39 matches found
CVE-2018-16843
CVE-2018-16843 affects nginx before 1.15.6 and 1.14.1, where HTTP/2 implementation vulnerabilities in ngx_http_v2_module (if http2 is enabled) can cause excessive memory usage. Connected advisories also reference related CVEs (16844/16845) and show multiple distributions (Debian, Fedora/Red Hat, ...
CVE-2018-16844
CVE-2018-16844 affects nginx before versions 1.15.6 and 1.14.1 where HTTP/2 implementation can cause excessive CPU usage when nginx is built with the ngx_http_v2_module and the listen directive uses http2. The issue is triggered by HTTP/2 handling and is report-backed across multiple providers (D...
CVE-2017-7529
The CVE-2017-7529 entry concerns nginx’s range filter module. Affected software: nginx (and nginx-mainline in Arch advisories). Vulnerable component: the HTTP range/filter logic within nginx range filter/module. Root cause: integer overflow when processing crafted byte ranges, leading to informat...
CVE-2022-24765
CVE-2022-24765 affects Git on multi-user systems where untrusted users can create a C:.git directory; Git would then read and apply configuration from that directory, potentially altering behavior outside the intended repository. The issue arises from Git not checking directory ownership when rea...
CVE-2016-0742
The CVE-2016-0742 issue affects nginx resolver prior to 1.8.1 and 1.9.x prior to 1.9.10. A crafted UDP DNS response can trigger an invalid pointer dereference, crashing a worker process and causing a denial of service. Affected component: resolver in nginx; root cause: dereference of invalid poin...
CVE-2022-29187
CVE-2022-29187 – Git privilege escalation (details from connected docs): Affects Git on multi-user/local systems where the repository owner can influence commands via local repo configuration ownership checks. The root cause is failure to properly enforce ownership checks in local multi-user envi...
CVE-2022-22602
The CVE-2022-22602 issue affects Apple Xcode components (notably the otool tool) where an out-of-bounds read could occur due to insufficient bounds checking. The vulnerability is fixed in Xcode 13.3. Impact described in sources: opening a maliciously crafted file may cause the application to term...
CVE-2022-22605
CVE-2022-22605 affects Apple Xcode components (notably otol) with an out-of-bounds read; exploitation would occur when opening a maliciously crafted file and could lead to arbitrary code execution. Apple fixes this in Xcode 13.3; update to that version or later to mitigate. The vulnerability is s...
CVE-2022-26747
CVE-2022-26747 affects Apple Xcode IDE (macOS Monterey 12) due to a vulnerability in the IDE component where insufficient input checks could allow an app to gain elevated privileges. The issue is addressed in Xcode 13.4; CVSS indicates local exploitation with user interaction required and high im...
CVE-2022-22603
CVE-2022-22603 affects Apple Xcode’s otool component. A boundary check vulnerability (out-of-bounds read) can be triggered by opening a maliciously crafted file, potentially causing an application termination or arbitrary code execution. Apple’s remedy is patching in Xcode 13.3. The available doc...
CVE-2022-42797
The CVE-2022-42797 entry corresponds to an injection issue in Apple Xcode, specifically affecting the IDE Xcode Server component. According to multiple connected sources, the root cause is an input validation weakness that could allow an (unprivileged) app to gain root privileges. The vulnerabili...
CVE-2022-22608
CVE-2022-22608 affects Apple Xcode and describes an out-of-bounds read in a component exposed during file handling (notably the otool path in Xcode’s tooling) due to insufficient bounds checking. Multiple connected sources confirm the issue is fixed in Xcode 13.3; incident impact is described as ...
CVE-2022-22604
CVE-2022-22604 is an Apple Xcode vulnerability describing an out-of-bounds read in the otool processing path of Xcode. The issue may cause application termination or allow arbitrary code execution when parsing a maliciously crafted file. Apple’s security content for Xcode 13.3 indicates the fix i...
CVE-2022-22606
Apple Xcode is affected by an out-of-bounds read in the otool component when processing files. The issue is due to insufficient bounds checking and can lead to application termination or arbitrary code execution when opening a maliciously crafted file. It has been fixed in Xcode 13.3. Affected ve...
CVE-2022-22601
CVE-2022-22601 corresponds to an Apple Xcode out-of-bounds read vulnerability. The connected documents confirm a flaw in Xcode that can be triggered by opening a maliciously crafted file, potentially causing unexpected termination or arbitrary code execution. The issue is addressed by improved bo...
CVE-2022-22607
CVE-2022-22607 describes an out-of-bounds read in Apple Xcode. The issue is mitigated by improved bounds checking and is fixed in Xcode 13.3. Impact per sources: opening a maliciously crafted file may cause unexpected termination or arbitrary code execution. Remediation: update to Xcode 13.3 or l...
CVE-2023-32396
The CVE-2023-32396 issue affects Apple platforms and is fixed in Xcode 15, tvOS 17, watchOS 10, iOS 17, iPadOS 17, and macOS Sonoma 14. The description states that an app may be able to gain elevated privileges and that the fix involved improved checks. No additional attack vectors or exploit det...
CVE-2014-6394
The CVE-2014-6394 entry concerns visionmedia send before 0.8.4 for Node.js. The vulnerability arises from a partial directory-root verification, which can allow a remote attacker to escape the intended restricted directory and access files such as those under a public-restricted path (e.g., publi...
CVE-2019-8806
CVE-2019-8806 is tied to Apple Xcode/LLVM. The issue is described as a memory corruption vulnerability in LLVM that was fixed in Xcode 11.2, with exploitation possible by processing a maliciously crafted file and potentially leading to arbitrary code execution. The Apple advisory HT210729 confirm...
CVE-2006-5327
CVE-2006-5327 describes an untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, including usage in Apple Xcode 2.2 and earlier. A local attacker can execute arbitrary code by placing a malicious gzip executable on a modified PATH, which is then invoked by gnutar under certain TAR...
CVE-2024-44162
CVE-2024-44162 affects the Apple Xcode IDE. A malicious application could gain access to a user’s Keychain items. The issue was addressed by enabling the hardened runtime and is fixed in Xcode 16. The Red Hat/OSS feeds corroborate: impact remains local and requires the hardened runtime mitigation...
CVE-2017-7134
CVE-2017-7134 affects Apple Xcode prior to 9, with the ld64 linker component. A crafted Mach-O file can trigger arbitrary code execution or memory corruption, potentially causing an application crash. Public sources (NVD entry) describe remote code execution risk, while Apple’s advisory for Xcode...
CVE-2019-8800
CVE-2019-8800 concerns Apple Xcode’s LLVM component. The vulnerability is described as a memory corruption issue fixed in Xcode 11.2, with failure triggered by processing a maliciously crafted file that may lead to arbitrary code execution. Public sources in the connected dataset consistently tie...
CVE-2017-7135
CVE-2017-7135 affects Apple Xcode before 9, involving the ld64 linker. A crafted Mach-O file can lead to arbitrary code execution or memory corruption causing a crash. Public sources (Apple KB HT208103, NVD entry) corroborate memory-corruption/Code Execution risks and indicate fixes were addresse...
CVE-2016-1765
CVE-2016-1765 is an Apple Xcode 7.3-era memory corruption issue in otool (and related memory handling) that allows a local attacker to gain privileges or cause a denial of service. Affected: Xcode prior to 7.3 on macOS (OS X El Capitan v10.11 and later). Root cause: memory corruption from imprope...
CVE-2016-4705
Apple Xcode 8 and earlier contain memory-corruption vulnerabilities in the otool component that can allow a local attacker to gain privileges or cause a denial of service (application crash). CVE-2016-4704 and CVE-2016-4705 are tied to this issue; Apple indicates these were addressed via memory-h...
CVE-2024-44228
CVE-2024-44228 relates to Apple Xcode 16 security updates. The connected sources indicate a permissions-checking weakness where a malicious or misbehaving app (notably within Xcode’s Playgrounds) could potentially inherit permissions from Xcode and access user data. The root cause is described as...
CVE-2017-7137
Apple Xcode before version 9 is affected by ld64 memory-handling issues that can be triggered by a crafted Mach-O file, potentially enabling arbitrary code execution or a denial of service. Connected sources confirm CVE-2017-7137 (and related CVEs) apply to the ld64 component within Xcode 9 era. ...
CVE-2015-1149
CVE-2015-1149 affects the Swift simulator in Apple Xcode prior to 6.3. The issue is an integer overflow during type-conversion in the Swift simulator, which can cause conversions to return unexpected values and enable a denial-of-service or related unspecified impact. Affected product: Xcode and ...
CVE-2015-7030
CVE-2015-7030 affects Apple Xcode before 7.1, where the Swift implementation mishandles certain type conversions. Multiple sources describe it as an information-disclosure/logic-conversion issue that could allow an attacker to obtain sensitive information or circumvent program logic; the vendor a...
CVE-2017-7136
CVE-2017-7136 is documented as a memory corruption vulnerability in the ld64 linker used by Apple Xcode prior to version 9, exploitable via parsing a crafted Mach‑O file to achieve arbitrary code execution or a denial of service. The connected sources (Apple security content for Xcode 9 and relat...
CVE-2016-4704
CVE-2016-4704 affects Apple Xcode 8 and earlier, where the otool component may allow a local attacker to gain privileges or cause a denial of service via memory corruption. Apple’s security content for Xcode 8 documents multiple memory corruption issues addressed by improved memory handling, with...
CVE-2019-8739
CVE-2019-8739 affects Apple’s Xcode toolchain, specifically the otool component. A memory corruption issue in otool could be triggered by processing a maliciously crafted file, potentially enabling arbitrary code execution. Apple’s security content confirms the fix in Xcode 11.0 and advises upgra...
CVE-2024-40862
CVE-2024-40862 pertains to an Apple Xcode security issue where an attacker could determine the Apple ID of the computer owner. All connected documents identify this as a privacy flaw that was addressed by removing sensitive data and fixes are available in Xcode 16. The vulnerability is described ...
CVE-2006-5328
OpenBase SQL 10.0 and earlier (as used in Apple Xcode 2.2 and earlier) is affected by a local privilege escalation vulnerability where an attacker can create arbitrary files via a symlink attack on the simulation.sql file. The root cause is a symlink handling flaw that allows a local user to leve...
CVE-2019-8738
CVE-2019-8738 affects the otool component of Apple Xcode prior to version 11.0. It is a memory corruption issue that could allow arbitrary code execution when processing a maliciously crafted file. Apple fixed this in Xcode 11.0 by updating the affected component and improving state management. T...
CVE-2017-7167
CVE-2017-7167 affects Apple Xcode before 9.2, where the ld64 linker component contains a buffer overflow. The flaw allows arbitrary code execution with user privileges when compiling with untrusted sources, leading to a high-severity outcome in the 3.0 CVSS (local, exploitable with no user intera...
CVE-2025-43375
The CVE-2025-43375 entry is tied to Xcode 26 where a path-handling issue can cause a process crash when processing an overly large path value. Technical details across connected sources consistently cite the vulnerability in the Xcode 26 development tools and the fix implemented by Apple (improve...
CVE-2025-43263
CVE-2025-43263 affects Apple Xcode (26) with a sandbox check insufficiency in components such as IDE CoreML and Xcode itself. The issue allows an app to read and write files outside its sandbox due to insufficient path/file handling checks. The vulnerability is addressed in Xcode 26 via improved ...