VYPR

Swift

by Apple Inc.

Source repositories

CVEs (8)

  • CVE-2018-4220HigJun 8, 2018
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in certain Apple products. Swift before 4.1.1 Security Update 2018-001 is affected. The issue involves the "Swift for Ubuntu" component. It allows attackers to execute arbitrary code in a privileged context because write and execute permissions are…

  • CVE-2018-4357HigApr 3, 2019
    risk 0.51cvss 7.8epss 0.01

    A memory corruption issue was addressed with improved input validation. This issue affected versions prior to Xcode 10.

  • CVE-2017-7167HigApr 3, 2018
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in certain Apple products. Xcode before 9.2 is affected. The issue involves the "ld64" component. A buffer overflow allows remote attackers to execute arbitrary code via crafted source code.

  • CVE-2016-4779HigSep 25, 2016
    risk 0.51cvss 7.8epss 0.02

    Apple Type Services (ATS) in Apple OS X before 10.12 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.

  • CVE-2022-32389HigJul 14, 2022
    risk 0.49cvss 7.5epss 0.00

    Isode SWIFT v4.0.2 was discovered to contain hard-coded credentials in the Registry Editor. This allows attackers to access sensitive information such as user credentials and certificates.

  • CVE-2016-4701MedSep 25, 2016
    risk 0.40cvss 6.2epss 0.00

    Application Firewall in Apple OS X before 10.12 allows local users to cause a denial of service via vectors involving a crafted SO_EXECPATH environment variable.

  • CVE-2019-8790MedOct 27, 2020
    risk 0.36cvss 5.5epss 0.00

    This issue was addresses by updating incorrect URLSession file descriptors management logic to match Swift 5.0. This issue is fixed in Swift 5.1.1 for Ubuntu. Incorrect management of file descriptors in URLSession could lead to inadvertent data disclosure.

  • CVE-2015-7030Oct 23, 2015
    risk 0.00cvss epss 0.02

    The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack vectors.