Xcode
by Apple Inc.
CVEs (81)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-3580 | 0.01 | — | 0.11 | Dec 18, 2014 | The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist. | |||
| CVE-2014-3528 | 0.01 | — | 0.07 | Aug 19, 2014 | Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm. | |||
| CVE-2026-28890 | 0.00 | — | 0.00 | Mar 25, 2026 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 26.4. An app may be able to cause unexpected system termination. | |||
| CVE-2026-28889 | 0.00 | — | 0.00 | Mar 25, 2026 | A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 26.4. An app may be able to read arbitrary files as root. | |||
| CVE-2025-31186 | 0.00 | — | 0.00 | Jan 16, 2026 | A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 16.3. An app may be able to bypass Privacy preferences. | |||
| CVE-2025-43504 | 0.00 | — | 0.00 | Nov 4, 2025 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in Xcode 26.1. A user in a privileged network position may be able to cause a denial-of-service. | |||
| CVE-2025-43505 | 0.00 | — | 0.00 | Nov 4, 2025 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Xcode 26.1. Processing a maliciously crafted file may lead to heap corruption. | |||
| CVE-2025-43375 | 0.00 | — | 0.00 | Sep 15, 2025 | The issue was addressed with improved checks. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process. | |||
| CVE-2025-43263 | 0.00 | — | 0.00 | Sep 15, 2025 | The issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to read and write files outside of its sandbox. | |||
| CVE-2025-43371 | 0.00 | — | 0.00 | Sep 15, 2025 | This issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to break out of its sandbox. | |||
| CVE-2025-43370 | 0.00 | — | 0.00 | Sep 15, 2025 | A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process. | |||
| CVE-2025-30441 | 0.00 | — | 0.00 | Mar 31, 2025 | This issue was addressed through improved state management. This issue is fixed in Xcode 16.3. An app may be able to overwrite arbitrary files. | |||
| CVE-2025-24226 | 0.00 | — | 0.00 | Mar 31, 2025 | The issue was addressed with improved checks. This issue is fixed in Xcode 16.3. A malicious app may be able to access private information. | |||
| CVE-2024-44228 | 0.00 | — | 0.00 | Oct 28, 2024 | This issue was addressed with improved permissions checking. This issue is fixed in Xcode 16. An app may be able to inherit Xcode permissions and access user data. | |||
| CVE-2024-40862 | 0.00 | — | 0.00 | Sep 16, 2024 | A privacy issue was addressed by removing sensitive data. This issue is fixed in Xcode 16. An attacker may be able to determine the Apple ID of the owner of the computer. | |||
| CVE-2024-44162 | 0.00 | — | 0.00 | Sep 16, 2024 | This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 16. A malicious application may gain access to a user's Keychain items. | |||
| CVE-2023-40435 | 0.00 | — | 0.00 | Sep 26, 2023 | This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 15. An app may be able to access App Store credentials. | |||
| CVE-2023-40391 | 0.00 | — | 0.00 | Sep 26, 2023 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14, Xcode 15. An app may be able to disclose kernel memory. | |||
| CVE-2023-32396 | 0.00 | — | 0.00 | Sep 26, 2023 | This issue was addressed with improved checks. This issue is fixed in Xcode 15, tvOS 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to gain elevated privileges. | |||
| CVE-2022-32920 | 0.00 | — | 0.00 | Sep 6, 2023 | The issue was addressed with improved checks. This issue is fixed in Xcode 14.0. Parsing a file may lead to disclosure of user information. |
- CVE-2014-3580Dec 18, 2014risk 0.01cvss —epss 0.11
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.
- CVE-2014-3528Aug 19, 2014risk 0.01cvss —epss 0.07
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.
- CVE-2026-28890Mar 25, 2026risk 0.00cvss —epss 0.00
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 26.4. An app may be able to cause unexpected system termination.
- CVE-2026-28889Mar 25, 2026risk 0.00cvss —epss 0.00
A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 26.4. An app may be able to read arbitrary files as root.
- CVE-2025-31186Jan 16, 2026risk 0.00cvss —epss 0.00
A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 16.3. An app may be able to bypass Privacy preferences.
- CVE-2025-43504Nov 4, 2025risk 0.00cvss —epss 0.00
A buffer overflow was addressed with improved bounds checking. This issue is fixed in Xcode 26.1. A user in a privileged network position may be able to cause a denial-of-service.
- CVE-2025-43505Nov 4, 2025risk 0.00cvss —epss 0.00
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Xcode 26.1. Processing a maliciously crafted file may lead to heap corruption.
- CVE-2025-43375Sep 15, 2025risk 0.00cvss —epss 0.00
The issue was addressed with improved checks. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process.
- CVE-2025-43263Sep 15, 2025risk 0.00cvss —epss 0.00
The issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to read and write files outside of its sandbox.
- CVE-2025-43371Sep 15, 2025risk 0.00cvss —epss 0.00
This issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to break out of its sandbox.
- CVE-2025-43370Sep 15, 2025risk 0.00cvss —epss 0.00
A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process.
- CVE-2025-30441Mar 31, 2025risk 0.00cvss —epss 0.00
This issue was addressed through improved state management. This issue is fixed in Xcode 16.3. An app may be able to overwrite arbitrary files.
- CVE-2025-24226Mar 31, 2025risk 0.00cvss —epss 0.00
The issue was addressed with improved checks. This issue is fixed in Xcode 16.3. A malicious app may be able to access private information.
- CVE-2024-44228Oct 28, 2024risk 0.00cvss —epss 0.00
This issue was addressed with improved permissions checking. This issue is fixed in Xcode 16. An app may be able to inherit Xcode permissions and access user data.
- CVE-2024-40862Sep 16, 2024risk 0.00cvss —epss 0.00
A privacy issue was addressed by removing sensitive data. This issue is fixed in Xcode 16. An attacker may be able to determine the Apple ID of the owner of the computer.
- CVE-2024-44162Sep 16, 2024risk 0.00cvss —epss 0.00
This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 16. A malicious application may gain access to a user's Keychain items.
- CVE-2023-40435Sep 26, 2023risk 0.00cvss —epss 0.00
This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 15. An app may be able to access App Store credentials.
- CVE-2023-40391Sep 26, 2023risk 0.00cvss —epss 0.00
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14, Xcode 15. An app may be able to disclose kernel memory.
- CVE-2023-32396Sep 26, 2023risk 0.00cvss —epss 0.00
This issue was addressed with improved checks. This issue is fixed in Xcode 15, tvOS 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to gain elevated privileges.
- CVE-2022-32920Sep 6, 2023risk 0.00cvss —epss 0.00
The issue was addressed with improved checks. This issue is fixed in Xcode 14.0. Parsing a file may lead to disclosure of user information.
Page 2 of 5