Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Xcode
(Apple)Repositories |
• https://github.com/apache/httpd
• https://github.com/visionmedia/send |
#Vulnerabilities | 77 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2023-09-27 | CVE-2023-32396 | This issue was addressed with improved checks. This issue is fixed in Xcode 15, tvOS 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to gain elevated privileges. | Ipados, Iphone_os, Macos, Tvos, Watchos, Xcode | 7.8 | ||
2023-09-27 | CVE-2023-40391 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14, Xcode 15. An app may be able to disclose kernel memory. | Ipados, Iphone_os, Macos, Tvos, Xcode | 5.5 | ||
2023-09-27 | CVE-2023-40435 | This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 15. An app may be able to access App Store credentials. | Xcode | 5.5 | ||
2023-09-06 | CVE-2022-32920 | The issue was addressed with improved checks. This issue is fixed in Xcode 14.0. Parsing a file may lead to disclosure of user information. | Xcode | 5.5 | ||
2023-05-08 | CVE-2023-27945 | This issue was addressed with improved entitlements. This issue is fixed in Xcode 14.3, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A sandboxed app may be able to collect system logs. | Xcode | 6.3 | ||
2023-05-08 | CVE-2023-27967 | The issue was addressed with improved memory handling. This issue is fixed in Xcode 14.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges. | Xcode | 8.6 | ||
2023-02-27 | CVE-2022-42797 | An injection issue was addressed with improved input validation. This issue is fixed in Xcode 14.1. An app may be able to gain root privileges. | Xcode | 7.8 | ||
2020-10-16 | CVE-2020-9992 | This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on a paired device during a debug session over the network. | Ipados, Iphone_os, Xcode | 7.8 | ||
2022-05-26 | CVE-2022-26747 | This issue was addressed with improved checks. This issue is fixed in Xcode 13.4. An app may be able to gain elevated privileges. | Xcode | 7.8 | ||
2020-01-09 | CVE-2019-20372 | NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. | Xcode, Ubuntu_linux, Nginx, Cloud_backup, Leap | 5.3 |