2_module (if http2 is enabled) can cause excessive memory usage. Connected advisories also reference related CVEs (16844/16845) and show multiple distributions (Debian, Fedora/Red Hat, ...

7.8CVSS7.3AI score0.47057EPSS
CVE
CVE
added 2018/11/07 2:0 p.m.5123 views

CVE-2018-16844

CVE-2018-16844 affects nginx before versions 1.15.6 and 1.14.1 where HTTP/2 implementation can cause excessive CPU usage when nginx is built with the ngx_http_v2_module and the listen directive uses http2. The issue is triggered by HTTP/2 handling and is report-backed across multiple providers (D...

7.8CVSS7.3AI score0.124EPSS
CVE
CVE
added 2017/07/13 1:0 p.m.2004 views

CVE-2017-7529

The CVE-2017-7529 entry concerns nginx’s range filter module. Affected software: nginx (and nginx-mainline in Arch advisories). Vulnerable component: the HTTP range/filter logic within nginx range filter/module. Root cause: integer overflow when processing crafted byte ranges, leading to informat...

7.5CVSS7.3AI score0.62597EPSS
CVE
CVE
added 2022/04/12 12:0 a.m.542 views

CVE-2022-24765

CVE-2022-24765 affects Git on multi-user systems where untrusted users can create a C:.git directory; Git would then read and apply configuration from that directory, potentially altering behavior outside the intended repository. The issue arises from Git not checking directory ownership when rea...

7.8CVSS7AI score0.00782EPSS
CVE
CVE
added 2016/02/15 7:0 p.m.294 views

CVE-2016-0742

The CVE-2016-0742 issue affects nginx resolver prior to 1.8.1 and 1.9.x prior to 1.9.10. A crafted UDP DNS response can trigger an invalid pointer dereference, crashing a worker process and causing a denial of service. Affected component: resolver in nginx; root cause: dereference of invalid poin...

7.5CVSS7.8AI score0.81958EPSS
CVE
CVE
added 2022/07/12 12:0 a.m.264 views

CVE-2022-29187

CVE-2022-29187 – Git privilege escalation (details from connected docs): Affects Git on multi-user/local systems where the repository owner can influence commands via local repo configuration ownership checks. The root cause is failure to properly enforce ownership checks in local multi-user envi...

7.8CVSS7.2AI score0.00441EPSS
CVE
CVE
added 2022/03/18 5:59 p.m.138 views

CVE-2022-22602

The CVE-2022-22602 issue affects Apple Xcode components (notably the otool tool) where an out-of-bounds read could occur due to insufficient bounds checking. The vulnerability is fixed in Xcode 13.3. Impact described in sources: opening a maliciously crafted file may cause the application to term...

7.8CVSS8.2AI score0.00913EPSS
CVE
CVE
added 2022/03/18 5:59 p.m.122 views

CVE-2022-22605

CVE-2022-22605 affects Apple Xcode components (notably otol) with an out-of-bounds read; exploitation would occur when opening a maliciously crafted file and could lead to arbitrary code execution. Apple fixes this in Xcode 13.3; update to that version or later to mitigate. The vulnerability is s...

7.8CVSS8.2AI score0.0078EPSS
CVE
CVE
added 2022/05/26 7:9 p.m.121 views

CVE-2022-26747

CVE-2022-26747 affects Apple Xcode IDE (macOS Monterey 12) due to a vulnerability in the IDE component where insufficient input checks could allow an app to gain elevated privileges. The issue is addressed in Xcode 13.4; CVSS indicates local exploitation with user interaction required and high im...

7.8CVSS6.9AI score0.0059EPSS
CVE
CVE
added 2022/03/18 5:59 p.m.120 views

CVE-2022-22603

CVE-2022-22603 affects Apple Xcode’s otool component. A boundary check vulnerability (out-of-bounds read) can be triggered by opening a maliciously crafted file, potentially causing an application termination or arbitrary code execution. Apple’s remedy is patching in Xcode 13.3. The available doc...

7.8CVSS8.2AI score0.00913EPSS
CVE
CVE
added 2023/02/27 12:0 a.m.119 views

CVE-2022-42797

The CVE-2022-42797 entry corresponds to an injection issue in Apple Xcode, specifically affecting the IDE Xcode Server component. According to multiple connected sources, the root cause is an input validation weakness that could allow an (unprivileged) app to gain root privileges. The vulnerabili...

7.8CVSS7AI score0.0031EPSS
CVE
CVE
added 2022/03/18 5:59 p.m.116 views

CVE-2022-22608

CVE-2022-22608 affects Apple Xcode and describes an out-of-bounds read in a component exposed during file handling (notably the otool path in Xcode’s tooling) due to insufficient bounds checking. Multiple connected sources confirm the issue is fixed in Xcode 13.3; incident impact is described as ...

7.8CVSS8.2AI score0.00828EPSS
CVE
CVE
added 2022/03/18 5:59 p.m.110 views

CVE-2022-22604

CVE-2022-22604 is an Apple Xcode vulnerability describing an out-of-bounds read in the otool processing path of Xcode. The issue may cause application termination or allow arbitrary code execution when parsing a maliciously crafted file. Apple’s security content for Xcode 13.3 indicates the fix i...

7.8CVSS8.2AI score0.00913EPSS
CVE
CVE
added 2022/03/18 5:59 p.m.109 views

CVE-2022-22606

Apple Xcode is affected by an out-of-bounds read in the otool component when processing files. The issue is due to insufficient bounds checking and can lead to application termination or arbitrary code execution when opening a maliciously crafted file. It has been fixed in Xcode 13.3. Affected ve...

7.8CVSS8.2AI score0.00969EPSS
CVE
CVE
added 2022/03/18 5:59 p.m.101 views

CVE-2022-22601

CVE-2022-22601 corresponds to an Apple Xcode out-of-bounds read vulnerability. The connected documents confirm a flaw in Xcode that can be triggered by opening a maliciously crafted file, potentially causing unexpected termination or arbitrary code execution. The issue is addressed by improved bo...

7.8CVSS8.2AI score0.00913EPSS
CVE
CVE
added 2022/03/18 5:59 p.m.101 views

CVE-2022-22607

CVE-2022-22607 describes an out-of-bounds read in Apple Xcode. The issue is mitigated by improved bounds checking and is fixed in Xcode 13.3. Impact per sources: opening a maliciously crafted file may cause unexpected termination or arbitrary code execution. Remediation: update to Xcode 13.3 or l...

7.8CVSS8.2AI score0.00828EPSS
CVE
CVE
added 2023/09/26 8:14 p.m.87 views

CVE-2023-32396

The CVE-2023-32396 issue affects Apple platforms and is fixed in Xcode 15, tvOS 17, watchOS 10, iOS 17, iPadOS 17, and macOS Sonoma 14. The description states that an app may be able to gain elevated privileges and that the fix involved improved checks. No additional attack vectors or exploit det...

7.8CVSS7AI score0.00344EPSS
CVE
CVE
added 2014/10/08 5:0 p.m.76 views

CVE-2014-6394

The CVE-2014-6394 entry concerns visionmedia send before 0.8.4 for Node.js. The vulnerability arises from a partial directory-root verification, which can allow a remote attacker to escape the intended restricted directory and access files such as those under a public-restricted path (e.g., publi...

7.5CVSS6.3AI score0.04257EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.75 views

CVE-2019-8806

CVE-2019-8806 is tied to Apple Xcode/LLVM. The issue is described as a memory corruption vulnerability in LLVM that was fixed in Xcode 11.2, with exploitation possible by processing a maliciously crafted file and potentially leading to arbitrary code execution. The Apple advisory HT210729 confirm...

7.8CVSS7.6AI score0.0098EPSS
CVE
CVE
added 2006/10/17 9:0 p.m.74 views

CVE-2006-5327

CVE-2006-5327 describes an untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, including usage in Apple Xcode 2.2 and earlier. A local attacker can execute arbitrary code by placing a malicious gzip executable on a modified PATH, which is then invoked by gnutar under certain TAR...

7.2CVSS7.7AI score0.00569EPSS
CVE
CVE
added 2024/09/16 11:23 p.m.73 views

CVE-2024-44162

CVE-2024-44162 affects the Apple Xcode IDE. A malicious application could gain access to a user’s Keychain items. The issue was addressed by enabling the hardened runtime and is fixed in Xcode 16. The Red Hat/OSS feeds corroborate: impact remains local and requires the hardened runtime mitigation...

7.8CVSS6.8AI score0.00208EPSS
CVE
CVE
added 2017/10/23 1:0 a.m.72 views

CVE-2017-7134

CVE-2017-7134 affects Apple Xcode prior to 9, with the ld64 linker component. A crafted Mach-O file can trigger arbitrary code execution or memory corruption, potentially causing an application crash. Public sources (NVD entry) describe remote code execution risk, while Apple’s advisory for Xcode...

7.8CVSS8.7AI score0.01518EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.72 views

CVE-2019-8800

CVE-2019-8800 concerns Apple Xcode’s LLVM component. The vulnerability is described as a memory corruption issue fixed in Xcode 11.2, with failure triggered by processing a maliciously crafted file that may lead to arbitrary code execution. Public sources in the connected dataset consistently tie...

7.8CVSS7.6AI score0.0098EPSS
CVE
CVE
added 2017/10/23 1:0 a.m.69 views

CVE-2017-7135

CVE-2017-7135 affects Apple Xcode before 9, involving the ld64 linker. A crafted Mach-O file can lead to arbitrary code execution or memory corruption causing a crash. Public sources (Apple KB HT208103, NVD entry) corroborate memory-corruption/Code Execution risks and indicate fixes were addresse...

7.8CVSS8.7AI score0.01518EPSS
CVE
CVE
added 2016/03/24 1:0 a.m.65 views

CVE-2016-1765

CVE-2016-1765 is an Apple Xcode 7.3-era memory corruption issue in otool (and related memory handling) that allows a local attacker to gain privileges or cause a denial of service. Affected: Xcode prior to 7.3 on macOS (OS X El Capitan v10.11 and later). Root cause: memory corruption from imprope...

7.8CVSS6AI score0.00329EPSS
CVE
CVE
added 2016/09/18 10:0 p.m.63 views

CVE-2016-4705

Apple Xcode 8 and earlier contain memory-corruption vulnerabilities in the otool component that can allow a local attacker to gain privileges or cause a denial of service (application crash). CVE-2016-4704 and CVE-2016-4705 are tied to this issue; Apple indicates these were addressed via memory-h...

7.8CVSS7.4AI score0.00345EPSS
CVE
CVE
added 2024/10/28 9:8 p.m.62 views

CVE-2024-44228

CVE-2024-44228 relates to Apple Xcode 16 security updates. The connected sources indicate a permissions-checking weakness where a malicious or misbehaving app (notably within Xcode’s Playgrounds) could potentially inherit permissions from Xcode and access user data. The root cause is described as...

7.5CVSS5.7AI score0.00412EPSS
CVE
CVE
added 2017/10/23 1:0 a.m.61 views

CVE-2017-7137

Apple Xcode before version 9 is affected by ld64 memory-handling issues that can be triggered by a crafted Mach-O file, potentially enabling arbitrary code execution or a denial of service. Connected sources confirm CVE-2017-7137 (and related CVEs) apply to the ld64 component within Xcode 9 era. ...

7.8CVSS8.7AI score0.01518EPSS
CVE
CVE
added 2015/04/10 2:0 p.m.60 views

CVE-2015-1149

CVE-2015-1149 affects the Swift simulator in Apple Xcode prior to 6.3. The issue is an integer overflow during type-conversion in the Swift simulator, which can cause conversions to return unexpected values and enable a denial-of-service or related unspecified impact. Affected product: Xcode and ...

7.5CVSS7.3AI score0.01619EPSS
CVE
CVE
added 2015/10/23 10:0 a.m.59 views

CVE-2015-7030

CVE-2015-7030 affects Apple Xcode before 7.1, where the Swift implementation mishandles certain type conversions. Multiple sources describe it as an information-disclosure/logic-conversion issue that could allow an attacker to obtain sensitive information or circumvent program logic; the vendor a...

7.5CVSS6.2AI score0.01619EPSS
CVE
CVE
added 2017/10/23 1:0 a.m.59 views

CVE-2017-7136

CVE-2017-7136 is documented as a memory corruption vulnerability in the ld64 linker used by Apple Xcode prior to version 9, exploitable via parsing a crafted Mach‑O file to achieve arbitrary code execution or a denial of service. The connected sources (Apple security content for Xcode 9 and relat...

7.8CVSS8.7AI score0.01518EPSS
CVE
CVE
added 2016/09/18 10:0 p.m.57 views

CVE-2016-4704

CVE-2016-4704 affects Apple Xcode 8 and earlier, where the otool component may allow a local attacker to gain privileges or cause a denial of service via memory corruption. Apple’s security content for Xcode 8 documents multiple memory corruption issues addressed by improved memory handling, with...

7.8CVSS7.4AI score0.00314EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.57 views

CVE-2019-8739

CVE-2019-8739 affects Apple’s Xcode toolchain, specifically the otool component. A memory corruption issue in otool could be triggered by processing a maliciously crafted file, potentially enabling arbitrary code execution. Apple’s security content confirms the fix in Xcode 11.0 and advises upgra...

7.8CVSS8.1AI score0.0098EPSS
CVE
CVE
added 2024/09/16 11:23 p.m.57 views

CVE-2024-40862

CVE-2024-40862 pertains to an Apple Xcode security issue where an attacker could determine the Apple ID of the computer owner. All connected documents identify this as a privacy flaw that was addressed by removing sensitive data and fixes are available in Xcode 16. The vulnerability is described ...

7.5CVSS6.1AI score0.00478EPSS
CVE
CVE
added 2006/10/17 9:0 p.m.55 views

CVE-2006-5328

OpenBase SQL 10.0 and earlier (as used in Apple Xcode 2.2 and earlier) is affected by a local privilege escalation vulnerability where an attacker can create arbitrary files via a symlink attack on the simulation.sql file. The root cause is a symlink handling flaw that allows a local user to leve...

7.2CVSS6.4AI score0.00337EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.55 views

CVE-2019-8738

CVE-2019-8738 affects the otool component of Apple Xcode prior to version 11.0. It is a memory corruption issue that could allow arbitrary code execution when processing a maliciously crafted file. Apple fixed this in Xcode 11.0 by updating the affected component and improving state management. T...

7.8CVSS8.1AI score0.0098EPSS
CVE
CVE
added 2018/04/03 6:0 a.m.54 views

CVE-2017-7167

CVE-2017-7167 affects Apple Xcode before 9.2, where the ld64 linker component contains a buffer overflow. The flaw allows arbitrary code execution with user privileges when compiling with untrusted sources, leading to a high-severity outcome in the 3.0 CVSS (local, exploitable with no user intera...

7.8CVSS7.5AI score0.01364EPSS
CVE
CVE
added 2025/09/15 10:35 p.m.30 views

CVE-2025-43375

The CVE-2025-43375 entry is tied to Xcode 26 where a path-handling issue can cause a process crash when processing an overly large path value. Technical details across connected sources consistently cite the vulnerability in the Xcode 26 development tools and the fix implemented by Apple (improve...

7.5CVSS6AI score0.00318EPSS
CVE
CVE
added 2025/09/15 10:34 p.m.28 views

CVE-2025-43263

CVE-2025-43263 affects Apple Xcode (26) with a sandbox check insufficiency in components such as IDE CoreML and Xcode itself. The issue allows an app to read and write files outside its sandbox due to insufficient path/file handling checks. The vulnerability is addressed in Xcode 26 via improved ...

7.1CVSS5.8AI score0.00197EPSS