CVSS: 6.2EPSS: 0%CPEs: 27EXPL: 0CVE-2012-3698
https://notcve.org/view.php?id=CVE-2012-3698
26 Jul 2012 — Apple Xcode before 4.4 does not properly compose a designated requirement (DR) during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a crafted app, as demonstrated by the keychain entries of a (1) helper tool or (2) command-line tool. Apple Xcode antes de v4.4 no compone adecuadamente una solicitud designada (DR) durante la firma de programas que no cuenta con identificadores de paquetes, lo que permite a atacantes remotos leer las entradas de la... • http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 11EXPL: 0CVE-2008-2318
https://notcve.org/view.php?id=CVE-2008-2318
14 Jul 2008 — The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs. La implementación WOHyperlink de WebObjects de Apple Xcode tools anterior a 3.1 , añade los IDs de sesiones locales a URLs no generadas en local, esto permite a atacantes remotos obtener información potencialmente sensible leyendo las solicitudes de estas URLs. • http://lists.apple.com/archives/security-announce//2008/Jul/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2006-5327
https://notcve.org/view.php?id=CVE-2006-5327
17 Oct 2006 — Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain TAR_OPTIONS environment variable settings, when gnutar is invoked by OpenBase. Vulnerabilidad de ruta de búsqueda en un fichero no confiable en OpenBase SQL 10.0 y anteriores, al usarlo en Apple Xcode 2.2 y anteriores y po... • http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2006-5328
https://notcve.org/view.php?id=CVE-2006-5328
17 Oct 2006 — OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to create arbitrary files via a symlink attack on the simulation.sql file. OpenBase SQL 10.0 y anteriores, al usarlo en Apple Xcode 2.2 y anteriores y posiblemente otros productos, permite a usuarios locales crear archivos de su elección mediante un ataque de enlace simbólico en el fichero simulation.sql. • http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2006-1466
https://notcve.org/view.php?id=CVE-2006-1466
24 May 2006 — Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects plugin, allows remote attackers to access or modify WebObjects projects through a network service. • http://lists.apple.com/archives/security-announce/2006/May/msg00004.html •
CVSS: 9.8EPSS: 91%CPEs: 2EXPL: 5CVE-2004-2687 – DistCC Daemon - Command Execution
https://notcve.org/view.php?id=CVE-2004-2687
31 Dec 2004 — distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks. • https://www.exploit-db.com/exploits/9915 • CWE-16: Configuration •