Total
78 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-4357 | 1 Apple | 1 Xcode | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved input validation. This issue affected versions prior to Xcode 10. | |||||
| CVE-2019-14379 | 7 Apple, Debian, Fasterxml and 4 more | 25 Xcode, Debian Linux, Jackson-databind and 22 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. | |||||
| CVE-2018-16843 | 5 Apple, Canonical, Debian and 2 more | 5 Xcode, Ubuntu Linux, Debian Linux and 2 more | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file. | |||||
| CVE-2018-16845 | 5 Apple, Canonical, Debian and 2 more | 5 Xcode, Ubuntu Linux, Debian Linux and 2 more | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module. | |||||
| CVE-2018-16844 | 4 Apple, Canonical, Debian and 1 more | 4 Xcode, Ubuntu Linux, Debian Linux and 1 more | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the 'listen' directive is used in a configuration file. | |||||
| CVE-2018-4164 | 1 Apple | 1 Xcode | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in certain Apple products. Xcode before 9.3 is affected. The issue, which is unspecified, involves the "LLVM" component. | |||||
| CVE-2017-7167 | 1 Apple | 1 Xcode | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in certain Apple products. Xcode before 9.2 is affected. The issue involves the "ld64" component. A buffer overflow allows remote attackers to execute arbitrary code via crafted source code. | |||||
| CVE-2017-7134 | 1 Apple | 1 Xcode | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the "ld64" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Mach-O file. | |||||
| CVE-2017-7136 | 1 Apple | 1 Xcode | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the "ld64" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Mach-O file. | |||||
| CVE-2017-7135 | 1 Apple | 1 Xcode | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the "ld64" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Mach-O file. | |||||
| CVE-2017-7529 | 3 Apple, F5, Puppet | 3 Xcode, Nginx, Puppet Enterprise | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. | |||||
| CVE-2017-7137 | 1 Apple | 1 Xcode | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the "ld64" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Mach-O file. | |||||
| CVE-2015-5910 | 1 Apple | 1 Xcode | 2024-02-04 | 3.3 LOW | N/A |
| IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server traffic is encrypted, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2015-3187 | 2 Apache, Apple | 2 Subversion, Xcode | 2024-02-04 | 4.0 MEDIUM | N/A |
| The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. | |||||
| CVE-2016-4704 | 1 Apple | 1 Xcode | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than CVE-2016-4705. | |||||
| CVE-2016-0742 | 6 Apple, Canonical, Debian and 3 more | 6 Xcode, Ubuntu Linux, Debian Linux and 3 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. | |||||
| CVE-2015-3185 | 3 Apache, Apple, Canonical | 5 Http Server, Mac Os X, Mac Os X Server and 2 more | 2024-02-04 | 4.3 MEDIUM | N/A |
| The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior. | |||||
| CVE-2016-1765 | 1 Apple | 1 Xcode | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| otool in Apple Xcode before 7.3 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors. | |||||
| CVE-2015-3184 | 2 Apache, Apple | 3 Http Server, Subversion, Xcode | 2024-02-04 | 5.0 MEDIUM | N/A |
| mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. | |||||
| CVE-2015-7049 | 1 Apple | 1 Xcode | 2024-02-04 | 4.6 MEDIUM | N/A |
| otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7057. | |||||