Apple Xcode
74 CVEs affecting Apple Xcode. Latest disclosed: 2026-03-25. Critical: 1, High: 9.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-0746 | Critical | 9.8 | 2016-02-15 | Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker… |
CVE-2017-7137 | High | 7.8 | 2017-10-23 | An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the "ld64" component. It allows remote attackers to execute a… |
CVE-2017-7136 | High | 7.8 | 2017-10-23 | An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the "ld64" component. It allows remote attackers to execute a… |
CVE-2017-7135 | High | 7.8 | 2017-10-23 | An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the "ld64" component. It allows remote attackers to execute a… |
CVE-2017-7134 | High | 7.8 | 2017-10-23 | An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the "ld64" component. It allows remote attackers to execute a… |
CVE-2016-4705 | High | 7.8 | 2016-09-18 | otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vect… |
CVE-2016-4704 | High | 7.8 | 2016-09-18 | otool in Apple Xcode before 8 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vect… |
CVE-2016-1765 | High | 7.8 | 2016-03-24 | otool in Apple Xcode before 7.3 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified ve… |
CVE-2017-7529 | High | 7.5 | 2017-07-13 | Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of pote… |
CVE-2016-0742 | High | 7.5 | 2016-02-15 | The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process… |
CVE-2016-0747 | Medium | 5.3 | 2016-02-15 | The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service… |
CVE-2026-28890 | | 2026-03-25 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 26.4. An app may be able to cause unexpected system termination. | |
CVE-2026-28889 | | 2026-03-25 | A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 26.4. An app may be able to read arbitrary files as root. | |
CVE-2025-31186 | | 2026-01-16 | A permissions issue was addressed with additional restrictions. This issue is fixed in Xcode 16.3. An app may be able to bypass Privacy preferences. | |
CVE-2025-43504 | | 2025-11-04 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in Xcode 26.1. A user in a privileged network position may be able to cause… | |
CVE-2025-43505 | | 2025-11-04 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Xcode 26.1. Processing a maliciously crafted file may lead to… | |
CVE-2025-43375 | | 2025-09-15 | The issue was addressed with improved checks. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process. | |
CVE-2025-43263 | | 2025-09-15 | The issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to read and write files outside of its sandbox. | |
CVE-2025-43371 | | 2025-09-15 | This issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to break out of its sandbox. | |
CVE-2025-43370 | | 2025-09-15 | A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process. |