Skip to main content

Xcode

81 CVEs product

Monthly

CVE-2026-28890 MEDIUM PATCH This Month

Xcode versions prior to 26.4 contain an out-of-bounds read vulnerability that can be triggered by local users with user interaction to cause unexpected application or system termination. This denial-of-service condition affects developers and build systems using vulnerable Xcode installations. No patch is currently available.

Buffer Overflow Information Disclosure Xcode
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-28889 MEDIUM PATCH This Month

A permissions bypass vulnerability in Apple Xcode allows unprivileged applications to read arbitrary files with root-level privileges due to insufficient access controls. The vulnerability affects Xcode versions prior to 26.4 and could enable attackers to exfiltrate sensitive system files or configuration data. While no CVSS score or EPSS data is currently published, the ability to read arbitrary files as root represents a critical privilege escalation issue that warrants immediate patching.

Privilege Escalation Xcode
NVD VulDB
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-43505 HIGH This Month

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Xcode
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-43504 MEDIUM Monitor

A buffer overflow was addressed with improved bounds checking. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Xcode
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2025-43375 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Xcode
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-43371 HIGH This Month

This issue was addressed with improved checks. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Xcode
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-43370 MEDIUM Monitor

A path handling issue was addressed with improved validation. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Xcode
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-43263 HIGH This Month

The issue was addressed with improved checks. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Xcode
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-48384 HIGH KEV PATCH THREAT Act Now

Git contains a CRLF injection vulnerability (CVE-2025-48384, CVSS 8.0) in its config handling that allows attackers to escape header lines and modify config values. KEV-listed, this vulnerability in the world's most widely used version control system enables config injection attacks that could lead to arbitrary code execution through Git hooks, credential theft, or repository manipulation.

Information Disclosure Ubuntu Debian Git Debian Linux +3
NVD GitHub
CVSS 3.1
8.0
EPSS
0.5%
CVE-2025-30441 MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Xcode
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-24226 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xcode
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-44228 HIGH This Week

This issue was addressed with improved permissions checking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Xcode
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-44191 MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Xcode Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-44162 HIGH This Week

This issue was addressed by enabling hardened runtime. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Xcode
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-40862 MEDIUM This Month

A privacy issue was addressed by removing sensitive data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Xcode
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-23298 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Xcode
NVD VulDB
CVSS 3.1
5.5
EPSS
2.7%
CVE-2023-40435 MEDIUM This Month

This issue was addressed by enabling hardened runtime. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xcode
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-40391 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Xcode Ipados Iphone Os +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-32396 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Xcode Ipados Iphone Os +3
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-27967 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Xcode
NVD
CVSS 3.1
8.6
EPSS
0.2%
CVE-2023-27945 MEDIUM This Month

This issue was addressed with improved entitlements. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple Xcode
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2022-39260 HIGH This Week

Git is an open source, scalable, distributed revision control system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Heap Overflow Buffer Overflow Git Fedora +2
NVD GitHub
CVSS 3.1
8.8
EPSS
2.9%
CVE-2022-39253 MEDIUM This Month

Git is an open source, scalable, distributed revision control system. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Git Fedora Xcode Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.3%
CVE-2022-29187 HIGH This Week

Git is a distributed revision control system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Git Fedora Xcode +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-26747 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xcode
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-24765 HIGH This Week

Git for Windows is a fork of Git containing Windows-specific patches. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Git Fedora Xcode +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-22608 HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Xcode
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-22607 HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Xcode
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-22606 HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Xcode
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-22605 HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Xcode
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-22604 HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Xcode
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-22603 HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Xcode
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-22602 HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Xcode
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-22601 HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Xcode
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-1800 MEDIUM This Month

A path handling issue was addressed with improved validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Xcode
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-21300 HIGH POC PATCH THREAT Act Now

Git is an open-source distributed revision control system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Apple Microsoft Information Disclosure Git Fedora +2
NVD GitHub
CVSS 3.1
7.5
EPSS
88.6%
CVE-2020-9992 HIGH This Week

This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Xcode Ipados Iphone Os
NVD
CVSS 3.1
7.8
EPSS
3.0%
CVE-2019-8806 HIGH This Week

A memory corruption issue was addressed with improved validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Xcode
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2019-8800 HIGH This Week

A memory corruption issue was addressed with improved validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Xcode
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2019-8739 HIGH This Week

A memory corruption issue was addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Xcode
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2019-8738 HIGH This Week

A memory corruption issue was addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Xcode
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2019-8724 HIGH This Week

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Xcode
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2019-8723 HIGH This Week

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Xcode
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2019-8722 HIGH This Week

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Xcode
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-8721 HIGH This Week

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Xcode
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2019-14379 Maven CRITICAL PATCH Act Now

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup),. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Java Prototype Pollution RCE Jackson Databind Debian Linux +22
NVD GitHub
CVSS 3.1
9.8
EPSS
8.0%
CVE-2019-3855 HIGH PATCH This Week

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libssh2 Fedora Debian Linux +11
NVD
CVSS 3.1
8.8
EPSS
9.2%
CVE-2018-16845 MEDIUM PATCH This Month

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Nginx Debian Linux Ubuntu Linux Leap +1
NVD
CVSS 3.1
6.1
EPSS
9.8%
CVE-2018-16844 HIGH This Week

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nginx Debian Linux Ubuntu Linux Xcode
NVD
CVSS 3.1
7.5
EPSS
12.4%
CVE-2018-16843 HIGH This Week

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nginx Debian Linux Ubuntu Linux Leap +1
NVD
CVSS 3.1
7.5
EPSS
47.1%
CVE-2018-4164 CRITICAL Act Now

An issue was discovered in certain Apple products. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Xcode
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2017-7137 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Denial Of Service Xcode
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2017-7136 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Denial Of Service Xcode
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2017-7135 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Denial Of Service Xcode
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2017-7134 HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Denial Of Service Xcode
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2017-7529 HIGH Act Now

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 91.9% and no vendor patch available.

Integer Overflow Nginx Information Disclosure Puppet Enterprise Xcode
NVD
CVSS 3.1
7.5
EPSS
91.9%
Threat
4.3
CVE-2016-4705 HIGH This Week

otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Buffer Overflow Xcode
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-4704 HIGH This Week

otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Buffer Overflow Xcode
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-1765 HIGH This Week

otool in Apple Xcode before 7.3 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Buffer Overflow Xcode
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-0747 MEDIUM PATCH This Month

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 20.0%.

Nginx Denial Of Service Ubuntu Linux Debian Linux Leap +1
NVD
CVSS 3.1
5.3
EPSS
20.0%
CVE-2016-0746 CRITICAL PATCH Act Now

Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Nginx Memory Corruption Denial Of Service Use After Free Ubuntu Linux +3
NVD
CVSS 3.1
9.8
EPSS
6.3%
CVE-2016-0742 HIGH PATCH Act Now

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 78.8%.

Nginx Denial Of Service Null Pointer Dereference Ubuntu Linux Debian Linux +3
NVD
CVSS 3.1
7.5
EPSS
78.8%
CVE-2015-7057 MEDIUM This Month

otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7049. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Buffer Overflow Xcode
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2015-7056 MEDIUM This Month

IDE SCM in Apple Xcode before 7.2 does not recognize .gitignore files, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging the presence of a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Xcode
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-7049 MEDIUM This Month

otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7057. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Buffer Overflow Xcode
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2015-7030 HIGH This Week

The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Xcode
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2015-5910 LOW PATCH Monitor

IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server traffic is encrypted, which allows remote attackers to obtain sensitive information by sniffing the network. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apple Information Disclosure Xcode
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2015-5909 MEDIUM PATCH This Month

IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attackers to obtain potentially sensitive build information in. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apple Information Disclosure Xcode
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-3187 MEDIUM This Month

The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Subversion Xcode
NVD
CVSS 2.0
4.0
EPSS
0.9%
CVE-2015-3184 MEDIUM This Month

mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.0% and no vendor patch available.

Information Disclosure Apache Xcode Subversion
NVD
CVSS 2.0
5.0
EPSS
17.0%
CVE-2015-3185 MEDIUM This Month

The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Apache Ubuntu Linux Http Server Xcode +3
NVD GitHub
CVSS 2.0
4.3
EPSS
9.5%
CVE-2015-3027 MEDIUM This Month

Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Privilege Escalation Xcode
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2015-1149 HIGH This Week

Integer overflow in the simulator in Swift in Apple Xcode before 6.3 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact by triggering an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Denial Of Service Xcode
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2015-0251 MEDIUM This Month

The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Subversion Opensuse Enterprise Linux Desktop Enterprise Linux Hpc Node +5
NVD
CVSS 2.0
4.0
EPSS
1.1%
CVE-2015-0248 MEDIUM This Month

The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.8% and no vendor patch available.

Denial Of Service Subversion Opensuse Xcode Enterprise Linux Desktop +5
NVD
CVSS 2.0
5.0
EPSS
15.8%
CVE-2014-8108 MEDIUM PATCH This Month

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Apache Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server +3
NVD
CVSS 2.0
5.0
EPSS
5.0%
CVE-2014-3580 MEDIUM PATCH This Month

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.7%.

Denial Of Service Apache Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server +5
NVD
CVSS 2.0
5.0
EPSS
13.7%
CVE-2014-6394 npm HIGH POC PATCH This Week

visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Node.js Fedora Xcode Node Js
NVD GitHub
CVSS 2.0
7.5
EPSS
4.8%
CVE-2014-3528 MEDIUM This Month

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Apache Authentication Bypass Opensuse Subversion Ubuntu Linux +6
NVD
CVSS 2.0
4.0
EPSS
3.4%
CVE-2014-3522 MEDIUM PATCH This Month

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable.

Information Disclosure Apache Subversion Opensuse Ubuntu Linux +1
NVD
CVSS 2.0
4.0
EPSS
2.6%
CVE-2012-3698 MEDIUM This Month

Apple Xcode before 4.4 does not properly compose a designated requirement (DR) during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apple Xcode
NVD
CVSS 2.0
5.0
EPSS
0.2%
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Xcode versions prior to 26.4 contain an out-of-bounds read vulnerability that can be triggered by local users with user interaction to cause unexpected application or system termination. This denial-of-service condition affects developers and build systems using vulnerable Xcode installations. No patch is currently available.

Buffer Overflow Information Disclosure Xcode
NVD VulDB
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

A permissions bypass vulnerability in Apple Xcode allows unprivileged applications to read arbitrary files with root-level privileges due to insufficient access controls. The vulnerability affects Xcode versions prior to 26.4 and could enable attackers to exfiltrate sensitive system files or configuration data. While no CVSS score or EPSS data is currently published, the ability to read arbitrary files as root represents a critical privilege escalation issue that warrants immediate patching.

Privilege Escalation Xcode
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Month

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Xcode
NVD
EPSS 0% CVSS 4.9
MEDIUM Monitor

A buffer overflow was addressed with improved bounds checking. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Xcode
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Xcode
NVD
EPSS 0% CVSS 8.2
HIGH This Month

This issue was addressed with improved checks. Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Xcode
NVD
EPSS 0% CVSS 4.0
MEDIUM Monitor

A path handling issue was addressed with improved validation. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Xcode
NVD
EPSS 0% CVSS 7.1
HIGH This Month

The issue was addressed with improved checks. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Xcode
NVD
EPSS 0% CVSS 8.0
HIGH KEV PATCH THREAT Act Now

Git contains a CRLF injection vulnerability (CVE-2025-48384, CVSS 8.0) in its config handling that allows attackers to escape header lines and modify config values. KEV-listed, this vulnerability in the world's most widely used version control system enables config injection attacks that could lead to arbitrary code execution through Git hooks, credential theft, or repository manipulation.

Information Disclosure Ubuntu Debian +5
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Xcode
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xcode
NVD
EPSS 0% CVSS 7.5
HIGH This Week

This issue was addressed with improved permissions checking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Xcode
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed through improved state management. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Xcode +6
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

This issue was addressed by enabling hardened runtime. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Xcode
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A privacy issue was addressed by removing sensitive data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Xcode
NVD
EPSS 3% CVSS 5.5
MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Xcode
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

This issue was addressed by enabling hardened runtime. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xcode
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Xcode +4
NVD
EPSS 0% CVSS 7.8
HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Xcode +5
NVD
EPSS 0% CVSS 8.6
HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Xcode
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

This issue was addressed with improved entitlements. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple +1
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Git is an open source, scalable, distributed revision control system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Heap Overflow Buffer Overflow +4
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM This Month

Git is an open source, scalable, distributed revision control system. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Git Fedora +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Git is a distributed revision control system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Git +3
NVD GitHub
EPSS 1% CVSS 7.8
HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xcode
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Git for Windows is a fork of Git containing Windows-specific patches. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Git +3
NVD GitHub
EPSS 1% CVSS 7.8
HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure +1
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

A path handling issue was addressed with improved validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Xcode
NVD
EPSS 89% CVSS 7.5
HIGH POC PATCH THREAT Act Now

Git is an open-source distributed revision control system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Apple Microsoft Information Disclosure +4
NVD GitHub
EPSS 3% CVSS 7.8
HIGH This Week

This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Xcode +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A memory corruption issue was addressed with improved validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A memory corruption issue was addressed with improved validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A memory corruption issue was addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A memory corruption issue was addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Xcode
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Xcode
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Xcode
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Xcode
NVD
EPSS 8% CVSS 9.8
CRITICAL PATCH Act Now

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup),. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Java Prototype Pollution RCE +24
NVD GitHub
EPSS 9% CVSS 8.8
HIGH PATCH This Week

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libssh2 +13
NVD
EPSS 10% CVSS 6.1
MEDIUM PATCH This Month

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Nginx Debian Linux +3
NVD
EPSS 12% CVSS 7.5
HIGH This Week

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nginx Debian Linux +2
NVD
EPSS 47% CVSS 7.5
HIGH This Week

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nginx Debian Linux +3
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

An issue was discovered in certain Apple products. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Xcode
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An issue was discovered in certain Apple products. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple +2
NVD
EPSS 92% 4.3 CVSS 7.5
HIGH Act Now

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 91.9% and no vendor patch available.

Integer Overflow Nginx Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors, a different vulnerability than. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

otool in Apple Xcode before 7.3 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Buffer Overflow +1
NVD
EPSS 20% CVSS 5.3
MEDIUM PATCH This Month

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 20.0%.

Nginx Denial Of Service Ubuntu Linux +3
NVD
EPSS 6% CVSS 9.8
CRITICAL PATCH Act Now

Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Nginx Memory Corruption Denial Of Service +5
NVD
EPSS 79% CVSS 7.5
HIGH PATCH Act Now

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 78.8%.

Nginx Denial Of Service Null Pointer Dereference +5
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7049. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Buffer Overflow +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

IDE SCM in Apple Xcode before 7.2 does not recognize .gitignore files, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging the presence of a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Xcode
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7057. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Buffer Overflow +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Xcode
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server traffic is encrypted, which allows remote attackers to obtain sensitive information by sniffing the network. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apple Information Disclosure Xcode
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attackers to obtain potentially sensitive build information in. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apple Information Disclosure Xcode
NVD
EPSS 1% CVSS 4.0
MEDIUM This Month

The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Subversion +1
NVD
EPSS 17% CVSS 5.0
MEDIUM This Month

mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.0% and no vendor patch available.

Information Disclosure Apache Xcode +1
NVD
EPSS 9% CVSS 4.3
MEDIUM This Month

The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Apache Ubuntu Linux +5
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM This Month

Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Privilege Escalation Xcode
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Integer overflow in the simulator in Swift in Apple Xcode before 6.3 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact by triggering an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Denial Of Service Xcode
NVD
EPSS 1% CVSS 4.0
MEDIUM This Month

The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Subversion Opensuse +7
NVD
EPSS 16% CVSS 5.0
MEDIUM This Month

The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.8% and no vendor patch available.

Denial Of Service Subversion Opensuse +7
NVD
EPSS 5% CVSS 5.0
MEDIUM PATCH This Month

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Apache Enterprise Linux Desktop +5
NVD
EPSS 14% CVSS 5.0
MEDIUM PATCH This Month

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.7%.

Denial Of Service Apache Enterprise Linux Desktop +7
NVD
EPSS 5% CVSS 7.5
HIGH POC PATCH This Week

visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Node.js Fedora +2
NVD GitHub
EPSS 3% CVSS 4.0
MEDIUM This Month

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Apache Authentication Bypass Opensuse +8
NVD
EPSS 3% CVSS 4.0
MEDIUM PATCH This Month

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable.

Information Disclosure Apache Subversion +3
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Apple Xcode before 4.4 does not properly compose a designated requirement (DR) during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apple Xcode
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy