Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apple xcode vulnerabilities and exploits

(subscribe to this query)

5
CVSSv2
CVE-2008-2318
The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs....
Apple Xcode 1.5Apple Xcode 2.2Apple Xcode Tools 1.0Apple Xcode Tools 2.0Apple Xcode Tools 2.1Apple Xcode Tools 2.2.1Apple Xcode Tools 2.3Apple Xcode Tools 2.4Apple Xcode Tools 2.4.1Apple Xcode Tools 2.5Apple Xcode Tools
5
CVSSv2
CVE-2012-3698
Apple Xcode before 4.4 does not properly compose a designated requirement (DR) during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a crafted app, as demonstrated by the keychain entries of a (1) helper tool or (2)...
Apple Xcode 1.5.0Apple Xcode 2.0.0Apple Xcode 2.1.0Apple Xcode 2.2.0Apple Xcode 2.3.0Apple Xcode 2.4.0Apple Xcode 2.4.1Apple Xcode 3.1Apple Xcode 3.1.1Apple Xcode 3.1.2Apple Xcode 3.1.3Apple Xcode 3.1.4Apple Xcode 3.2.1Apple Xcode 3.2.2Apple Xcode 3.2.3Apple Xcode 3.2.4Apple Xcode 3.2.5Apple Xcode 4.0Apple Xcode 4.0.1Apple Xcode 4.0.2Apple Xcode 4.1.1Apple Xcode 4.2Apple Xcode 4.2.1Apple Xcode 4.3Apple Xcode 4.3.1Apple Xcode 4.3.2Apple Xcode
9.3
CVSSv2
CVE-2019-8722
Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege....
Apple Xcode
9.3
CVSSv2
CVE-2020-9992
This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on...
Apple XcodeApple Ipad OsApple Iphone Os
7.5
CVSSv2
CVE-2015-7030
The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack vectors....
Apple Xcode
7.5
CVSSv2
CVE-2015-1149
Integer overflow in the simulator in Swift in Apple Xcode before 6.3 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact by triggering an incorrect result of a type conversion....
Apple Xcode
9.3
CVSSv2
CVE-2018-4357
A memory corruption issue was addressed with improved input validation. This issue affected versions prior to Xcode 10....
Apple Xcode
4.6
CVSSv2
CVE-2015-7049
otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7057....
Apple Xcode
9.3
CVSSv2
CVE-2004-2687
distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks....
Apple Xcode 1.5Samba Samba
5
CVSSv2
CVE-2015-5909
IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attackers to obtain potentially sensitive build information in opportunistic circumstances by leveraging incorrect notification delivery....
Apple Xcode
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
XXECVE-2021-21973mass assignmentCVE-2021-1396CVE-2018-19518CVE-2020-28599deserializationCVE-2021-1230CVE-2021-26681