Apple

XCode

92 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2019-20372

Exploit
  • EPSS 67.67%
  • Veröffentlicht 09.01.2020 21:15:12
  • Zuletzt bearbeitet 21.11.2024 04:38:19

NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.

7.8

CVE-2019-8806

  • EPSS 0.34%
  • Veröffentlicht 18.12.2019 18:15:43
  • Zuletzt bearbeitet 21.11.2024 04:50:30

A memory corruption issue was addressed with improved validation. This issue is fixed in Xcode 11.2. Processing a maliciously crafted file may lead to arbitrary code execution.

7.8

CVE-2019-8800

  • EPSS 0.34%
  • Veröffentlicht 18.12.2019 18:15:42
  • Zuletzt bearbeitet 21.11.2024 04:50:29

A memory corruption issue was addressed with improved validation. This issue is fixed in Xcode 11.2. Processing a maliciously crafted file may lead to arbitrary code execution.

7.8

CVE-2019-8739

  • EPSS 0.42%
  • Veröffentlicht 18.12.2019 18:15:38
  • Zuletzt bearbeitet 21.11.2024 04:50:23

A memory corruption issue was addressed with improved state management. This issue is fixed in Xcode 11.0. Processing a maliciously crafted file may lead to arbitrary code execution.

9.3

CVE-2019-8724

  • EPSS 0.46%
  • Veröffentlicht 18.12.2019 18:15:37
  • Zuletzt bearbeitet 21.11.2024 04:50:21

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.

7.8

CVE-2019-8738

  • EPSS 0.42%
  • Veröffentlicht 18.12.2019 18:15:37
  • Zuletzt bearbeitet 21.11.2024 04:50:23

A memory corruption issue was addressed with improved state management. This issue is fixed in Xcode 11.0. Processing a maliciously crafted file may lead to arbitrary code execution.

9.3

CVE-2019-8723

  • EPSS 0.46%
  • Veröffentlicht 18.12.2019 18:15:36
  • Zuletzt bearbeitet 21.11.2024 04:50:21

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.

9.3

CVE-2019-8722

  • EPSS 0.6%
  • Veröffentlicht 18.12.2019 18:15:36
  • Zuletzt bearbeitet 21.11.2024 04:50:21

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.

9.3

CVE-2019-8721

  • EPSS 0.6%
  • Veröffentlicht 18.12.2019 18:15:36
  • Zuletzt bearbeitet 21.11.2024 04:50:21

Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.

9.8

CVE-2019-14379

  • EPSS 1.8%
  • Veröffentlicht 29.07.2019 12:15:16
  • Zuletzt bearbeitet 21.11.2024 04:26:37

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.