Search

Find a vulnerability

Search criteria

    48 vulnerabilities found for wpe_webkit by wpewebkit

    CVE-2025-43343 (GCVE-0-2025-43343)

    Vulnerability from nvd – Published: 2025-09-15 22:35 – Updated: 2026-04-02 18:21
    VLAI
    Summary
    The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Processing maliciously crafted web content may lead to an unexpected process crash
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-43343",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-16T13:36:38.705148Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-119",
                    "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-16T17:24:21.978Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-12-17T14:48:14.043Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2025/Sep/57"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Sep/53"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Sep/59"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Sep/49"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/10/13/4"
              },
              {
                "url": "https://access.redhat.com/errata/RHSA-2025:19946"
              },
              {
                "url": "https://ubuntu.com/security/CVE-2025-43343"
              },
              {
                "url": "https://security-tracker.debian.org/tracker/CVE-2025-43343"
              },
              {
                "url": "https://webkitgtk.org/security/WSA-2025-0007.html"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Safari",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing maliciously crafted web content may lead to an unexpected process crash",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:21:37.147Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/125108"
            },
            {
              "url": "https://support.apple.com/en-us/125110"
            },
            {
              "url": "https://support.apple.com/en-us/125113"
            },
            {
              "url": "https://support.apple.com/en-us/125114"
            },
            {
              "url": "https://support.apple.com/en-us/125115"
            },
            {
              "url": "https://support.apple.com/en-us/125116"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2025-43343",
        "datePublished": "2025-09-15T22:35:30.400Z",
        "dateReserved": "2025-04-16T15:24:37.110Z",
        "dateUpdated": "2026-04-02T18:21:37.147Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-43342 (GCVE-0-2025-43342)

    Vulnerability from nvd – Published: 2025-09-15 22:35 – Updated: 2026-04-02 18:18
    VLAI
    Summary
    A correctness issue was addressed with improved checks. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Processing maliciously crafted web content may lead to an unexpected process crash
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Apple Safari Affected: 0 , < 26 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: 0 , < 18.7 (custom)
    Affected: 0 , < 26 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 26 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 26 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 26 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 26 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-43342",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-16T13:38:38.852885Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20 Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-16T17:25:29.262Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T21:10:40.303Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2025/Sep/57"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Sep/53"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Sep/59"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Sep/49"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/09/22/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Safari",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "18.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A correctness issue was addressed with improved checks. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing maliciously crafted web content may lead to an unexpected process crash",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:18:35.046Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/125108"
            },
            {
              "url": "https://support.apple.com/en-us/125109"
            },
            {
              "url": "https://support.apple.com/en-us/125110"
            },
            {
              "url": "https://support.apple.com/en-us/125113"
            },
            {
              "url": "https://support.apple.com/en-us/125114"
            },
            {
              "url": "https://support.apple.com/en-us/125115"
            },
            {
              "url": "https://support.apple.com/en-us/125116"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2025-43342",
        "datePublished": "2025-09-15T22:35:12.163Z",
        "dateReserved": "2025-04-16T15:24:37.110Z",
        "dateUpdated": "2026-04-02T18:18:35.046Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-31277 (GCVE-0-2025-31277)

    Vulnerability from nvd – Published: 2025-07-29 23:29 – Updated: 2026-06-30 03:16
    VLAI CISA KEVIntel
    Summary
    The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Processing maliciously crafted web content may lead to memory corruption
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    References
    URL Tags
    https://support.apple.com/en-us/124147
    https://support.apple.com/en-us/124149
    https://support.apple.com/en-us/124152
    https://support.apple.com/en-us/124153
    https://support.apple.com/en-us/124154
    https://support.apple.com/en-us/124155
    https://cloud.google.com/blog/topics/threat-intel… third-party-advisory
    https://www.cisa.gov/known-exploited-vulnerabilit… government-resource
    http://seclists.org/fulldisclosure/2025/Aug/0
    http://seclists.org/fulldisclosure/2025/Jul/36
    http://seclists.org/fulldisclosure/2025/Jul/32
    http://seclists.org/fulldisclosure/2025/Jul/30
    https://access.redhat.com/security/cve/CVE-2025-31277 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2448780 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2025:19352 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:17802 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19157 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19165 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19109 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:17807 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:17643 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:17743 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:17741 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:18097 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Apple Safari Affected: 0 , < 18.6 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: 0 , < 18.6 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 15.6 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 18.6 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 2.6 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 11.6 (custom)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server (v. 7 ELS)     cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server Optional (v. 7 ELS)     cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v. 8.2)     cpe:/a:redhat:rhel_aus:8.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.4)     cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)     cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.6)     cpe:/a:redhat:rhel_aus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.6)     cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.6)     cpe:/a:redhat:rhel_tus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.8)     cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.8)     cpe:/a:redhat:rhel_tus:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-31277",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-31T03:56:01.249253Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-31277",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-21T04:00:59.438579Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-03-20",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31277"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-119",
                    "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-23T13:14:07.203Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory"
                ],
                "url": "https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain/"
              },
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31277"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:52:50.809Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2025/Aug/0"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/36"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/32"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/30"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.2::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-03-18T00:00:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in WebKitGTK. Processing malicious web content can cause memory corruption due to improper memory handling."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T03:16:57.786Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2025-31277"
              },
              {
                "name": "RHBZ#2448780",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448780"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31277.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2025:19352"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2025:17802"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2025:19157"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2025:19165"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2025:19109"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2025:17807"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2025:17643"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2025:17743"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2025:17741"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2025:18097"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2025:19352: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)"
              },
              {
                "lang": "en",
                "value": "RHSA-2025:17802: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2025:19157: Red Hat Enterprise Linux AppStream AUS (v. 8.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2025:19165: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2025:19109: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2025:17807: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2025:17643: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2025:17743: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2025:17741: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2025:18097: Red Hat Enterprise Linux AppStream (v. 9)"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-03-18T20:06:11.785Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-03-18T00:00:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "webkitgtk: Processing maliciously crafted web content may lead to memory corruption",
            "workarounds": [
              {
                "lang": "en",
                "value": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Safari",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "18.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "18.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "15.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "18.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "2.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "11.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing maliciously crafted web content may lead to memory corruption",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:27:12.615Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/124147"
            },
            {
              "url": "https://support.apple.com/en-us/124149"
            },
            {
              "url": "https://support.apple.com/en-us/124152"
            },
            {
              "url": "https://support.apple.com/en-us/124153"
            },
            {
              "url": "https://support.apple.com/en-us/124154"
            },
            {
              "url": "https://support.apple.com/en-us/124155"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2025-31277",
        "datePublished": "2025-07-29T23:29:31.341Z",
        "dateReserved": "2025-03-27T16:13:58.344Z",
        "dateUpdated": "2026-06-30T03:16:57.786Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-6558 (GCVE-0-2025-6558)

    Vulnerability from nvd – Published: 2025-07-15 18:12 – Updated: 2026-02-26 17:50
    VLAI CISA KEVIntel
    Summary
    Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Insufficient validation of untrusted input
    Assigner
    Impacted products
    Vendor Product Version
    Google Chrome Affected: 138.0.7204.157 , < 138.0.7204.157 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6558",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-22T03:55:29.491017Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2025-07-22",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6558"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:50:40.914Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6558"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2025-07-22T00:00:00.000Z",
                "value": "CVE-2025-6558 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T21:14:50.202Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Aug/0"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/37"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/35"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/32"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/30"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/08/02/1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "138.0.7204.157",
                  "status": "affected",
                  "version": "138.0.7204.157",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Insufficient validation of untrusted input",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-15T18:12:36.848Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html"
            },
            {
              "url": "https://issues.chromium.org/issues/427162086"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2025-6558",
        "datePublished": "2025-07-15T18:12:36.848Z",
        "dateReserved": "2025-06-23T22:30:38.590Z",
        "dateUpdated": "2026-02-26T17:50:40.914Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-27834 (GCVE-0-2024-27834)

    Vulnerability from nvd – Published: 2024-05-13 23:00 – Updated: 2026-04-02 18:15
    VLAI
    Summary
    The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, watchOS 10.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication
    • CWE-277 - Insecure Inherited Permissions
    Assigner
    Impacted products
    Vendor Product Version
    Apple Safari Affected: 0 , < 17.5 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: 0 , < 16.7.8 (custom)
    Affected: 0 , < 17.5 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 14.5 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 17.5 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 10.5 (custom)
    Create a notification for this product.
    apple ipad_os Affected: 0 , < 17.5 (custom)
        cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*
    Create a notification for this product.
    apple macos Affected: 0 , < 14.5 (custom)
        cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
    Create a notification for this product.
    apple tvos Affected: 0 , < 17.5 (custom)
        cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*
    Create a notification for this product.
    apple watchos Affected: 0 , < 10.5 (custom)
        cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple iphone_os Affected: 0 , < 17.5 (custom)
        cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ipad_os",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "macos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "14.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "tvos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "watchos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "10.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "iphone_os",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-27834",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-16T04:00:11.988391Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-277",
                    "description": "CWE-277 Insecure Inherited Permissions",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-06T15:23:00.293Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T17:18:39.702Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214101"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214106"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214104"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214103"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214102"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/May/17"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/05/21/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/May/10"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/May/9"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/May/12"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/May/16"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WKIXADCW3O4R2OOSDZGPU55XQFE6NA3M/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADCLQW54XN37VJZNYD3UKCYATJFIMYXG/"
              },
              {
                "url": "https://support.apple.com/kb/HT214106"
              },
              {
                "url": "https://support.apple.com/kb/HT214104"
              },
              {
                "url": "https://support.apple.com/kb/HT214102"
              },
              {
                "url": "https://support.apple.com/kb/HT214100"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Safari",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "16.7.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "17.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "10.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, watchOS 10.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:15:05.001Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/120896"
            },
            {
              "url": "https://support.apple.com/en-us/120898"
            },
            {
              "url": "https://support.apple.com/en-us/120901"
            },
            {
              "url": "https://support.apple.com/en-us/120902"
            },
            {
              "url": "https://support.apple.com/en-us/120903"
            },
            {
              "url": "https://support.apple.com/en-us/120905"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-27834",
        "datePublished": "2024-05-13T23:00:50.836Z",
        "dateReserved": "2024-02-26T15:32:28.527Z",
        "dateUpdated": "2026-04-02T18:15:05.001Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-23284 (GCVE-0-2024-23284)

    Vulnerability from nvd – Published: 2024-03-08 01:35 – Updated: 2026-04-02 18:17
    VLAI
    Summary
    A logic issue was addressed with improved state management. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Processing maliciously crafted web content may prevent Content Security Policy from being enforced
    • CWE-693 - Protection Mechanism Failure
    Assigner
    References
    URL Tags
    https://support.apple.com/en-us/120880
    https://support.apple.com/en-us/120881
    https://support.apple.com/en-us/120882
    https://support.apple.com/en-us/120883
    https://support.apple.com/en-us/120893
    https://support.apple.com/en-us/120894
    https://support.apple.com/en-us/120895
    https://support.apple.com/en-us/HT214087 x_transferred
    https://support.apple.com/en-us/HT214086 x_transferred
    https://support.apple.com/en-us/HT214081 x_transferred
    https://support.apple.com/en-us/HT214082 x_transferred
    https://support.apple.com/en-us/HT214089 x_transferred
    https://support.apple.com/en-us/HT214084 x_transferred
    https://support.apple.com/en-us/HT214088 x_transferred
    http://seclists.org/fulldisclosure/2024/Mar/20 x_transferred
    http://seclists.org/fulldisclosure/2024/Mar/21 x_transferred
    http://seclists.org/fulldisclosure/2024/Mar/25 x_transferred
    http://seclists.org/fulldisclosure/2024/Mar/24 x_transferred
    http://seclists.org/fulldisclosure/2024/Mar/26 x_transferred
    https://lists.fedoraproject.org/archives/list/pac… x_transferred
    https://lists.fedoraproject.org/archives/list/pac… x_transferred
    https://lists.fedoraproject.org/archives/list/pac… x_transferred
    http://www.openwall.com/lists/oss-security/2024/03/26/1 x_transferred
    https://lists.fedoraproject.org/archives/list/pac… x_transferred
    https://support.apple.com/kb/HT214089
    https://support.apple.com/kb/HT214087
    https://support.apple.com/kb/HT214084
    https://support.apple.com/kb/HT214082
    https://support.apple.com/kb/HT214081
    Impacted products
    Vendor Product Version
    Apple Safari Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: 0 , < 16.7.6 (custom)
    Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 14.4 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 1.1 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 10.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:27:47.552Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214087"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214086"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214081"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214082"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214089"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214084"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214088"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/20"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/25"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/24"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/26"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
              },
              {
                "url": "https://support.apple.com/kb/HT214089"
              },
              {
                "url": "https://support.apple.com/kb/HT214087"
              },
              {
                "url": "https://support.apple.com/kb/HT214084"
              },
              {
                "url": "https://support.apple.com/kb/HT214082"
              },
              {
                "url": "https://support.apple.com/kb/HT214081"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23284",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-07T04:00:29.525435Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-693",
                    "description": "CWE-693 Protection Mechanism Failure",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-28T20:45:42.133Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Safari",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "16.7.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "1.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "10.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A logic issue was addressed with improved state management. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing maliciously crafted web content may prevent Content Security Policy from being enforced",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:17:06.626Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/120880"
            },
            {
              "url": "https://support.apple.com/en-us/120881"
            },
            {
              "url": "https://support.apple.com/en-us/120882"
            },
            {
              "url": "https://support.apple.com/en-us/120883"
            },
            {
              "url": "https://support.apple.com/en-us/120893"
            },
            {
              "url": "https://support.apple.com/en-us/120894"
            },
            {
              "url": "https://support.apple.com/en-us/120895"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-23284",
        "datePublished": "2024-03-08T01:35:43.782Z",
        "dateReserved": "2024-01-12T22:22:21.499Z",
        "dateUpdated": "2026-04-02T18:17:06.626Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-23280 (GCVE-0-2024-23280)

    Vulnerability from nvd – Published: 2024-03-08 01:36 – Updated: 2026-04-02 18:25
    VLAI
    Summary
    An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A maliciously crafted webpage may be able to fingerprint the user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Apple Safari Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 14.4 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 10.4 (custom)
    Create a notification for this product.
    apple tvos Affected: 0 , < 17.4 (custom)
        cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple ios Affected: 0 , < 17.4 (custom)
        cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple ipados Affected: 0 , < 17.4 (custom)
        cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple safari Affected: 0 , < 17.4 (custom)
        cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple macos Affected: 0 , < 17.4 (custom)
        cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple watchos Affected: 0 , < 17.4 (custom)
        cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:27:35.598Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214086"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214081"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214089"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214084"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214088"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/20"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/25"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/24"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
              },
              {
                "url": "https://support.apple.com/kb/HT214089"
              },
              {
                "url": "https://support.apple.com/kb/HT214086"
              },
              {
                "url": "https://support.apple.com/kb/HT214084"
              },
              {
                "url": "https://support.apple.com/kb/HT214081"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "tvos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ios",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ipados",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "safari",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "macos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "watchos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23280",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-28T20:33:30.944280Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-31T16:45:41.969Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Safari",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "10.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A maliciously crafted webpage may be able to fingerprint the user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "A maliciously crafted webpage may be able to fingerprint the user",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:25:29.626Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/120881"
            },
            {
              "url": "https://support.apple.com/en-us/120882"
            },
            {
              "url": "https://support.apple.com/en-us/120893"
            },
            {
              "url": "https://support.apple.com/en-us/120894"
            },
            {
              "url": "https://support.apple.com/en-us/120895"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-23280",
        "datePublished": "2024-03-08T01:36:14.625Z",
        "dateReserved": "2024-01-12T22:22:21.499Z",
        "dateUpdated": "2026-04-02T18:25:29.626Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-23263 (GCVE-0-2024-23263)

    Vulnerability from nvd – Published: 2024-03-08 01:36 – Updated: 2026-04-02 18:26
    VLAI
    Summary
    A logic issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Processing maliciously crafted web content may prevent Content Security Policy from being enforced
    • CWE-20 - Improper Input Validation
    Assigner
    References
    URL Tags
    https://support.apple.com/en-us/120880
    https://support.apple.com/en-us/120881
    https://support.apple.com/en-us/120882
    https://support.apple.com/en-us/120883
    https://support.apple.com/en-us/120893
    https://support.apple.com/en-us/120894
    https://support.apple.com/en-us/120895
    https://support.apple.com/en-us/HT214087 x_transferred
    https://support.apple.com/en-us/HT214086 x_transferred
    https://support.apple.com/en-us/HT214081 x_transferred
    https://support.apple.com/en-us/HT214082 x_transferred
    https://support.apple.com/en-us/HT214089 x_transferred
    https://support.apple.com/en-us/HT214084 x_transferred
    https://support.apple.com/en-us/HT214088 x_transferred
    http://seclists.org/fulldisclosure/2024/Mar/20 x_transferred
    http://seclists.org/fulldisclosure/2024/Mar/21 x_transferred
    http://seclists.org/fulldisclosure/2024/Mar/25 x_transferred
    http://seclists.org/fulldisclosure/2024/Mar/24 x_transferred
    http://seclists.org/fulldisclosure/2024/Mar/26 x_transferred
    https://lists.fedoraproject.org/archives/list/pac… x_transferred
    https://lists.fedoraproject.org/archives/list/pac… x_transferred
    https://lists.fedoraproject.org/archives/list/pac… x_transferred
    http://www.openwall.com/lists/oss-security/2024/03/26/1 x_transferred
    https://lists.fedoraproject.org/archives/list/pac… x_transferred
    https://support.apple.com/kb/HT214089
    https://support.apple.com/kb/HT214087
    https://support.apple.com/kb/HT214084
    https://support.apple.com/kb/HT214082
    https://support.apple.com/kb/HT214081
    Impacted products
    Vendor Product Version
    Apple Safari Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: 0 , < 16.7.6 (custom)
    Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 14.4 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 1.1 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 10.4 (custom)
    Create a notification for this product.
    apple visionos Affected: 0 , < 1.1 (semver)
        cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*
    Create a notification for this product.
    apple tvos Affected: 0 , < 17.4 (semver)
        cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*
    Create a notification for this product.
    apple iphone_os Affected: 16.7 , < 16.7.6 (semver)
        cpe:2.3:o:apple:iphone_os:16.7:*:*:*:*:*:*:*
    Create a notification for this product.
    apple ipad_os Affected: 16.7 , < 16.7.6 (semver)
        cpe:2.3:o:apple:ipad_os:16.7:*:*:*:*:*:*:*
    Create a notification for this product.
    apple iphone_os Affected: 17.0 , < 17.4 (semver)
        cpe:2.3:o:apple:iphone_os:17.0:*:*:*:*:*:*:*
    Create a notification for this product.
    apple ipad_os Affected: 17.0 , < 17.4 (semver)
        cpe:2.3:o:apple:ipad_os:17.0:*:*:*:*:*:*:*
    Create a notification for this product.
    apple macos Affected: 14.0 , < 14.4 (semver)
        cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*
    Create a notification for this product.
    apple watchos Affected: 0 , < 10.4 (semver)
        cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
    Create a notification for this product.
    webkitgtk webkitgtk Affected: 0 , < 2.45.2 (semver)
        cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple safari Affected: 0 , < 17.4 (semver)
        cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "visionos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "1.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "tvos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:iphone_os:16.7:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "iphone_os",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "16.7.6",
                    "status": "affected",
                    "version": "16.7",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:ipad_os:16.7:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "ipad_os",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "16.7.6",
                    "status": "affected",
                    "version": "16.7",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:iphone_os:17.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "iphone_os",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "17.0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:ipad_os:17.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "ipad_os",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "17.0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "macos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "14.4",
                    "status": "affected",
                    "version": "14.0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "watchos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "10.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "webkitgtk",
                "vendor": "webkitgtk",
                "versions": [
                  {
                    "lessThan": "2.45.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "safari",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23263",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-18T04:00:44.910447Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20 Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-06T14:06:07.414Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:26:26.256Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214087"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214086"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214081"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214082"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214089"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214084"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214088"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/20"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/25"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/24"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/26"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
              },
              {
                "url": "https://support.apple.com/kb/HT214089"
              },
              {
                "url": "https://support.apple.com/kb/HT214087"
              },
              {
                "url": "https://support.apple.com/kb/HT214084"
              },
              {
                "url": "https://support.apple.com/kb/HT214082"
              },
              {
                "url": "https://support.apple.com/kb/HT214081"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Safari",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "16.7.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "1.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "10.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A logic issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing maliciously crafted web content may prevent Content Security Policy from being enforced",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:26:35.629Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/120880"
            },
            {
              "url": "https://support.apple.com/en-us/120881"
            },
            {
              "url": "https://support.apple.com/en-us/120882"
            },
            {
              "url": "https://support.apple.com/en-us/120883"
            },
            {
              "url": "https://support.apple.com/en-us/120893"
            },
            {
              "url": "https://support.apple.com/en-us/120894"
            },
            {
              "url": "https://support.apple.com/en-us/120895"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-23263",
        "datePublished": "2024-03-08T01:36:19.295Z",
        "dateReserved": "2024-01-12T22:22:21.490Z",
        "dateUpdated": "2026-04-02T18:26:35.629Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-23254 (GCVE-0-2024-23254)

    Vulnerability from nvd – Published: 2024-03-08 01:36 – Updated: 2026-04-02 18:23
    VLAI
    Summary
    The issue was addressed with improved UI handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. A malicious website may exfiltrate audio data cross-origin.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23254",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-08T15:22:13.972787Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-04T17:21:36.617Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:25:57.514Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214087"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214086"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214081"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214089"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214084"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214088"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/20"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/25"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/24"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/26"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
              },
              {
                "url": "https://support.apple.com/kb/HT214089"
              },
              {
                "url": "https://support.apple.com/kb/HT214087"
              },
              {
                "url": "https://support.apple.com/kb/HT214084"
              },
              {
                "url": "https://support.apple.com/kb/HT214081"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Safari",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "1.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "10.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved UI handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. A malicious website may exfiltrate audio data cross-origin."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "A malicious website may exfiltrate audio data cross-origin",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:23:44.403Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/120881"
            },
            {
              "url": "https://support.apple.com/en-us/120882"
            },
            {
              "url": "https://support.apple.com/en-us/120883"
            },
            {
              "url": "https://support.apple.com/en-us/120893"
            },
            {
              "url": "https://support.apple.com/en-us/120894"
            },
            {
              "url": "https://support.apple.com/en-us/120895"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-23254",
        "datePublished": "2024-03-08T01:36:07.243Z",
        "dateReserved": "2024-01-12T22:22:21.487Z",
        "dateUpdated": "2026-04-02T18:23:44.403Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-42843 (GCVE-0-2023-42843)

    Vulnerability from nvd – Published: 2024-02-21 06:41 – Updated: 2025-02-13 17:09
    VLAI
    Summary
    An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Visiting a malicious website may lead to address bar spoofing
    • CWE-290 - Authentication Bypass by Spoofing
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: unspecified , < 16.7 (custom)
    Create a notification for this product.
    Apple Safari Affected: unspecified , < 17.1 (custom)
    Create a notification for this product.
    Apple macOS Affected: unspecified , < 14.1 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: unspecified , < 17.1 (custom)
    Create a notification for this product.
    apple ios_and_ipados Affected: 0 , < 16.7 (custom)
    Affected: 0 , < 17.1 (custom)
        cpe:2.3:o:apple:ios_and_ipados:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple safari Affected: 0 , < 17.1 (custom)
        cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple macos Affected: 0 , < 14.1 (custom)
        cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:apple:ios_and_ipados:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ios_and_ipados",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "16.7",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "safari",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "macos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "14.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42843",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-04T16:39:32.031098Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-290",
                    "description": "CWE-290 Authentication Bypass by Spoofing",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-04T16:45:42.480Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:30:24.570Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT213981"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT213986"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT213984"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT213982"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "16.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Safari",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Visiting a malicious website may lead to address bar spoofing",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-07T06:06:12.839Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/HT213981"
            },
            {
              "url": "https://support.apple.com/en-us/HT213986"
            },
            {
              "url": "https://support.apple.com/en-us/HT213984"
            },
            {
              "url": "https://support.apple.com/en-us/HT213982"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2023-42843",
        "datePublished": "2024-02-21T06:41:27.506Z",
        "dateReserved": "2023-09-14T19:05:11.449Z",
        "dateUpdated": "2025-02-13T17:09:48.003Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-40397 (GCVE-0-2023-40397)

    Vulnerability from nvd – Published: 2023-09-06 20:48 – Updated: 2025-02-13 17:07
    VLAI
    Summary
    The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution.
    Severity
    No CVSS data available.
    CWE
    • A remote attacker may be able to cause arbitrary javascript code execution
    Assigner
    Impacted products
    Vendor Product Version
    Apple macOS Affected: unspecified , < 13.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:31:53.770Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT213843"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202401-04"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "13.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "A remote attacker may be able to cause arbitrary javascript code execution",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-05T14:06:45.711Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/HT213843"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
            },
            {
              "url": "https://security.gentoo.org/glsa/202401-04"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2023-40397",
        "datePublished": "2023-09-06T20:48:06.383Z",
        "dateReserved": "2023-08-14T20:26:36.254Z",
        "dateUpdated": "2025-02-13T17:07:51.524Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32370 (GCVE-0-2023-32370)

    Vulnerability from nvd – Published: 2023-09-06 01:36 – Updated: 2025-02-13 16:50
    VLAI
    Summary
    A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. Content Security Policy to block domains with wildcards may fail.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Content Security Policy to block domains with wildcards may fail
    Assigner
    Impacted products
    Vendor Product Version
    Apple macOS Affected: unspecified , < 13.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:10:24.917Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT213670"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202401-04"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32370",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-30T18:17:38.085978Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-30T18:17:49.178Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "13.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. Content Security Policy to block domains with wildcards may fail."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Content Security Policy to block domains with wildcards may fail",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-05T14:06:38.307Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/HT213670"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
            },
            {
              "url": "https://security.gentoo.org/glsa/202401-04"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2023-32370",
        "datePublished": "2023-09-06T01:36:31.884Z",
        "dateReserved": "2023-05-08T22:31:41.818Z",
        "dateUpdated": "2025-02-13T16:50:38.290Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28198 (GCVE-0-2023-28198)

    Vulnerability from nvd – Published: 2023-08-14 22:40 – Updated: 2025-02-13 16:48
    VLAI
    Summary
    A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.
    Severity
    No CVSS data available.
    CWE
    • Processing web content may lead to arbitrary code execution
    Assigner
    Impacted products
    Vendor Product Version
    Apple macOS Affected: unspecified , < 13.3 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: unspecified , < 16.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:30:24.616Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT213670"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT213676"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202401-04"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "13.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "16.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing web content may lead to arbitrary code execution",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-05T14:06:22.923Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/HT213670"
            },
            {
              "url": "https://support.apple.com/en-us/HT213676"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
            },
            {
              "url": "https://security.gentoo.org/glsa/202401-04"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2023-28198",
        "datePublished": "2023-08-14T22:40:37.966Z",
        "dateReserved": "2023-03-13T18:37:25.757Z",
        "dateUpdated": "2025-02-13T16:48:32.183Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-8720 (GCVE-0-2019-8720)

    Vulnerability from nvd – Published: 2023-03-06 00:00 – Updated: 2025-10-21 23:15
    VLAI CISA KEVIntel
    Summary
    A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-119
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    Impacted products
    Vendor Product Version
    n/a webkitgtk Affected: Fixed in webkitgtk 2.26.0
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T21:24:29.610Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1876611"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://webkitgtk.org/security/WSA-2019-0005.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-8720",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T21:22:50.417013Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-05-23",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-8720"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-119",
                    "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:15:24.508Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-8720"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-05-23T00:00:00.000Z",
                "value": "CVE-2019-8720 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "webkitgtk",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in webkitgtk 2.26.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "CWE-119",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-06T00:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1876611"
            },
            {
              "url": "https://webkitgtk.org/security/WSA-2019-0005.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2019-8720",
        "datePublished": "2023-03-06T00:00:00.000Z",
        "dateReserved": "2019-02-18T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:15:24.508Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32893 (GCVE-0-2022-32893)

    Vulnerability from nvd – Published: 2022-08-24 00:00 – Updated: 2025-10-21 23:15
    VLAI CISA KEVIntel
    Summary
    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    Apple Safari Affected: unspecified , < 15.6 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: unspecified , < 15.6 (custom)
    Create a notification for this product.
    Apple macOS Affected: unspecified , < 12.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:54:03.184Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT213414"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT213412"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT213413"
              },
              {
                "name": "[oss-security] 20220825 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/08/25/5"
              },
              {
                "name": "[oss-security] 20220826 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/08/26/2"
              },
              {
                "name": "FEDORA-2022-eada5f24a0",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SETAAXEPGNBMYKTUDFEZHS5LGSQ64QL/"
              },
              {
                "name": "DSA-5220",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5220"
              },
              {
                "name": "DSA-5219",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5219"
              },
              {
                "name": "[oss-security] 20220829 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/08/29/1"
              },
              {
                "name": "[oss-security] 20220829 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/08/29/2"
              },
              {
                "name": "[debian-lts-announce] 20220830 [SECURITY] [DLA 3087-1] webkit2gtk security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00019.html"
              },
              {
                "name": "GLSA-202208-39",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202208-39"
              },
              {
                "name": "20220831 APPLE-SA-2022-08-31-1 iOS 12.5.6",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Aug/16"
              },
              {
                "name": "[oss-security] 20220902 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/09/02/10"
              },
              {
                "name": "FEDORA-2022-ddfeee50c9",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKJGV2EXVMYQW3OAJNI4WUTKKVMD2YYK/"
              },
              {
                "name": "[oss-security] 20220913 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/09/13/1"
              },
              {
                "name": "20221030 APPLE-SA-2022-10-27-13 watchOS 9",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Oct/49"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-32893",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-29T16:26:40.933813Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-08-18",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-32893"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:15:36.579Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-32893"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-08-18T00:00:00.000Z",
                "value": "CVE-2022-32893 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Safari",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "15.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "15.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-30T00:00:00.000Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/HT213414"
            },
            {
              "url": "https://support.apple.com/en-us/HT213412"
            },
            {
              "url": "https://support.apple.com/en-us/HT213413"
            },
            {
              "name": "[oss-security] 20220825 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/08/25/5"
            },
            {
              "name": "[oss-security] 20220826 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/08/26/2"
            },
            {
              "name": "FEDORA-2022-eada5f24a0",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SETAAXEPGNBMYKTUDFEZHS5LGSQ64QL/"
            },
            {
              "name": "DSA-5220",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5220"
            },
            {
              "name": "DSA-5219",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5219"
            },
            {
              "name": "[oss-security] 20220829 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/08/29/1"
            },
            {
              "name": "[oss-security] 20220829 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/08/29/2"
            },
            {
              "name": "[debian-lts-announce] 20220830 [SECURITY] [DLA 3087-1] webkit2gtk security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00019.html"
            },
            {
              "name": "GLSA-202208-39",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202208-39"
            },
            {
              "name": "20220831 APPLE-SA-2022-08-31-1 iOS 12.5.6",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Aug/16"
            },
            {
              "name": "[oss-security] 20220902 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/09/02/10"
            },
            {
              "name": "FEDORA-2022-ddfeee50c9",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKJGV2EXVMYQW3OAJNI4WUTKKVMD2YYK/"
            },
            {
              "name": "[oss-security] 20220913 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/09/13/1"
            },
            {
              "name": "20221030 APPLE-SA-2022-10-27-13 watchOS 9",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Oct/49"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2022-32893",
        "datePublished": "2022-08-24T00:00:00.000Z",
        "dateReserved": "2022-06-09T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:15:36.579Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-43343 (GCVE-0-2025-43343)

    Vulnerability from cvelistv5 – Published: 2025-09-15 22:35 – Updated: 2026-04-02 18:21
    VLAI
    Summary
    The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Processing maliciously crafted web content may lead to an unexpected process crash
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-43343",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-16T13:36:38.705148Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-119",
                    "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-16T17:24:21.978Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-12-17T14:48:14.043Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2025/Sep/57"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Sep/53"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Sep/59"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Sep/49"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/10/13/4"
              },
              {
                "url": "https://access.redhat.com/errata/RHSA-2025:19946"
              },
              {
                "url": "https://ubuntu.com/security/CVE-2025-43343"
              },
              {
                "url": "https://security-tracker.debian.org/tracker/CVE-2025-43343"
              },
              {
                "url": "https://webkitgtk.org/security/WSA-2025-0007.html"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Safari",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing maliciously crafted web content may lead to an unexpected process crash",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:21:37.147Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/125108"
            },
            {
              "url": "https://support.apple.com/en-us/125110"
            },
            {
              "url": "https://support.apple.com/en-us/125113"
            },
            {
              "url": "https://support.apple.com/en-us/125114"
            },
            {
              "url": "https://support.apple.com/en-us/125115"
            },
            {
              "url": "https://support.apple.com/en-us/125116"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2025-43343",
        "datePublished": "2025-09-15T22:35:30.400Z",
        "dateReserved": "2025-04-16T15:24:37.110Z",
        "dateUpdated": "2026-04-02T18:21:37.147Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-43342 (GCVE-0-2025-43342)

    Vulnerability from cvelistv5 – Published: 2025-09-15 22:35 – Updated: 2026-04-02 18:18
    VLAI
    Summary
    A correctness issue was addressed with improved checks. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Processing maliciously crafted web content may lead to an unexpected process crash
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Apple Safari Affected: 0 , < 26 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: 0 , < 18.7 (custom)
    Affected: 0 , < 26 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 26 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 26 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 26 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 26 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-43342",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-16T13:38:38.852885Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20 Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-16T17:25:29.262Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T21:10:40.303Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2025/Sep/57"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Sep/53"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Sep/59"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Sep/49"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/09/22/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Safari",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "18.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A correctness issue was addressed with improved checks. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing maliciously crafted web content may lead to an unexpected process crash",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:18:35.046Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/125108"
            },
            {
              "url": "https://support.apple.com/en-us/125109"
            },
            {
              "url": "https://support.apple.com/en-us/125110"
            },
            {
              "url": "https://support.apple.com/en-us/125113"
            },
            {
              "url": "https://support.apple.com/en-us/125114"
            },
            {
              "url": "https://support.apple.com/en-us/125115"
            },
            {
              "url": "https://support.apple.com/en-us/125116"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2025-43342",
        "datePublished": "2025-09-15T22:35:12.163Z",
        "dateReserved": "2025-04-16T15:24:37.110Z",
        "dateUpdated": "2026-04-02T18:18:35.046Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-31277 (GCVE-0-2025-31277)

    Vulnerability from cvelistv5 – Published: 2025-07-29 23:29 – Updated: 2026-06-30 03:16
    VLAI CISA KEVIntel
    Summary
    The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Processing maliciously crafted web content may lead to memory corruption
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    References
    URL Tags
    https://support.apple.com/en-us/124147
    https://support.apple.com/en-us/124149
    https://support.apple.com/en-us/124152
    https://support.apple.com/en-us/124153
    https://support.apple.com/en-us/124154
    https://support.apple.com/en-us/124155
    https://cloud.google.com/blog/topics/threat-intel… third-party-advisory
    https://www.cisa.gov/known-exploited-vulnerabilit… government-resource
    http://seclists.org/fulldisclosure/2025/Aug/0
    http://seclists.org/fulldisclosure/2025/Jul/36
    http://seclists.org/fulldisclosure/2025/Jul/32
    http://seclists.org/fulldisclosure/2025/Jul/30
    https://access.redhat.com/security/cve/CVE-2025-31277 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2448780 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2025:19352 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:17802 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19157 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19165 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:19109 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:17807 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:17643 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:17743 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:17741 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2025:18097 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Apple Safari Affected: 0 , < 18.6 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: 0 , < 18.6 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 15.6 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 18.6 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 2.6 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 11.6 (custom)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server (v. 7 ELS)     cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux Server Optional (v. 7 ELS)     cpe:/o:redhat:rhel_els:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v. 8.2)     cpe:/a:redhat:rhel_aus:8.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.4)     cpe:/a:redhat:rhel_aus:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)     cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream AUS (v.8.6)     cpe:/a:redhat:rhel_aus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.6)     cpe:/a:redhat:rhel_e4s:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.6)     cpe:/a:redhat:rhel_tus:8.6::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.8.8)     cpe:/a:redhat:rhel_e4s:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream TUS (v.8.8)     cpe:/a:redhat:rhel_tus:8.8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.0)     cpe:/a:redhat:rhel_e4s:9.0::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream E4S (v.9.2)     cpe:/a:redhat:rhel_e4s:9.2::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream EUS (v.9.4)     cpe:/a:redhat:rhel_eus:9.4::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-31277",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-31T03:56:01.249253Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-31277",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-21T04:00:59.438579Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-03-20",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31277"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-119",
                    "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-23T13:14:07.203Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "third-party-advisory"
                ],
                "url": "https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain/"
              },
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31277"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:52:50.809Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2025/Aug/0"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/36"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/32"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/30"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:rhel_els:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.2::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_aus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.6::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_tus:8.8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.0::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_e4s:9.2::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhel_eus:9.4::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-03-18T00:00:00.000Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in WebKitGTK. Processing malicious web content can cause memory corruption due to improper memory handling."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-120",
                    "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T03:16:57.786Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2025-31277"
              },
              {
                "name": "RHBZ#2448780",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448780"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31277.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2025:19352"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2025:17802"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2025:19157"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2025:19165"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2025:19109"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2025:17807"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2025:17643"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2025:17743"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2025:17741"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2025:18097"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2025:19352: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)"
              },
              {
                "lang": "en",
                "value": "RHSA-2025:17802: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2025:19157: Red Hat Enterprise Linux AppStream AUS (v. 8.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2025:19165: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2025:19109: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
              },
              {
                "lang": "en",
                "value": "RHSA-2025:17807: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2025:17643: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
              },
              {
                "lang": "en",
                "value": "RHSA-2025:17743: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
              },
              {
                "lang": "en",
                "value": "RHSA-2025:17741: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
              },
              {
                "lang": "en",
                "value": "RHSA-2025:18097: Red Hat Enterprise Linux AppStream (v. 9)"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-03-18T20:06:11.785Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-03-18T00:00:00.000Z",
                "value": "Made public."
              }
            ],
            "title": "webkitgtk: Processing maliciously crafted web content may lead to memory corruption",
            "workarounds": [
              {
                "lang": "en",
                "value": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Safari",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "18.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "18.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "15.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "18.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "2.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "11.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing maliciously crafted web content may lead to memory corruption",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:27:12.615Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/124147"
            },
            {
              "url": "https://support.apple.com/en-us/124149"
            },
            {
              "url": "https://support.apple.com/en-us/124152"
            },
            {
              "url": "https://support.apple.com/en-us/124153"
            },
            {
              "url": "https://support.apple.com/en-us/124154"
            },
            {
              "url": "https://support.apple.com/en-us/124155"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2025-31277",
        "datePublished": "2025-07-29T23:29:31.341Z",
        "dateReserved": "2025-03-27T16:13:58.344Z",
        "dateUpdated": "2026-06-30T03:16:57.786Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-6558 (GCVE-0-2025-6558)

    Vulnerability from cvelistv5 – Published: 2025-07-15 18:12 – Updated: 2026-02-26 17:50
    VLAI CISA KEVIntel
    Summary
    Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Insufficient validation of untrusted input
    Assigner
    Impacted products
    Vendor Product Version
    Google Chrome Affected: 138.0.7204.157 , < 138.0.7204.157 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6558",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-22T03:55:29.491017Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2025-07-22",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6558"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:50:40.914Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6558"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2025-07-22T00:00:00.000Z",
                "value": "CVE-2025-6558 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T21:14:50.202Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Aug/0"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/37"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/35"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/32"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2025/Jul/30"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/08/02/1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Chrome",
              "vendor": "Google",
              "versions": [
                {
                  "lessThan": "138.0.7204.157",
                  "status": "affected",
                  "version": "138.0.7204.157",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "Insufficient validation of untrusted input",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-15T18:12:36.848Z",
            "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
            "shortName": "Chrome"
          },
          "references": [
            {
              "url": "https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html"
            },
            {
              "url": "https://issues.chromium.org/issues/427162086"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "assignerShortName": "Chrome",
        "cveId": "CVE-2025-6558",
        "datePublished": "2025-07-15T18:12:36.848Z",
        "dateReserved": "2025-06-23T22:30:38.590Z",
        "dateUpdated": "2026-02-26T17:50:40.914Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-27834 (GCVE-0-2024-27834)

    Vulnerability from cvelistv5 – Published: 2024-05-13 23:00 – Updated: 2026-04-02 18:15
    VLAI
    Summary
    The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, watchOS 10.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication
    • CWE-277 - Insecure Inherited Permissions
    Assigner
    Impacted products
    Vendor Product Version
    Apple Safari Affected: 0 , < 17.5 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: 0 , < 16.7.8 (custom)
    Affected: 0 , < 17.5 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 14.5 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 17.5 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 10.5 (custom)
    Create a notification for this product.
    apple ipad_os Affected: 0 , < 17.5 (custom)
        cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*
    Create a notification for this product.
    apple macos Affected: 0 , < 14.5 (custom)
        cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
    Create a notification for this product.
    apple tvos Affected: 0 , < 17.5 (custom)
        cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*
    Create a notification for this product.
    apple watchos Affected: 0 , < 10.5 (custom)
        cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple iphone_os Affected: 0 , < 17.5 (custom)
        cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ipad_os",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "macos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "14.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "tvos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "watchos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "10.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "iphone_os",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-27834",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-16T04:00:11.988391Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-277",
                    "description": "CWE-277 Insecure Inherited Permissions",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-06T15:23:00.293Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T17:18:39.702Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214101"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214106"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214104"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214103"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214102"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/May/17"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/05/21/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/May/10"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/May/9"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/May/12"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/May/16"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WKIXADCW3O4R2OOSDZGPU55XQFE6NA3M/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADCLQW54XN37VJZNYD3UKCYATJFIMYXG/"
              },
              {
                "url": "https://support.apple.com/kb/HT214106"
              },
              {
                "url": "https://support.apple.com/kb/HT214104"
              },
              {
                "url": "https://support.apple.com/kb/HT214102"
              },
              {
                "url": "https://support.apple.com/kb/HT214100"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Safari",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "16.7.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "17.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "10.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, watchOS 10.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:15:05.001Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/120896"
            },
            {
              "url": "https://support.apple.com/en-us/120898"
            },
            {
              "url": "https://support.apple.com/en-us/120901"
            },
            {
              "url": "https://support.apple.com/en-us/120902"
            },
            {
              "url": "https://support.apple.com/en-us/120903"
            },
            {
              "url": "https://support.apple.com/en-us/120905"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-27834",
        "datePublished": "2024-05-13T23:00:50.836Z",
        "dateReserved": "2024-02-26T15:32:28.527Z",
        "dateUpdated": "2026-04-02T18:15:05.001Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-23263 (GCVE-0-2024-23263)

    Vulnerability from cvelistv5 – Published: 2024-03-08 01:36 – Updated: 2026-04-02 18:26
    VLAI
    Summary
    A logic issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Processing maliciously crafted web content may prevent Content Security Policy from being enforced
    • CWE-20 - Improper Input Validation
    Assigner
    References
    URL Tags
    https://support.apple.com/en-us/120880
    https://support.apple.com/en-us/120881
    https://support.apple.com/en-us/120882
    https://support.apple.com/en-us/120883
    https://support.apple.com/en-us/120893
    https://support.apple.com/en-us/120894
    https://support.apple.com/en-us/120895
    https://support.apple.com/en-us/HT214087 x_transferred
    https://support.apple.com/en-us/HT214086 x_transferred
    https://support.apple.com/en-us/HT214081 x_transferred
    https://support.apple.com/en-us/HT214082 x_transferred
    https://support.apple.com/en-us/HT214089 x_transferred
    https://support.apple.com/en-us/HT214084 x_transferred
    https://support.apple.com/en-us/HT214088 x_transferred
    http://seclists.org/fulldisclosure/2024/Mar/20 x_transferred
    http://seclists.org/fulldisclosure/2024/Mar/21 x_transferred
    http://seclists.org/fulldisclosure/2024/Mar/25 x_transferred
    http://seclists.org/fulldisclosure/2024/Mar/24 x_transferred
    http://seclists.org/fulldisclosure/2024/Mar/26 x_transferred
    https://lists.fedoraproject.org/archives/list/pac… x_transferred
    https://lists.fedoraproject.org/archives/list/pac… x_transferred
    https://lists.fedoraproject.org/archives/list/pac… x_transferred
    http://www.openwall.com/lists/oss-security/2024/03/26/1 x_transferred
    https://lists.fedoraproject.org/archives/list/pac… x_transferred
    https://support.apple.com/kb/HT214089
    https://support.apple.com/kb/HT214087
    https://support.apple.com/kb/HT214084
    https://support.apple.com/kb/HT214082
    https://support.apple.com/kb/HT214081
    Impacted products
    Vendor Product Version
    Apple Safari Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: 0 , < 16.7.6 (custom)
    Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 14.4 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 1.1 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 10.4 (custom)
    Create a notification for this product.
    apple visionos Affected: 0 , < 1.1 (semver)
        cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*
    Create a notification for this product.
    apple tvos Affected: 0 , < 17.4 (semver)
        cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*
    Create a notification for this product.
    apple iphone_os Affected: 16.7 , < 16.7.6 (semver)
        cpe:2.3:o:apple:iphone_os:16.7:*:*:*:*:*:*:*
    Create a notification for this product.
    apple ipad_os Affected: 16.7 , < 16.7.6 (semver)
        cpe:2.3:o:apple:ipad_os:16.7:*:*:*:*:*:*:*
    Create a notification for this product.
    apple iphone_os Affected: 17.0 , < 17.4 (semver)
        cpe:2.3:o:apple:iphone_os:17.0:*:*:*:*:*:*:*
    Create a notification for this product.
    apple ipad_os Affected: 17.0 , < 17.4 (semver)
        cpe:2.3:o:apple:ipad_os:17.0:*:*:*:*:*:*:*
    Create a notification for this product.
    apple macos Affected: 14.0 , < 14.4 (semver)
        cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*
    Create a notification for this product.
    apple watchos Affected: 0 , < 10.4 (semver)
        cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
    Create a notification for this product.
    webkitgtk webkitgtk Affected: 0 , < 2.45.2 (semver)
        cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple safari Affected: 0 , < 17.4 (semver)
        cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "visionos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "1.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "tvos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:iphone_os:16.7:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "iphone_os",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "16.7.6",
                    "status": "affected",
                    "version": "16.7",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:ipad_os:16.7:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "ipad_os",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "16.7.6",
                    "status": "affected",
                    "version": "16.7",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:iphone_os:17.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "iphone_os",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "17.0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:ipad_os:17.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "ipad_os",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "17.0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "macos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "14.4",
                    "status": "affected",
                    "version": "14.0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "watchos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "10.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "webkitgtk",
                "vendor": "webkitgtk",
                "versions": [
                  {
                    "lessThan": "2.45.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "safari",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23263",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-18T04:00:44.910447Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-20",
                    "description": "CWE-20 Improper Input Validation",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-06T14:06:07.414Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:26:26.256Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214087"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214086"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214081"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214082"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214089"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214084"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214088"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/20"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/25"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/24"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/26"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
              },
              {
                "url": "https://support.apple.com/kb/HT214089"
              },
              {
                "url": "https://support.apple.com/kb/HT214087"
              },
              {
                "url": "https://support.apple.com/kb/HT214084"
              },
              {
                "url": "https://support.apple.com/kb/HT214082"
              },
              {
                "url": "https://support.apple.com/kb/HT214081"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Safari",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "16.7.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "1.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "10.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A logic issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing maliciously crafted web content may prevent Content Security Policy from being enforced",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:26:35.629Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/120880"
            },
            {
              "url": "https://support.apple.com/en-us/120881"
            },
            {
              "url": "https://support.apple.com/en-us/120882"
            },
            {
              "url": "https://support.apple.com/en-us/120883"
            },
            {
              "url": "https://support.apple.com/en-us/120893"
            },
            {
              "url": "https://support.apple.com/en-us/120894"
            },
            {
              "url": "https://support.apple.com/en-us/120895"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-23263",
        "datePublished": "2024-03-08T01:36:19.295Z",
        "dateReserved": "2024-01-12T22:22:21.490Z",
        "dateUpdated": "2026-04-02T18:26:35.629Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-23280 (GCVE-0-2024-23280)

    Vulnerability from cvelistv5 – Published: 2024-03-08 01:36 – Updated: 2026-04-02 18:25
    VLAI
    Summary
    An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A maliciously crafted webpage may be able to fingerprint the user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Apple Safari Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 14.4 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 10.4 (custom)
    Create a notification for this product.
    apple tvos Affected: 0 , < 17.4 (custom)
        cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple ios Affected: 0 , < 17.4 (custom)
        cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple ipados Affected: 0 , < 17.4 (custom)
        cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple safari Affected: 0 , < 17.4 (custom)
        cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple macos Affected: 0 , < 17.4 (custom)
        cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple watchos Affected: 0 , < 17.4 (custom)
        cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:27:35.598Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214086"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214081"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214089"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214084"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214088"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/20"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/25"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/24"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
              },
              {
                "url": "https://support.apple.com/kb/HT214089"
              },
              {
                "url": "https://support.apple.com/kb/HT214086"
              },
              {
                "url": "https://support.apple.com/kb/HT214084"
              },
              {
                "url": "https://support.apple.com/kb/HT214081"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "tvos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ios",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ipados",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "safari",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "macos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "watchos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23280",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-28T20:33:30.944280Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-31T16:45:41.969Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Safari",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "10.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A maliciously crafted webpage may be able to fingerprint the user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "A maliciously crafted webpage may be able to fingerprint the user",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:25:29.626Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/120881"
            },
            {
              "url": "https://support.apple.com/en-us/120882"
            },
            {
              "url": "https://support.apple.com/en-us/120893"
            },
            {
              "url": "https://support.apple.com/en-us/120894"
            },
            {
              "url": "https://support.apple.com/en-us/120895"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-23280",
        "datePublished": "2024-03-08T01:36:14.625Z",
        "dateReserved": "2024-01-12T22:22:21.499Z",
        "dateUpdated": "2026-04-02T18:25:29.626Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-23254 (GCVE-0-2024-23254)

    Vulnerability from cvelistv5 – Published: 2024-03-08 01:36 – Updated: 2026-04-02 18:23
    VLAI
    Summary
    The issue was addressed with improved UI handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. A malicious website may exfiltrate audio data cross-origin.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23254",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-08T15:22:13.972787Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-04T17:21:36.617Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:25:57.514Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214087"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214086"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214081"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214089"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214084"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214088"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/20"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/25"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/24"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/26"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
              },
              {
                "url": "https://support.apple.com/kb/HT214089"
              },
              {
                "url": "https://support.apple.com/kb/HT214087"
              },
              {
                "url": "https://support.apple.com/kb/HT214084"
              },
              {
                "url": "https://support.apple.com/kb/HT214081"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Safari",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "1.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "10.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved UI handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. A malicious website may exfiltrate audio data cross-origin."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "A malicious website may exfiltrate audio data cross-origin",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:23:44.403Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/120881"
            },
            {
              "url": "https://support.apple.com/en-us/120882"
            },
            {
              "url": "https://support.apple.com/en-us/120883"
            },
            {
              "url": "https://support.apple.com/en-us/120893"
            },
            {
              "url": "https://support.apple.com/en-us/120894"
            },
            {
              "url": "https://support.apple.com/en-us/120895"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-23254",
        "datePublished": "2024-03-08T01:36:07.243Z",
        "dateReserved": "2024-01-12T22:22:21.487Z",
        "dateUpdated": "2026-04-02T18:23:44.403Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-23284 (GCVE-0-2024-23284)

    Vulnerability from cvelistv5 – Published: 2024-03-08 01:35 – Updated: 2026-04-02 18:17
    VLAI
    Summary
    A logic issue was addressed with improved state management. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Processing maliciously crafted web content may prevent Content Security Policy from being enforced
    • CWE-693 - Protection Mechanism Failure
    Assigner
    References
    URL Tags
    https://support.apple.com/en-us/120880
    https://support.apple.com/en-us/120881
    https://support.apple.com/en-us/120882
    https://support.apple.com/en-us/120883
    https://support.apple.com/en-us/120893
    https://support.apple.com/en-us/120894
    https://support.apple.com/en-us/120895
    https://support.apple.com/en-us/HT214087 x_transferred
    https://support.apple.com/en-us/HT214086 x_transferred
    https://support.apple.com/en-us/HT214081 x_transferred
    https://support.apple.com/en-us/HT214082 x_transferred
    https://support.apple.com/en-us/HT214089 x_transferred
    https://support.apple.com/en-us/HT214084 x_transferred
    https://support.apple.com/en-us/HT214088 x_transferred
    http://seclists.org/fulldisclosure/2024/Mar/20 x_transferred
    http://seclists.org/fulldisclosure/2024/Mar/21 x_transferred
    http://seclists.org/fulldisclosure/2024/Mar/25 x_transferred
    http://seclists.org/fulldisclosure/2024/Mar/24 x_transferred
    http://seclists.org/fulldisclosure/2024/Mar/26 x_transferred
    https://lists.fedoraproject.org/archives/list/pac… x_transferred
    https://lists.fedoraproject.org/archives/list/pac… x_transferred
    https://lists.fedoraproject.org/archives/list/pac… x_transferred
    http://www.openwall.com/lists/oss-security/2024/03/26/1 x_transferred
    https://lists.fedoraproject.org/archives/list/pac… x_transferred
    https://support.apple.com/kb/HT214089
    https://support.apple.com/kb/HT214087
    https://support.apple.com/kb/HT214084
    https://support.apple.com/kb/HT214082
    https://support.apple.com/kb/HT214081
    Impacted products
    Vendor Product Version
    Apple Safari Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: 0 , < 16.7.6 (custom)
    Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple macOS Affected: 0 , < 14.4 (custom)
    Create a notification for this product.
    Apple tvOS Affected: 0 , < 17.4 (custom)
    Create a notification for this product.
    Apple visionOS Affected: 0 , < 1.1 (custom)
    Create a notification for this product.
    Apple watchOS Affected: 0 , < 10.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T18:27:47.552Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214087"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214086"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214081"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214082"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214089"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214084"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT214088"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/20"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/25"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/24"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2024/Mar/26"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
              },
              {
                "url": "https://support.apple.com/kb/HT214089"
              },
              {
                "url": "https://support.apple.com/kb/HT214087"
              },
              {
                "url": "https://support.apple.com/kb/HT214084"
              },
              {
                "url": "https://support.apple.com/kb/HT214082"
              },
              {
                "url": "https://support.apple.com/kb/HT214081"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23284",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-07T04:00:29.525435Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-693",
                    "description": "CWE-693 Protection Mechanism Failure",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-28T20:45:42.133Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Safari",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "16.7.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "tvOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "visionOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "1.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "watchOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "10.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A logic issue was addressed with improved state management. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing maliciously crafted web content may prevent Content Security Policy from being enforced",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T18:17:06.626Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/120880"
            },
            {
              "url": "https://support.apple.com/en-us/120881"
            },
            {
              "url": "https://support.apple.com/en-us/120882"
            },
            {
              "url": "https://support.apple.com/en-us/120883"
            },
            {
              "url": "https://support.apple.com/en-us/120893"
            },
            {
              "url": "https://support.apple.com/en-us/120894"
            },
            {
              "url": "https://support.apple.com/en-us/120895"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2024-23284",
        "datePublished": "2024-03-08T01:35:43.782Z",
        "dateReserved": "2024-01-12T22:22:21.499Z",
        "dateUpdated": "2026-04-02T18:17:06.626Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-42843 (GCVE-0-2023-42843)

    Vulnerability from cvelistv5 – Published: 2024-02-21 06:41 – Updated: 2025-02-13 17:09
    VLAI
    Summary
    An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Visiting a malicious website may lead to address bar spoofing
    • CWE-290 - Authentication Bypass by Spoofing
    Assigner
    Impacted products
    Vendor Product Version
    Apple iOS and iPadOS Affected: unspecified , < 16.7 (custom)
    Create a notification for this product.
    Apple Safari Affected: unspecified , < 17.1 (custom)
    Create a notification for this product.
    Apple macOS Affected: unspecified , < 14.1 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: unspecified , < 17.1 (custom)
    Create a notification for this product.
    apple ios_and_ipados Affected: 0 , < 16.7 (custom)
    Affected: 0 , < 17.1 (custom)
        cpe:2.3:o:apple:ios_and_ipados:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple safari Affected: 0 , < 17.1 (custom)
        cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
    Create a notification for this product.
    apple macos Affected: 0 , < 14.1 (custom)
        cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:apple:ios_and_ipados:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ios_and_ipados",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "16.7",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "safari",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "17.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "macos",
                "vendor": "apple",
                "versions": [
                  {
                    "lessThan": "14.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-42843",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-04T16:39:32.031098Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-290",
                    "description": "CWE-290 Authentication Bypass by Spoofing",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-04T16:45:42.480Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:30:24.570Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT213981"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT213986"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT213984"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT213982"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "16.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Safari",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "14.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "17.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Visiting a malicious website may lead to address bar spoofing",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-07T06:06:12.839Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/HT213981"
            },
            {
              "url": "https://support.apple.com/en-us/HT213986"
            },
            {
              "url": "https://support.apple.com/en-us/HT213984"
            },
            {
              "url": "https://support.apple.com/en-us/HT213982"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
            },
            {
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2023-42843",
        "datePublished": "2024-02-21T06:41:27.506Z",
        "dateReserved": "2023-09-14T19:05:11.449Z",
        "dateUpdated": "2025-02-13T17:09:48.003Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-40397 (GCVE-0-2023-40397)

    Vulnerability from cvelistv5 – Published: 2023-09-06 20:48 – Updated: 2025-02-13 17:07
    VLAI
    Summary
    The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution.
    Severity
    No CVSS data available.
    CWE
    • A remote attacker may be able to cause arbitrary javascript code execution
    Assigner
    Impacted products
    Vendor Product Version
    Apple macOS Affected: unspecified , < 13.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:31:53.770Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT213843"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202401-04"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "13.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "A remote attacker may be able to cause arbitrary javascript code execution",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-05T14:06:45.711Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/HT213843"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
            },
            {
              "url": "https://security.gentoo.org/glsa/202401-04"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2023-40397",
        "datePublished": "2023-09-06T20:48:06.383Z",
        "dateReserved": "2023-08-14T20:26:36.254Z",
        "dateUpdated": "2025-02-13T17:07:51.524Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32370 (GCVE-0-2023-32370)

    Vulnerability from cvelistv5 – Published: 2023-09-06 01:36 – Updated: 2025-02-13 16:50
    VLAI
    Summary
    A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. Content Security Policy to block domains with wildcards may fail.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Content Security Policy to block domains with wildcards may fail
    Assigner
    Impacted products
    Vendor Product Version
    Apple macOS Affected: unspecified , < 13.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:10:24.917Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT213670"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202401-04"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32370",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-30T18:17:38.085978Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-30T18:17:49.178Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "13.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. Content Security Policy to block domains with wildcards may fail."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Content Security Policy to block domains with wildcards may fail",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-05T14:06:38.307Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/HT213670"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
            },
            {
              "url": "https://security.gentoo.org/glsa/202401-04"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2023-32370",
        "datePublished": "2023-09-06T01:36:31.884Z",
        "dateReserved": "2023-05-08T22:31:41.818Z",
        "dateUpdated": "2025-02-13T16:50:38.290Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28198 (GCVE-0-2023-28198)

    Vulnerability from cvelistv5 – Published: 2023-08-14 22:40 – Updated: 2025-02-13 16:48
    VLAI
    Summary
    A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.
    Severity
    No CVSS data available.
    CWE
    • Processing web content may lead to arbitrary code execution
    Assigner
    Impacted products
    Vendor Product Version
    Apple macOS Affected: unspecified , < 13.3 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: unspecified , < 16.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:30:24.616Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT213670"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT213676"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202401-04"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "13.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "16.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing web content may lead to arbitrary code execution",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-05T14:06:22.923Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/HT213670"
            },
            {
              "url": "https://support.apple.com/en-us/HT213676"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
            },
            {
              "url": "https://security.gentoo.org/glsa/202401-04"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2023-28198",
        "datePublished": "2023-08-14T22:40:37.966Z",
        "dateReserved": "2023-03-13T18:37:25.757Z",
        "dateUpdated": "2025-02-13T16:48:32.183Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-8720 (GCVE-0-2019-8720)

    Vulnerability from cvelistv5 – Published: 2023-03-06 00:00 – Updated: 2025-10-21 23:15
    VLAI CISA KEVIntel
    Summary
    A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-119
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    Impacted products
    Vendor Product Version
    n/a webkitgtk Affected: Fixed in webkitgtk 2.26.0
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T21:24:29.610Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1876611"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://webkitgtk.org/security/WSA-2019-0005.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-8720",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-28T21:22:50.417013Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-05-23",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-8720"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-119",
                    "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:15:24.508Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-8720"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-05-23T00:00:00.000Z",
                "value": "CVE-2019-8720 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "webkitgtk",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed in webkitgtk 2.26.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "CWE-119",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-06T00:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1876611"
            },
            {
              "url": "https://webkitgtk.org/security/WSA-2019-0005.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2019-8720",
        "datePublished": "2023-03-06T00:00:00.000Z",
        "dateReserved": "2019-02-18T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:15:24.508Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-32893 (GCVE-0-2022-32893)

    Vulnerability from cvelistv5 – Published: 2022-08-24 00:00 – Updated: 2025-10-21 23:15
    VLAI CISA KEVIntel
    Summary
    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
    • CWE-787 - Out-of-bounds Write
    Assigner
    Impacted products
    Vendor Product Version
    Apple Safari Affected: unspecified , < 15.6 (custom)
    Create a notification for this product.
    Apple iOS and iPadOS Affected: unspecified , < 15.6 (custom)
    Create a notification for this product.
    Apple macOS Affected: unspecified , < 12.5 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:54:03.184Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT213414"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT213412"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.apple.com/en-us/HT213413"
              },
              {
                "name": "[oss-security] 20220825 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/08/25/5"
              },
              {
                "name": "[oss-security] 20220826 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/08/26/2"
              },
              {
                "name": "FEDORA-2022-eada5f24a0",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SETAAXEPGNBMYKTUDFEZHS5LGSQ64QL/"
              },
              {
                "name": "DSA-5220",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5220"
              },
              {
                "name": "DSA-5219",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2022/dsa-5219"
              },
              {
                "name": "[oss-security] 20220829 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/08/29/1"
              },
              {
                "name": "[oss-security] 20220829 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/08/29/2"
              },
              {
                "name": "[debian-lts-announce] 20220830 [SECURITY] [DLA 3087-1] webkit2gtk security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00019.html"
              },
              {
                "name": "GLSA-202208-39",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202208-39"
              },
              {
                "name": "20220831 APPLE-SA-2022-08-31-1 iOS 12.5.6",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Aug/16"
              },
              {
                "name": "[oss-security] 20220902 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/09/02/10"
              },
              {
                "name": "FEDORA-2022-ddfeee50c9",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKJGV2EXVMYQW3OAJNI4WUTKKVMD2YYK/"
              },
              {
                "name": "[oss-security] 20220913 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/09/13/1"
              },
              {
                "name": "20221030 APPLE-SA-2022-10-27-13 watchOS 9",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Oct/49"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-32893",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-29T16:26:40.933813Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-08-18",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-32893"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:15:36.579Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-32893"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-08-18T00:00:00.000Z",
                "value": "CVE-2022-32893 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Safari",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "15.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iOS and iPadOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "15.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "macOS",
              "vendor": "Apple",
              "versions": [
                {
                  "lessThan": "12.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-30T00:00:00.000Z",
            "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
            "shortName": "apple"
          },
          "references": [
            {
              "url": "https://support.apple.com/en-us/HT213414"
            },
            {
              "url": "https://support.apple.com/en-us/HT213412"
            },
            {
              "url": "https://support.apple.com/en-us/HT213413"
            },
            {
              "name": "[oss-security] 20220825 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/08/25/5"
            },
            {
              "name": "[oss-security] 20220826 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/08/26/2"
            },
            {
              "name": "FEDORA-2022-eada5f24a0",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SETAAXEPGNBMYKTUDFEZHS5LGSQ64QL/"
            },
            {
              "name": "DSA-5220",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5220"
            },
            {
              "name": "DSA-5219",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2022/dsa-5219"
            },
            {
              "name": "[oss-security] 20220829 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/08/29/1"
            },
            {
              "name": "[oss-security] 20220829 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/08/29/2"
            },
            {
              "name": "[debian-lts-announce] 20220830 [SECURITY] [DLA 3087-1] webkit2gtk security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00019.html"
            },
            {
              "name": "GLSA-202208-39",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202208-39"
            },
            {
              "name": "20220831 APPLE-SA-2022-08-31-1 iOS 12.5.6",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Aug/16"
            },
            {
              "name": "[oss-security] 20220902 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/09/02/10"
            },
            {
              "name": "FEDORA-2022-ddfeee50c9",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKJGV2EXVMYQW3OAJNI4WUTKKVMD2YYK/"
            },
            {
              "name": "[oss-security] 20220913 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/09/13/1"
            },
            {
              "name": "20221030 APPLE-SA-2022-10-27-13 watchOS 9",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Oct/49"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "assignerShortName": "apple",
        "cveId": "CVE-2022-32893",
        "datePublished": "2022-08-24T00:00:00.000Z",
        "dateReserved": "2022-06-09T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:15:36.579Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }