CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-32920
https://notcve.org/view.php?id=CVE-2022-32920
06 Sep 2023 — The issue was addressed with improved checks. This issue is fixed in Xcode 14.0. Parsing a file may lead to disclosure of user information. El problema se solucionó con comprobaciones mejoradas. Este problema se ha solucionado en Xcode 14.0. • https://support.apple.com/en-us/HT213883 •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27967
https://notcve.org/view.php?id=CVE-2023-27967
08 May 2023 — The issue was addressed with improved memory handling. This issue is fixed in Xcode 14.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges. • https://support.apple.com/en-us/HT213679 •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27945 – Apple Security Advisory 2023-05-18-4
https://notcve.org/view.php?id=CVE-2023-27945
08 May 2023 — This issue was addressed with improved entitlements. This issue is fixed in Xcode 14.3, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A sandboxed app may be able to collect system logs. macOS Monterey 12.6.6 addresses buffer overflow, bypass, code execution, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213679 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42797 – Apple Security Advisory 2022-11-01-1
https://notcve.org/view.php?id=CVE-2022-42797
08 Nov 2022 — An injection issue was addressed with improved input validation. This issue is fixed in Xcode 14.1. An app may be able to gain root privileges. Xcode 14.1 addresses code execution vulnerabilities. • https://support.apple.com/en-us/HT213496 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.5EPSS: 2%CPEs: 14EXPL: 2CVE-2022-39253 – Git subject to exposure of sensitive information via local clone of symbolic links
https://notcve.org/view.php?id=CVE-2022-39253
18 Oct 2022 — Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via... • https://github.com/ssst0n3/docker-cve-2022-39253-poc • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 1%CPEs: 14EXPL: 0CVE-2022-39260 – Git vulnerable to Remote Code Execution via Heap overflow in `git shell`
https://notcve.org/view.php?id=CVE-2022-39260
18 Oct 2022 — Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Beca... • http://seclists.org/fulldisclosure/2022/Nov/1 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2022-29187 – Bypass of safe.directory protections in Git
https://notcve.org/view.php?id=CVE-2022-29187
12 Jul 2022 — Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch fo... • http://seclists.org/fulldisclosure/2022/Nov/1 • CWE-282: Improper Ownership Management CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26747 – Apple Security Advisory 2022-05-16-8
https://notcve.org/view.php?id=CVE-2022-26747
17 May 2022 — This issue was addressed with improved checks. This issue is fixed in Xcode 13.4. An app may be able to gain elevated privileges. Este problema es corregido con comprobaciones mejoradas. Este problema es corregido en Xcode versión 13.4. • https://support.apple.com/en-us/HT213261 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-24765 – Uncontrolled search for the Git directory in Git for Windows
https://notcve.org/view.php?id=CVE-2022-24765
12 Apr 2022 — Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. • http://seclists.org/fulldisclosure/2022/May/31 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22601 – Apple Security Advisory 2022-03-14-7
https://notcve.org/view.php?id=CVE-2022-22601
15 Mar 2022 — An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. Se abordó una lectura fuera de límites con una comprobación de límites mejorada. Este problema es corregido en Xcode versión 13.3. • https://support.apple.com/en-us/HT213189 • CWE-125: Out-of-bounds Read •