Swift
by Apple Inc.
Source repositories
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-4220 | Hig | 0.57 | 8.8 | 0.02 | Jun 8, 2018 | An issue was discovered in certain Apple products. Swift before 4.1.1 Security Update 2018-001 is affected. The issue involves the "Swift for Ubuntu" component. It allows attackers to execute arbitrary code in a privileged context because write and execute permissions are… | ||
| CVE-2018-4357 | Hig | 0.51 | 7.8 | 0.01 | Apr 3, 2019 | A memory corruption issue was addressed with improved input validation. This issue affected versions prior to Xcode 10. | ||
| CVE-2017-7167 | Hig | 0.51 | 7.8 | 0.01 | Apr 3, 2018 | An issue was discovered in certain Apple products. Xcode before 9.2 is affected. The issue involves the "ld64" component. A buffer overflow allows remote attackers to execute arbitrary code via crafted source code. | ||
| CVE-2016-4779 | Hig | 0.51 | 7.8 | 0.02 | Sep 25, 2016 | Apple Type Services (ATS) in Apple OS X before 10.12 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. | ||
| CVE-2022-32389 | Hig | 0.49 | 7.5 | 0.00 | Jul 14, 2022 | Isode SWIFT v4.0.2 was discovered to contain hard-coded credentials in the Registry Editor. This allows attackers to access sensitive information such as user credentials and certificates. | ||
| CVE-2016-4701 | Med | 0.40 | 6.2 | 0.00 | Sep 25, 2016 | Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SO_EXECPATH environment variable. | ||
| CVE-2019-8790 | Med | 0.36 | 5.5 | 0.00 | Oct 27, 2020 | This issue was addresses by updating incorrect URLSession file descriptors management logic to match Swift 5.0. This issue is fixed in Swift 5.1.1 for Ubuntu. Incorrect management of file descriptors in URLSession could lead to inadvertent data disclosure. | ||
| CVE-2015-7030 | 0.00 | — | 0.02 | Oct 23, 2015 | The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack vectors. |
- risk 0.57cvss 8.8epss 0.02
An issue was discovered in certain Apple products. Swift before 4.1.1 Security Update 2018-001 is affected. The issue involves the "Swift for Ubuntu" component. It allows attackers to execute arbitrary code in a privileged context because write and execute permissions are…
- risk 0.51cvss 7.8epss 0.01
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to Xcode 10.
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in certain Apple products. Xcode before 9.2 is affected. The issue involves the "ld64" component. A buffer overflow allows remote attackers to execute arbitrary code via crafted source code.
- risk 0.51cvss 7.8epss 0.02
Apple Type Services (ATS) in Apple OS X before 10.12 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
- risk 0.49cvss 7.5epss 0.00
Isode SWIFT v4.0.2 was discovered to contain hard-coded credentials in the Registry Editor. This allows attackers to access sensitive information such as user credentials and certificates.
- risk 0.40cvss 6.2epss 0.00
Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SO_EXECPATH environment variable.
- risk 0.36cvss 5.5epss 0.00
This issue was addresses by updating incorrect URLSession file descriptors management logic to match Swift 5.0. This issue is fixed in Swift 5.1.1 for Ubuntu. Incorrect management of file descriptors in URLSession could lead to inadvertent data disclosure.
- CVE-2015-7030Oct 23, 2015risk 0.00cvss —epss 0.02
The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack vectors.