Xcode
by Apple Inc.
CVEs (81)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-8723 | 0.00 | — | 0.02 | Dec 18, 2019 | Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege. | |||
| CVE-2019-8721 | 0.00 | — | 0.02 | Dec 18, 2019 | Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege. | |||
| CVE-2019-8738 | 0.00 | — | 0.01 | Dec 18, 2019 | A memory corruption issue was addressed with improved state management. This issue is fixed in Xcode 11.0. Processing a maliciously crafted file may lead to arbitrary code execution. | |||
| CVE-2018-4357 | 0.00 | — | 0.01 | Apr 3, 2019 | A memory corruption issue was addressed with improved input validation. This issue affected versions prior to Xcode 10. | |||
| CVE-2015-7082 | 0.00 | — | 0.02 | Dec 11, 2015 | Multiple unspecified vulnerabilities in Git before 2.5.4, as used in Apple Xcode before 7.2, have unknown impact and attack vectors. NOTE: this CVE is associated only with Xcode use cases. | |||
| CVE-2015-7057 | 0.00 | — | 0.00 | Dec 11, 2015 | otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7049. | |||
| CVE-2015-7056 | 0.00 | — | 0.01 | Dec 11, 2015 | IDE SCM in Apple Xcode before 7.2 does not recognize .gitignore files, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging the presence of a file matching an ignore pattern. | |||
| CVE-2015-7049 | 0.00 | — | 0.00 | Dec 11, 2015 | otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7057. | |||
| CVE-2015-7030 | 0.00 | — | 0.02 | Oct 23, 2015 | The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack vectors. | |||
| CVE-2015-5910 | 0.00 | — | 0.01 | Sep 18, 2015 | IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server traffic is encrypted, which allows remote attackers to obtain sensitive information by sniffing the network. | |||
| CVE-2015-5909 | 0.00 | — | 0.02 | Sep 18, 2015 | IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attackers to obtain potentially sensitive build information in opportunistic circumstances by leveraging incorrect notification delivery. | |||
| CVE-2015-3185 | 0.00 | — | 0.19 | Jul 20, 2015 | The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended… | |||
| CVE-2015-3027 | 0.00 | — | 0.01 | Apr 10, 2015 | Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers to bypass a stack-guard protection mechanism via crafted input to an affected C… | |||
| CVE-2015-1149 | 0.00 | — | 0.02 | Apr 10, 2015 | Integer overflow in the simulator in Swift in Apple Xcode before 6.3 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact by triggering an incorrect result of a type conversion. | |||
| CVE-2014-6394 | 0.00 | — | 0.04 | Oct 8, 2014 | visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory. | |||
| CVE-2014-3522 | 0.00 | — | 0.06 | Aug 19, 2014 | The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted… | |||
| CVE-2012-3698 | 0.00 | — | 0.01 | Jul 26, 2012 | Apple Xcode before 4.4 does not properly compose a designated requirement (DR) during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a crafted app, as demonstrated by the keychain entries of a (1) helper tool or (2)… | |||
| CVE-2008-2318 | 0.00 | — | 0.01 | Jul 14, 2008 | The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs. | |||
| CVE-2006-5327 | 0.00 | — | 0.01 | Oct 17, 2006 | Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar… | |||
| CVE-2006-5328 | 0.00 | — | 0.00 | Oct 17, 2006 | OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to create arbitrary files via a symlink attack on the simulation.sql file. |
- CVE-2019-8723Dec 18, 2019risk 0.00cvss —epss 0.02
Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.
- CVE-2019-8721Dec 18, 2019risk 0.00cvss —epss 0.02
Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.
- CVE-2019-8738Dec 18, 2019risk 0.00cvss —epss 0.01
A memory corruption issue was addressed with improved state management. This issue is fixed in Xcode 11.0. Processing a maliciously crafted file may lead to arbitrary code execution.
- CVE-2018-4357Apr 3, 2019risk 0.00cvss —epss 0.01
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to Xcode 10.
- CVE-2015-7082Dec 11, 2015risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in Git before 2.5.4, as used in Apple Xcode before 7.2, have unknown impact and attack vectors. NOTE: this CVE is associated only with Xcode use cases.
- CVE-2015-7057Dec 11, 2015risk 0.00cvss —epss 0.00
otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7049.
- CVE-2015-7056Dec 11, 2015risk 0.00cvss —epss 0.01
IDE SCM in Apple Xcode before 7.2 does not recognize .gitignore files, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging the presence of a file matching an ignore pattern.
- CVE-2015-7049Dec 11, 2015risk 0.00cvss —epss 0.00
otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7057.
- CVE-2015-7030Oct 23, 2015risk 0.00cvss —epss 0.02
The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack vectors.
- CVE-2015-5910Sep 18, 2015risk 0.00cvss —epss 0.01
IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server traffic is encrypted, which allows remote attackers to obtain sensitive information by sniffing the network.
- CVE-2015-5909Sep 18, 2015risk 0.00cvss —epss 0.02
IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attackers to obtain potentially sensitive build information in opportunistic circumstances by leveraging incorrect notification delivery.
- CVE-2015-3185Jul 20, 2015risk 0.00cvss —epss 0.19
The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended…
- CVE-2015-3027Apr 10, 2015risk 0.00cvss —epss 0.01
Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers to bypass a stack-guard protection mechanism via crafted input to an affected C…
- CVE-2015-1149Apr 10, 2015risk 0.00cvss —epss 0.02
Integer overflow in the simulator in Swift in Apple Xcode before 6.3 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact by triggering an incorrect result of a type conversion.
- CVE-2014-6394Oct 8, 2014risk 0.00cvss —epss 0.04
visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory.
- CVE-2014-3522Aug 19, 2014risk 0.00cvss —epss 0.06
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted…
- CVE-2012-3698Jul 26, 2012risk 0.00cvss —epss 0.01
Apple Xcode before 4.4 does not properly compose a designated requirement (DR) during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a crafted app, as demonstrated by the keychain entries of a (1) helper tool or (2)…
- CVE-2008-2318Jul 14, 2008risk 0.00cvss —epss 0.01
The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs.
- CVE-2006-5327Oct 17, 2006risk 0.00cvss —epss 0.01
Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar…
- CVE-2006-5328Oct 17, 2006risk 0.00cvss —epss 0.00
OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to create arbitrary files via a symlink attack on the simulation.sql file.
Page 4 of 5