本ページは apple xcode に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2022-32920 | The issue was addressed with improved checks. This issue is fixed in Xcode 14.0. Parsing a file may lead to disclosure of user information. | [email protected] | 5.5 | 0.11% | 2023-09-06 | 2024-11-21 |
| CVE-2023-27967 | The issue was addressed with improved memory handling. This issue is fixed in Xcode 14.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges. | [email protected] | 8.6 | 0.06% | 2023-05-08 | 2025-01-29 |
| CVE-2023-27945 | This issue was addressed with improved entitlements. This issue is fixed in Xcode 14.3, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A sandboxed app may be able to collect system logs. | [email protected] | 6.3 | 0.05% | 2023-05-08 | 2025-01-29 |
| CVE-2022-42797 | An injection issue was addressed with improved input validation. This issue is fixed in Xcode 14.1. An app may be able to gain root privileges. | [email protected] | 7.8 | 0.29% | 2023-02-27 | 2024-11-21 |
| CVE-2022-39260 | Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap | [email protected] | 8.5 | 2.23% | 2022-10-19 | 2024-11-21 |
| CVE-2022-39253 | Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are | [email protected] | 5.5 | 2.58% | 2022-10-19 | 2024-11-21 |
| CVE-2022-29187 | Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contai | [email protected] | 7.8 | 0.05% | 2022-07-12 | 2024-11-21 |
| CVE-2022-26747 | This issue was addressed with improved checks. This issue is fixed in Xcode 13.4. An app may be able to gain elevated privileges. | [email protected] | 7.8 | 0.22% | 2022-05-26 | 2024-11-21 |
| CVE-2022-24765 | Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as we | [email protected] | 6.0 | 0.19% | 2022-04-12 | 2024-11-21 |
| CVE-2022-22608 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | [email protected] | 7.8 | 0.44% | 2022-03-18 | 2024-11-21 |
| CVE-2022-22607 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | [email protected] | 7.8 | 0.44% | 2022-03-18 | 2024-11-21 |
| CVE-2022-22606 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | [email protected] | 7.8 | 0.44% | 2022-03-18 | 2024-11-21 |
| CVE-2022-22605 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | [email protected] | 7.8 | 0.44% | 2022-03-18 | 2024-11-21 |
| CVE-2022-22604 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | [email protected] | 7.8 | 0.44% | 2022-03-18 | 2024-11-21 |
| CVE-2022-22603 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | [email protected] | 7.8 | 0.44% | 2022-03-18 | 2024-11-21 |
| CVE-2022-22602 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | [email protected] | 7.8 | 0.44% | 2022-03-18 | 2024-11-21 |
| CVE-2022-22601 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | [email protected] | 7.8 | 0.44% | 2022-03-18 | 2024-11-21 |
| CVE-2021-44228 KEV | Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along wit | [email protected] | 10.0 | 94.36% | 2021-12-10 | 2026-02-20 |
| CVE-2021-1800 | A path handling issue was addressed with improved validation. This issue is fixed in Xcode 12.4. A malicious application may be able to access arbitrary files on the host device while running an app that uses on-demand resources with Xcode. | [email protected] | 5.5 | 0.20% | 2021-04-02 | 2024-11-21 |
| CVE-2021-21300 | Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, a | [email protected] | 8.0 | 58.28% | 2021-03-09 | 2024-11-21 |