Xcode
by Apple Inc.
CVEs (81)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-27967 | 0.00 | — | 0.00 | May 8, 2023 | The issue was addressed with improved memory handling. This issue is fixed in Xcode 14.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges. | |||
| CVE-2023-27945 | 0.00 | — | 0.00 | May 8, 2023 | This issue was addressed with improved entitlements. This issue is fixed in Xcode 14.3, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A sandboxed app may be able to collect system logs. | |||
| CVE-2022-42797 | 0.00 | — | 0.00 | Feb 27, 2023 | An injection issue was addressed with improved input validation. This issue is fixed in Xcode 14.1. An app may be able to gain root privileges. | |||
| CVE-2022-26747 | 0.00 | — | 0.01 | May 26, 2022 | This issue was addressed with improved checks. This issue is fixed in Xcode 13.4. An app may be able to gain elevated privileges. | |||
| CVE-2022-22607 | 0.00 | — | 0.01 | Mar 18, 2022 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | |||
| CVE-2022-22605 | 0.00 | — | 0.01 | Mar 18, 2022 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | |||
| CVE-2022-22608 | 0.00 | — | 0.01 | Mar 18, 2022 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | |||
| CVE-2022-22603 | 0.00 | — | 0.01 | Mar 18, 2022 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | |||
| CVE-2022-22601 | 0.00 | — | 0.01 | Mar 18, 2022 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | |||
| CVE-2022-22606 | 0.00 | — | 0.01 | Mar 18, 2022 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | |||
| CVE-2022-22602 | 0.00 | — | 0.01 | Mar 18, 2022 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | |||
| CVE-2022-22604 | 0.00 | — | 0.01 | Mar 18, 2022 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | |||
| CVE-2021-1800 | 0.00 | — | 0.01 | Apr 2, 2021 | A path handling issue was addressed with improved validation. This issue is fixed in Xcode 12.4. A malicious application may be able to access arbitrary files on the host device while running an app that uses on-demand resources with Xcode. | |||
| CVE-2019-8840 | 0.00 | — | 0.01 | Oct 27, 2020 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 11.3. Compiling with untrusted sources may lead to arbitrary code execution with user privileges. | |||
| CVE-2020-9992 | 0.00 | — | 0.03 | Oct 16, 2020 | This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on… | |||
| CVE-2019-8800 | 0.00 | — | 0.01 | Dec 18, 2019 | A memory corruption issue was addressed with improved validation. This issue is fixed in Xcode 11.2. Processing a maliciously crafted file may lead to arbitrary code execution. | |||
| CVE-2019-8806 | 0.00 | — | 0.01 | Dec 18, 2019 | A memory corruption issue was addressed with improved validation. This issue is fixed in Xcode 11.2. Processing a maliciously crafted file may lead to arbitrary code execution. | |||
| CVE-2019-8724 | 0.00 | — | 0.02 | Dec 18, 2019 | Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege. | |||
| CVE-2019-8722 | 0.00 | — | 0.02 | Dec 18, 2019 | Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege. | |||
| CVE-2019-8739 | 0.00 | — | 0.01 | Dec 18, 2019 | A memory corruption issue was addressed with improved state management. This issue is fixed in Xcode 11.0. Processing a maliciously crafted file may lead to arbitrary code execution. |
- CVE-2023-27967May 8, 2023risk 0.00cvss —epss 0.00
The issue was addressed with improved memory handling. This issue is fixed in Xcode 14.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.
- CVE-2023-27945May 8, 2023risk 0.00cvss —epss 0.00
This issue was addressed with improved entitlements. This issue is fixed in Xcode 14.3, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A sandboxed app may be able to collect system logs.
- CVE-2022-42797Feb 27, 2023risk 0.00cvss —epss 0.00
An injection issue was addressed with improved input validation. This issue is fixed in Xcode 14.1. An app may be able to gain root privileges.
- CVE-2022-26747May 26, 2022risk 0.00cvss —epss 0.01
This issue was addressed with improved checks. This issue is fixed in Xcode 13.4. An app may be able to gain elevated privileges.
- CVE-2022-22607Mar 18, 2022risk 0.00cvss —epss 0.01
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
- CVE-2022-22605Mar 18, 2022risk 0.00cvss —epss 0.01
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
- CVE-2022-22608Mar 18, 2022risk 0.00cvss —epss 0.01
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
- CVE-2022-22603Mar 18, 2022risk 0.00cvss —epss 0.01
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
- CVE-2022-22601Mar 18, 2022risk 0.00cvss —epss 0.01
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
- CVE-2022-22606Mar 18, 2022risk 0.00cvss —epss 0.01
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
- CVE-2022-22602Mar 18, 2022risk 0.00cvss —epss 0.01
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
- CVE-2022-22604Mar 18, 2022risk 0.00cvss —epss 0.01
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
- CVE-2021-1800Apr 2, 2021risk 0.00cvss —epss 0.01
A path handling issue was addressed with improved validation. This issue is fixed in Xcode 12.4. A malicious application may be able to access arbitrary files on the host device while running an app that uses on-demand resources with Xcode.
- CVE-2019-8840Oct 27, 2020risk 0.00cvss —epss 0.01
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 11.3. Compiling with untrusted sources may lead to arbitrary code execution with user privileges.
- CVE-2020-9992Oct 16, 2020risk 0.00cvss —epss 0.03
This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on…
- CVE-2019-8800Dec 18, 2019risk 0.00cvss —epss 0.01
A memory corruption issue was addressed with improved validation. This issue is fixed in Xcode 11.2. Processing a maliciously crafted file may lead to arbitrary code execution.
- CVE-2019-8806Dec 18, 2019risk 0.00cvss —epss 0.01
A memory corruption issue was addressed with improved validation. This issue is fixed in Xcode 11.2. Processing a maliciously crafted file may lead to arbitrary code execution.
- CVE-2019-8724Dec 18, 2019risk 0.00cvss —epss 0.02
Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.
- CVE-2019-8722Dec 18, 2019risk 0.00cvss —epss 0.02
Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.
- CVE-2019-8739Dec 18, 2019risk 0.00cvss —epss 0.01
A memory corruption issue was addressed with improved state management. This issue is fixed in Xcode 11.0. Processing a maliciously crafted file may lead to arbitrary code execution.
Page 3 of 5