Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Xcode
(Apple)| Repositories |
• https://github.com/apache/httpd
• https://github.com/visionmedia/send |
| #Vulnerabilities | 83 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-09-06 | CVE-2022-32920 | The issue was addressed with improved checks. This issue is fixed in Xcode 14.0. Parsing a file may lead to disclosure of user information. | Xcode | 5.5 | ||
| 2023-09-27 | CVE-2023-32396 | This issue was addressed with improved checks. This issue is fixed in Xcode 15, tvOS 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to gain elevated privileges. | Ipados, Iphone_os, Macos, Tvos, Watchos, Xcode | 7.8 | ||
| 2023-09-27 | CVE-2023-40391 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14, Xcode 15. An app may be able to disclose kernel memory. | Ipados, Iphone_os, Macos, Tvos, Xcode | 5.5 | ||
| 2023-09-27 | CVE-2023-40435 | This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 15. An app may be able to access App Store credentials. | Xcode | 5.5 | ||
| 2024-10-28 | CVE-2024-44228 | This issue was addressed with improved permissions checking. This issue is fixed in Xcode 16. An app may be able to inherit Xcode permissions and access user data. | Xcode | 7.5 | ||
| 2024-09-17 | CVE-2024-44162 | This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 16. A malicious application may gain access to a user's Keychain items. | Xcode | 7.8 | ||
| 2006-10-17 | CVE-2006-5328 | OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to create arbitrary files via a symlink attack on the simulation.sql file. | Xcode, Openbase | N/A | ||
| 2006-10-17 | CVE-2006-5327 | Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain TAR_OPTIONS environment variable settings, when gnutar is invoked by OpenBase. | Xcode, Openbase | N/A | ||
| 2015-07-20 | CVE-2015-3185 | The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior. | Http_server, Mac_os_x, Mac_os_x_server, Xcode, Ubuntu_linux | N/A | ||
| 2019-03-21 | CVE-2019-3855 | An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. | Xcode, Debian_linux, Fedora, Libssh2, Ontap_select_deploy_administration_utility, Leap, Peoplesoft_enterprise_peopletools, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 8.8 |