VYPR

Xcode

by Apple Inc.

CVEs (81)

  • CVE-2018-4164CriApr 3, 2018
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in certain Apple products. Xcode before 9.3 is affected. The issue, which is unspecified, involves the "LLVM" component.

  • CVE-2016-0746CriFeb 15, 2016
    risk 0.64cvss 9.8epss 0.09

    Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response…

  • CVE-2016-0742HigFeb 15, 2016
    risk 0.55cvss 7.5epss 0.82

    The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response.

  • CVE-2017-7529HigJul 13, 2017
    risk 0.54cvss 7.5epss 0.63

    Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.

  • CVE-2017-7137HigOct 23, 2017
    risk 0.51cvss 7.8epss 0.02

    An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the "ld64" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Mach-O file.

  • CVE-2017-7136HigOct 23, 2017
    risk 0.51cvss 7.8epss 0.02

    An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the "ld64" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Mach-O file.

  • CVE-2017-7135HigOct 23, 2017
    risk 0.51cvss 7.8epss 0.02

    An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the "ld64" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Mach-O file.

  • CVE-2017-7134HigOct 23, 2017
    risk 0.51cvss 7.8epss 0.02

    An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the "ld64" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Mach-O file.

  • CVE-2016-4705HigSep 18, 2016
    risk 0.51cvss 7.8epss 0.00

    otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than CVE-2016-4704.

  • CVE-2016-4704HigSep 18, 2016
    risk 0.51cvss 7.8epss 0.00

    otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than CVE-2016-4705.

  • CVE-2016-1765HigMar 24, 2016
    risk 0.51cvss 7.8epss 0.00

    otool in Apple Xcode before 7.3 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors.

  • CVE-2024-44191MedSep 17, 2024
    risk 0.36cvss 5.5epss 0.00

    This issue was addressed through improved state management. This issue is fixed in Xcode 16, iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. An app may gain unauthorized access to Bluetooth.

  • CVE-2024-23298MedMar 15, 2024
    risk 0.36cvss 5.5epss 0.01

    A logic issue was addressed with improved state management. This issue is fixed in Xcode 15.3. An app may bypass Gatekeeper checks.

  • CVE-2016-0747MedFeb 15, 2016
    risk 0.35cvss 5.3epss 0.08

    The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.

  • CVE-2004-2687Dec 31, 2004
    risk 0.09cvss epss 0.81

    distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks.

  • CVE-2015-3187Aug 12, 2015
    risk 0.01cvss epss 0.06

    The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a…

  • CVE-2015-3184Aug 12, 2015
    risk 0.01cvss epss 0.11

    mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name.

  • CVE-2015-0251Apr 8, 2015
    risk 0.01cvss epss 0.08

    The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.

  • CVE-2015-0248Apr 8, 2015
    risk 0.01cvss epss 0.13

    The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.

  • CVE-2014-8108Dec 18, 2014
    risk 0.01cvss epss 0.10

    The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name…

Page 1 of 5