Xcode - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Xcode
(Apple)

Repositories	• https://github.com/apache/httpd • https://github.com/visionmedia/send
#Vulnerabilities	83

Date	Id	Summary	Products	Score	Patch	Annotated
2023-02-27	CVE-2022-42797	An injection issue was addressed with improved input validation. This issue is fixed in Xcode 14.1. An app may be able to gain root privileges.	Xcode	7.8
2023-05-08	CVE-2023-27945	This issue was addressed with improved entitlements. This issue is fixed in Xcode 14.3, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A sandboxed app may be able to collect system logs.	Xcode	6.3
2023-05-08	CVE-2023-27967	The issue was addressed with improved memory handling. This issue is fixed in Xcode 14.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.	Xcode	8.6
2023-09-06	CVE-2022-32920	The issue was addressed with improved checks. This issue is fixed in Xcode 14.0. Parsing a file may lead to disclosure of user information.	Xcode	5.5
2023-09-27	CVE-2023-32396	This issue was addressed with improved checks. This issue is fixed in Xcode 15, tvOS 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to gain elevated privileges.	Ipados, Iphone_os, Macos, Tvos, Watchos, Xcode	7.8
2023-09-27	CVE-2023-40391	The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14, Xcode 15. An app may be able to disclose kernel memory.	Ipados, Iphone_os, Macos, Tvos, Xcode	5.5
2023-09-27	CVE-2023-40435	This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 15. An app may be able to access App Store credentials.	Xcode	5.5
2024-10-28	CVE-2024-44228	This issue was addressed with improved permissions checking. This issue is fixed in Xcode 16. An app may be able to inherit Xcode permissions and access user data.	Xcode	7.5
2024-09-17	CVE-2024-44162	This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 16. A malicious application may gain access to a user's Keychain items.	Xcode	7.8
2006-10-17	CVE-2006-5328	OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to create arbitrary files via a symlink attack on the simulation.sql file.	Xcode, Openbase	N/A