VYPR

Xcode

by Apple Inc.

CVEs (81)

  • CVE-2019-8723Dec 18, 2019
    risk 0.00cvss epss 0.02

    Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.

  • CVE-2019-8721Dec 18, 2019
    risk 0.00cvss epss 0.02

    Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.

  • CVE-2019-8738Dec 18, 2019
    risk 0.00cvss epss 0.01

    A memory corruption issue was addressed with improved state management. This issue is fixed in Xcode 11.0. Processing a maliciously crafted file may lead to arbitrary code execution.

  • CVE-2018-4357Apr 3, 2019
    risk 0.00cvss epss 0.01

    A memory corruption issue was addressed with improved input validation. This issue affected versions prior to Xcode 10.

  • CVE-2015-7082Dec 11, 2015
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in Git before 2.5.4, as used in Apple Xcode before 7.2, have unknown impact and attack vectors. NOTE: this CVE is associated only with Xcode use cases.

  • CVE-2015-7057Dec 11, 2015
    risk 0.00cvss epss 0.00

    otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7049.

  • CVE-2015-7056Dec 11, 2015
    risk 0.00cvss epss 0.01

    IDE SCM in Apple Xcode before 7.2 does not recognize .gitignore files, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging the presence of a file matching an ignore pattern.

  • CVE-2015-7049Dec 11, 2015
    risk 0.00cvss epss 0.00

    otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7057.

  • CVE-2015-7030Oct 23, 2015
    risk 0.00cvss epss 0.02

    The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack vectors.

  • CVE-2015-5910Sep 18, 2015
    risk 0.00cvss epss 0.01

    IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server traffic is encrypted, which allows remote attackers to obtain sensitive information by sniffing the network.

  • CVE-2015-5909Sep 18, 2015
    risk 0.00cvss epss 0.02

    IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attackers to obtain potentially sensitive build information in opportunistic circumstances by leveraging incorrect notification delivery.

  • CVE-2015-3185Jul 20, 2015
    risk 0.00cvss epss 0.19

    The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended…

  • CVE-2015-3027Apr 10, 2015
    risk 0.00cvss epss 0.01

    Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers to bypass a stack-guard protection mechanism via crafted input to an affected C…

  • CVE-2015-1149Apr 10, 2015
    risk 0.00cvss epss 0.02

    Integer overflow in the simulator in Swift in Apple Xcode before 6.3 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact by triggering an incorrect result of a type conversion.

  • CVE-2014-6394Oct 8, 2014
    risk 0.00cvss epss 0.04

    visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory.

  • CVE-2014-3522Aug 19, 2014
    risk 0.00cvss epss 0.06

    The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted…

  • CVE-2012-3698Jul 26, 2012
    risk 0.00cvss epss 0.01

    Apple Xcode before 4.4 does not properly compose a designated requirement (DR) during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a crafted app, as demonstrated by the keychain entries of a (1) helper tool or (2)…

  • CVE-2008-2318Jul 14, 2008
    risk 0.00cvss epss 0.01

    The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs.

  • CVE-2006-5327Oct 17, 2006
    risk 0.00cvss epss 0.01

    Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar…

  • CVE-2006-5328Oct 17, 2006
    risk 0.00cvss epss 0.00

    OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to create arbitrary files via a symlink attack on the simulation.sql file.

Page 4 of 5