Apple Xcode vulnerabilities

CVE-2023-40391 [MEDIUM] CVE-2023-40391: The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iP The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14, Xcode 15. An app may be able to disclose kernel memory.

CVE-2022-32920 [MEDIUM] CVE-2022-32920: The issue was addressed with improved checks. This issue is fixed in Xcode 14.0. Parsing a file may The issue was addressed with improved checks. This issue is fixed in Xcode 14.0. Parsing a file may lead to disclosure of user information.

CVE-2023-27967 [HIGH] CVE-2023-27967: The issue was addressed with improved memory handling. This issue is fixed in Xcode 14.3. An app may The issue was addressed with improved memory handling. This issue is fixed in Xcode 14.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.

CVE-2023-27945 [MEDIUM] CWE-125 CVE-2023-27945: This issue was addressed with improved entitlements. This issue is fixed in Xcode 14.3, macOS Big Su This issue was addressed with improved entitlements. This issue is fixed in Xcode 14.3, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A sandboxed app may be able to collect system logs.

CVE-2022-42797 [HIGH] CWE-74 CVE-2022-42797: An injection issue was addressed with improved input validation. This issue is fixed in Xcode 14.1. An injection issue was addressed with improved input validation. This issue is fixed in Xcode 14.1. An app may be able to gain root privileges.

CVE-2022-39260 [HIGH] CWE-122 CVE-2022-39260: Git is an open source, scalable, distributed revision control system. `git shell` is a restricted lo Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int`

CVE-2022-39253 [MEDIUM] CWE-200 CVE-2022-39253: Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31 Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of t

CVE-2022-29187 [HIGH] CVE-2022-29187: Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by the

CVE-2022-26747 [HIGH] CVE-2022-26747: This issue was addressed with improved checks. This issue is fixed in Xcode 13.4. An app may be able This issue was addressed with improved checks. This issue is fixed in Xcode 13.4. An app may be able to gain elevated privileges.

CVE-2022-24765 [HIGH] CWE-427 CVE-2022-24765: Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects use Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching

CVE-2022-22607 [HIGH] CWE-125 CVE-2022-22607: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.

CVE-2022-22605 [HIGH] CWE-125 CVE-2022-22605: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.

CVE-2022-22608 [HIGH] CWE-125 CVE-2022-22608: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.

CVE-2022-22602 [HIGH] CWE-125 CVE-2022-22602: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.

CVE-2022-22601 [HIGH] CWE-125 CVE-2022-22601: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.

CVE-2022-22603 [HIGH] CWE-125 CVE-2022-22603: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.

CVE-2022-22604 [HIGH] CWE-125 CVE-2022-22604: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.

CVE-2022-22606 [HIGH] CWE-125 CVE-2022-22606: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.

CVE-2021-44228 [CRITICAL] CWE-20 CVE-2021-44228: Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LD

CVE-2021-1800 [MEDIUM] CVE-2021-1800: A path handling issue was addressed with improved validation. This issue is fixed in Xcode 12.4. A m A path handling issue was addressed with improved validation. This issue is fixed in Xcode 12.4. A malicious application may be able to access arbitrary files on the host device while running an app that uses on-demand resources with Xcode.