Find a vulnerability
Search criteria
51 vulnerabilities by wpewebkit
VAR-202208-1345
Vulnerability from variot - Updated: 2026-03-09 20:54An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. apple's Safari Products from other vendors have out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apple macOS Monterey is the eighteenth major release of Apple's Macintosh desktop operating system, macOS. Apple macOS Monterey versions prior to 12.5.1 have a security vulnerability. The vulnerability is caused by out-of-bounds writing. macOS Monterey 12.5.1. Information about the security content is also available at https://support.apple.com/HT213413.
Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges. WebKit Bugzilla: 243557 CVE-2022-32893: an anonymous researcher
macOS Monterey 12.5.1 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
For the stable distribution (bullseye), this problem has been fixed in version 2.36.7-1~deb11u1.
We recommend that you upgrade your wpewebkit packages. ========================================================================== Ubuntu Security Notice USN-5611-1 September 14, 2022
webkit2gtk vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in WebKitGTK.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: libjavascriptcoregtk-4.0-18 2.36.7-0ubuntu0.22.04.1 libjavascriptcoregtk-4.1-0 2.36.7-0ubuntu0.22.04.1 libwebkit2gtk-4.0-37 2.36.7-0ubuntu0.22.04.1 libwebkit2gtk-4.1-0 2.36.7-0ubuntu0.22.04.1
Ubuntu 20.04 LTS: libjavascriptcoregtk-4.0-18 2.36.7-0ubuntu0.20.04.1 libwebkit2gtk-4.0-37 2.36.7-0ubuntu0.20.04.1
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK, such as Epiphany, to make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-39
https://security.gentoo.org/
Severity: High Title: WebKitGTK+: Multiple Vulnerabilities Date: August 31, 2022 Bugs: #866494, #864427, #856445, #861740, #837305, #845252, #839984, #833568, #832990 ID: 202208-39
Synopsis
Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.36.7 >= 2.36.7
Description
Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All WebKitGTK+ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.36.7"
References
[ 1 ] CVE-2022-2294 https://nvd.nist.gov/vuln/detail/CVE-2022-2294 [ 2 ] CVE-2022-22589 https://nvd.nist.gov/vuln/detail/CVE-2022-22589 [ 3 ] CVE-2022-22590 https://nvd.nist.gov/vuln/detail/CVE-2022-22590 [ 4 ] CVE-2022-22592 https://nvd.nist.gov/vuln/detail/CVE-2022-22592 [ 5 ] CVE-2022-22620 https://nvd.nist.gov/vuln/detail/CVE-2022-22620 [ 6 ] CVE-2022-22624 https://nvd.nist.gov/vuln/detail/CVE-2022-22624 [ 7 ] CVE-2022-22628 https://nvd.nist.gov/vuln/detail/CVE-2022-22628 [ 8 ] CVE-2022-22629 https://nvd.nist.gov/vuln/detail/CVE-2022-22629 [ 9 ] CVE-2022-22662 https://nvd.nist.gov/vuln/detail/CVE-2022-22662 [ 10 ] CVE-2022-22677 https://nvd.nist.gov/vuln/detail/CVE-2022-22677 [ 11 ] CVE-2022-26700 https://nvd.nist.gov/vuln/detail/CVE-2022-26700 [ 12 ] CVE-2022-26709 https://nvd.nist.gov/vuln/detail/CVE-2022-26709 [ 13 ] CVE-2022-26710 https://nvd.nist.gov/vuln/detail/CVE-2022-26710 [ 14 ] CVE-2022-26716 https://nvd.nist.gov/vuln/detail/CVE-2022-26716 [ 15 ] CVE-2022-26717 https://nvd.nist.gov/vuln/detail/CVE-2022-26717 [ 16 ] CVE-2022-26719 https://nvd.nist.gov/vuln/detail/CVE-2022-26719 [ 17 ] CVE-2022-30293 https://nvd.nist.gov/vuln/detail/CVE-2022-30293 [ 18 ] CVE-2022-30294 https://nvd.nist.gov/vuln/detail/CVE-2022-30294 [ 19 ] CVE-2022-32784 https://nvd.nist.gov/vuln/detail/CVE-2022-32784 [ 20 ] CVE-2022-32792 https://nvd.nist.gov/vuln/detail/CVE-2022-32792 [ 21 ] CVE-2022-32893 https://nvd.nist.gov/vuln/detail/CVE-2022-32893 [ 22 ] WSA-2022-0002 https://webkitgtk.org/security/WSA-2022-0002.html [ 23 ] WSA-2022-0003 https://webkitgtk.org/security/WSA-2022-0003.html [ 24 ] WSA-2022-0007 https://webkitgtk.org/security/WSA-2022-0007.html [ 25 ] WSA-2022-0008 https://webkitgtk.org/security/WSA-2022-0008.html
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-39
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: webkit2gtk3 security update Advisory ID: RHSA-2022:6540-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6540 Issue date: 2022-09-15 CVE Names: CVE-2022-32893 ==================================================================== 1. Summary:
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
The following packages have been upgraded to a later upstream version: webkit2gtk3 (2.36.7).
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: webkit2gtk3-2.36.7-1.el8_6.src.rpm
aarch64: webkit2gtk3-2.36.7-1.el8_6.aarch64.rpm webkit2gtk3-debuginfo-2.36.7-1.el8_6.aarch64.rpm webkit2gtk3-debugsource-2.36.7-1.el8_6.aarch64.rpm webkit2gtk3-devel-2.36.7-1.el8_6.aarch64.rpm webkit2gtk3-devel-debuginfo-2.36.7-1.el8_6.aarch64.rpm webkit2gtk3-jsc-2.36.7-1.el8_6.aarch64.rpm webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6.aarch64.rpm webkit2gtk3-jsc-devel-2.36.7-1.el8_6.aarch64.rpm webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6.aarch64.rpm
ppc64le: webkit2gtk3-2.36.7-1.el8_6.ppc64le.rpm webkit2gtk3-debuginfo-2.36.7-1.el8_6.ppc64le.rpm webkit2gtk3-debugsource-2.36.7-1.el8_6.ppc64le.rpm webkit2gtk3-devel-2.36.7-1.el8_6.ppc64le.rpm webkit2gtk3-devel-debuginfo-2.36.7-1.el8_6.ppc64le.rpm webkit2gtk3-jsc-2.36.7-1.el8_6.ppc64le.rpm webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6.ppc64le.rpm webkit2gtk3-jsc-devel-2.36.7-1.el8_6.ppc64le.rpm webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6.ppc64le.rpm
s390x: webkit2gtk3-2.36.7-1.el8_6.s390x.rpm webkit2gtk3-debuginfo-2.36.7-1.el8_6.s390x.rpm webkit2gtk3-debugsource-2.36.7-1.el8_6.s390x.rpm webkit2gtk3-devel-2.36.7-1.el8_6.s390x.rpm webkit2gtk3-devel-debuginfo-2.36.7-1.el8_6.s390x.rpm webkit2gtk3-jsc-2.36.7-1.el8_6.s390x.rpm webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6.s390x.rpm webkit2gtk3-jsc-devel-2.36.7-1.el8_6.s390x.rpm webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6.s390x.rpm
x86_64: webkit2gtk3-2.36.7-1.el8_6.i686.rpm webkit2gtk3-2.36.7-1.el8_6.x86_64.rpm webkit2gtk3-debuginfo-2.36.7-1.el8_6.i686.rpm webkit2gtk3-debuginfo-2.36.7-1.el8_6.x86_64.rpm webkit2gtk3-debugsource-2.36.7-1.el8_6.i686.rpm webkit2gtk3-debugsource-2.36.7-1.el8_6.x86_64.rpm webkit2gtk3-devel-2.36.7-1.el8_6.i686.rpm webkit2gtk3-devel-2.36.7-1.el8_6.x86_64.rpm webkit2gtk3-devel-debuginfo-2.36.7-1.el8_6.i686.rpm webkit2gtk3-devel-debuginfo-2.36.7-1.el8_6.x86_64.rpm webkit2gtk3-jsc-2.36.7-1.el8_6.i686.rpm webkit2gtk3-jsc-2.36.7-1.el8_6.x86_64.rpm webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6.i686.rpm webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6.x86_64.rpm webkit2gtk3-jsc-devel-2.36.7-1.el8_6.i686.rpm webkit2gtk3-jsc-devel-2.36.7-1.el8_6.x86_64.rpm webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6.i686.rpm webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-32893 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYyMk0dzjgjWX9erEAQgJiw/+LYAkLQ3B+egDz2T8gBO2HzEtHgA8L7TO aFWvgGSnt32NlsOLFg1R3FxvGRVurR5Vgx2QN4tvVi/iYIgGw1WTSCC2GaiamjoP AawahjPf08LboH3d96QHN7rumXeXLUcymQyG4p4BPnEOqYPaKKdmj5CPaGWM/o+l ECo8POkVp0mHb4HOCL8iudG5aKDmEB5OqHfQS0XmFU3392yazpD6Y1DwpIfCNAhb ptdcqHrycH+QFUdd3YmtQj567R5+q/DAKFN60KHdwT+JeiRwdV9k89cAoWIJA6Hh 3ZxRuVbc108rySf/9tdZSjl7nw4IbLwcbScUwUHfHzjFfS3h7u+kkDLL10c4sfWf psc1mGVUXzLN6qBaWiY96bXOUOzX72LkC0LqhgDOfjBvaGzJjFwfydDgql/TPkSZ 478+0r5JD6sFsboLugtqhXMLNpJtxYGBSMUA31Bjmf8jWGwKrzZCbxUMuQIHk7VG 4M9gdZbu5wQw6fhksOlHGowoXEvc6UTB36eSLvZ76OK65yoXmpOXTFjIFfmDACkV M4GVQGpNglQWn/4jBXjebEeFC86baScn97NpCL41FK9AXlP7xBPaCN++DjAYDlbg NJf8tizErS4zMa1moMYL2DEac/nhLJDwtKaCvftcdRPrVnQZEZto7Chvf1FgNAJc +nurAiBV/zc=W4oO -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-1345",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wpe webkit",
"scope": "lt",
"trust": 1.0,
"vendor": "wpewebkit",
"version": "2.36.7"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.6.1"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.6.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "webkitgtk",
"scope": "lt",
"trust": 1.0,
"vendor": "webkitgtk",
"version": "2.36.7"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.6.1"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.5.1"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "safari",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "webkitgtk",
"scope": null,
"trust": 0.8,
"vendor": "the webkitgtk team",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "ipados",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "webkit",
"scope": null,
"trust": 0.8,
"vendor": "the wpe team",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-017329"
},
{
"db": "NVD",
"id": "CVE-2022-32893"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "168439"
},
{
"db": "PACKETSTORM",
"id": "168397"
}
],
"trust": 0.2
},
"cve": "CVE-2022-32893",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-32893",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-32893",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-32893",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2022-32893",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-32893",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-3345",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-3345"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017329"
},
{
"db": "NVD",
"id": "CVE-2022-32893"
},
{
"db": "NVD",
"id": "CVE-2022-32893"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. apple\u0027s Safari Products from other vendors have out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apple macOS Monterey is the eighteenth major release of Apple\u0027s Macintosh desktop operating system, macOS. Apple macOS Monterey versions prior to 12.5.1 have a security vulnerability. The vulnerability is caused by out-of-bounds writing. macOS Monterey 12.5.1. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213413. \n\nKernel\nAvailable for: macOS Monterey\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. \nWebKit Bugzilla: 243557\nCVE-2022-32893: an anonymous researcher\n\nmacOS Monterey 12.5.1 may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 2.36.7-1~deb11u1. \n\nWe recommend that you upgrade your wpewebkit packages. ==========================================================================\nUbuntu Security Notice USN-5611-1\nSeptember 14, 2022\n\nwebkit2gtk vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in WebKitGTK. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n libjavascriptcoregtk-4.0-18 2.36.7-0ubuntu0.22.04.1\n libjavascriptcoregtk-4.1-0 2.36.7-0ubuntu0.22.04.1\n libwebkit2gtk-4.0-37 2.36.7-0ubuntu0.22.04.1\n libwebkit2gtk-4.1-0 2.36.7-0ubuntu0.22.04.1\n\nUbuntu 20.04 LTS:\n libjavascriptcoregtk-4.0-18 2.36.7-0ubuntu0.20.04.1\n libwebkit2gtk-4.0-37 2.36.7-0ubuntu0.20.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. After a standard system update you need to restart any applications\nthat use WebKitGTK, such as Epiphany, to make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-39\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: WebKitGTK+: Multiple Vulnerabilities\n Date: August 31, 2022\n Bugs: #866494, #864427, #856445, #861740, #837305, #845252, #839984, #833568, #832990\n ID: 202208-39\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in WebkitGTK+, the worst of\nwhich could result in the arbitrary execution of code. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-libs/webkit-gtk \u003c 2.36.7 \u003e= 2.36.7\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in WebKitGTK+. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll WebKitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.36.7\"\n\nReferences\n=========\n[ 1 ] CVE-2022-2294\n https://nvd.nist.gov/vuln/detail/CVE-2022-2294\n[ 2 ] CVE-2022-22589\n https://nvd.nist.gov/vuln/detail/CVE-2022-22589\n[ 3 ] CVE-2022-22590\n https://nvd.nist.gov/vuln/detail/CVE-2022-22590\n[ 4 ] CVE-2022-22592\n https://nvd.nist.gov/vuln/detail/CVE-2022-22592\n[ 5 ] CVE-2022-22620\n https://nvd.nist.gov/vuln/detail/CVE-2022-22620\n[ 6 ] CVE-2022-22624\n https://nvd.nist.gov/vuln/detail/CVE-2022-22624\n[ 7 ] CVE-2022-22628\n https://nvd.nist.gov/vuln/detail/CVE-2022-22628\n[ 8 ] CVE-2022-22629\n https://nvd.nist.gov/vuln/detail/CVE-2022-22629\n[ 9 ] CVE-2022-22662\n https://nvd.nist.gov/vuln/detail/CVE-2022-22662\n[ 10 ] CVE-2022-22677\n https://nvd.nist.gov/vuln/detail/CVE-2022-22677\n[ 11 ] CVE-2022-26700\n https://nvd.nist.gov/vuln/detail/CVE-2022-26700\n[ 12 ] CVE-2022-26709\n https://nvd.nist.gov/vuln/detail/CVE-2022-26709\n[ 13 ] CVE-2022-26710\n https://nvd.nist.gov/vuln/detail/CVE-2022-26710\n[ 14 ] CVE-2022-26716\n https://nvd.nist.gov/vuln/detail/CVE-2022-26716\n[ 15 ] CVE-2022-26717\n https://nvd.nist.gov/vuln/detail/CVE-2022-26717\n[ 16 ] CVE-2022-26719\n https://nvd.nist.gov/vuln/detail/CVE-2022-26719\n[ 17 ] CVE-2022-30293\n https://nvd.nist.gov/vuln/detail/CVE-2022-30293\n[ 18 ] CVE-2022-30294\n https://nvd.nist.gov/vuln/detail/CVE-2022-30294\n[ 19 ] CVE-2022-32784\n https://nvd.nist.gov/vuln/detail/CVE-2022-32784\n[ 20 ] CVE-2022-32792\n https://nvd.nist.gov/vuln/detail/CVE-2022-32792\n[ 21 ] CVE-2022-32893\n https://nvd.nist.gov/vuln/detail/CVE-2022-32893\n[ 22 ] WSA-2022-0002\n https://webkitgtk.org/security/WSA-2022-0002.html\n[ 23 ] WSA-2022-0003\n https://webkitgtk.org/security/WSA-2022-0003.html\n[ 24 ] WSA-2022-0007\n https://webkitgtk.org/security/WSA-2022-0007.html\n[ 25 ] WSA-2022-0008\n https://webkitgtk.org/security/WSA-2022-0008.html\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-39\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: webkit2gtk3 security update\nAdvisory ID: RHSA-2022:6540-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:6540\nIssue date: 2022-09-15\nCVE Names: CVE-2022-32893\n====================================================================\n1. Summary:\n\nAn update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nWebKitGTK is the port of the portable web rendering engine WebKit to the\nGTK platform. \n\nThe following packages have been upgraded to a later upstream version:\nwebkit2gtk3 (2.36.7). \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nwebkit2gtk3-2.36.7-1.el8_6.src.rpm\n\naarch64:\nwebkit2gtk3-2.36.7-1.el8_6.aarch64.rpm\nwebkit2gtk3-debuginfo-2.36.7-1.el8_6.aarch64.rpm\nwebkit2gtk3-debugsource-2.36.7-1.el8_6.aarch64.rpm\nwebkit2gtk3-devel-2.36.7-1.el8_6.aarch64.rpm\nwebkit2gtk3-devel-debuginfo-2.36.7-1.el8_6.aarch64.rpm\nwebkit2gtk3-jsc-2.36.7-1.el8_6.aarch64.rpm\nwebkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6.aarch64.rpm\nwebkit2gtk3-jsc-devel-2.36.7-1.el8_6.aarch64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6.aarch64.rpm\n\nppc64le:\nwebkit2gtk3-2.36.7-1.el8_6.ppc64le.rpm\nwebkit2gtk3-debuginfo-2.36.7-1.el8_6.ppc64le.rpm\nwebkit2gtk3-debugsource-2.36.7-1.el8_6.ppc64le.rpm\nwebkit2gtk3-devel-2.36.7-1.el8_6.ppc64le.rpm\nwebkit2gtk3-devel-debuginfo-2.36.7-1.el8_6.ppc64le.rpm\nwebkit2gtk3-jsc-2.36.7-1.el8_6.ppc64le.rpm\nwebkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6.ppc64le.rpm\nwebkit2gtk3-jsc-devel-2.36.7-1.el8_6.ppc64le.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6.ppc64le.rpm\n\ns390x:\nwebkit2gtk3-2.36.7-1.el8_6.s390x.rpm\nwebkit2gtk3-debuginfo-2.36.7-1.el8_6.s390x.rpm\nwebkit2gtk3-debugsource-2.36.7-1.el8_6.s390x.rpm\nwebkit2gtk3-devel-2.36.7-1.el8_6.s390x.rpm\nwebkit2gtk3-devel-debuginfo-2.36.7-1.el8_6.s390x.rpm\nwebkit2gtk3-jsc-2.36.7-1.el8_6.s390x.rpm\nwebkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6.s390x.rpm\nwebkit2gtk3-jsc-devel-2.36.7-1.el8_6.s390x.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6.s390x.rpm\n\nx86_64:\nwebkit2gtk3-2.36.7-1.el8_6.i686.rpm\nwebkit2gtk3-2.36.7-1.el8_6.x86_64.rpm\nwebkit2gtk3-debuginfo-2.36.7-1.el8_6.i686.rpm\nwebkit2gtk3-debuginfo-2.36.7-1.el8_6.x86_64.rpm\nwebkit2gtk3-debugsource-2.36.7-1.el8_6.i686.rpm\nwebkit2gtk3-debugsource-2.36.7-1.el8_6.x86_64.rpm\nwebkit2gtk3-devel-2.36.7-1.el8_6.i686.rpm\nwebkit2gtk3-devel-2.36.7-1.el8_6.x86_64.rpm\nwebkit2gtk3-devel-debuginfo-2.36.7-1.el8_6.i686.rpm\nwebkit2gtk3-devel-debuginfo-2.36.7-1.el8_6.x86_64.rpm\nwebkit2gtk3-jsc-2.36.7-1.el8_6.i686.rpm\nwebkit2gtk3-jsc-2.36.7-1.el8_6.x86_64.rpm\nwebkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6.i686.rpm\nwebkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6.x86_64.rpm\nwebkit2gtk3-jsc-devel-2.36.7-1.el8_6.i686.rpm\nwebkit2gtk3-jsc-devel-2.36.7-1.el8_6.x86_64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6.i686.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-32893\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYyMk0dzjgjWX9erEAQgJiw/+LYAkLQ3B+egDz2T8gBO2HzEtHgA8L7TO\naFWvgGSnt32NlsOLFg1R3FxvGRVurR5Vgx2QN4tvVi/iYIgGw1WTSCC2GaiamjoP\nAawahjPf08LboH3d96QHN7rumXeXLUcymQyG4p4BPnEOqYPaKKdmj5CPaGWM/o+l\nECo8POkVp0mHb4HOCL8iudG5aKDmEB5OqHfQS0XmFU3392yazpD6Y1DwpIfCNAhb\nptdcqHrycH+QFUdd3YmtQj567R5+q/DAKFN60KHdwT+JeiRwdV9k89cAoWIJA6Hh\n3ZxRuVbc108rySf/9tdZSjl7nw4IbLwcbScUwUHfHzjFfS3h7u+kkDLL10c4sfWf\npsc1mGVUXzLN6qBaWiY96bXOUOzX72LkC0LqhgDOfjBvaGzJjFwfydDgql/TPkSZ\n478+0r5JD6sFsboLugtqhXMLNpJtxYGBSMUA31Bjmf8jWGwKrzZCbxUMuQIHk7VG\n4M9gdZbu5wQw6fhksOlHGowoXEvc6UTB36eSLvZ76OK65yoXmpOXTFjIFfmDACkV\nM4GVQGpNglQWn/4jBXjebEeFC86baScn97NpCL41FK9AXlP7xBPaCN++DjAYDlbg\nNJf8tizErS4zMa1moMYL2DEac/nhLJDwtKaCvftcdRPrVnQZEZto7Chvf1FgNAJc\n+nurAiBV/zc=W4oO\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-32893"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017329"
},
{
"db": "VULHUB",
"id": "VHN-424982"
},
{
"db": "VULMON",
"id": "CVE-2022-32893"
},
{
"db": "PACKETSTORM",
"id": "168439"
},
{
"db": "PACKETSTORM",
"id": "168117"
},
{
"db": "PACKETSTORM",
"id": "168119"
},
{
"db": "PACKETSTORM",
"id": "169258"
},
{
"db": "PACKETSTORM",
"id": "168382"
},
{
"db": "PACKETSTORM",
"id": "169401"
},
{
"db": "PACKETSTORM",
"id": "168226"
},
{
"db": "PACKETSTORM",
"id": "168397"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-424982",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424982"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-32893",
"trust": 4.2
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/08/29/2",
"trust": 2.5
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/08/26/2",
"trust": 2.5
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/08/29/1",
"trust": 2.5
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/09/02/10",
"trust": 2.5
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/09/13/1",
"trust": 2.5
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/08/25/5",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "168382",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168439",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168119",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168397",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017329",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168227",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3345",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.5473",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4318",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4604",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4264",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4299",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4453",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4105",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4679",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4584",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "168117",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "168118",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-424982",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-32893",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169258",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169401",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168226",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424982"
},
{
"db": "VULMON",
"id": "CVE-2022-32893"
},
{
"db": "PACKETSTORM",
"id": "168439"
},
{
"db": "PACKETSTORM",
"id": "168117"
},
{
"db": "PACKETSTORM",
"id": "168119"
},
{
"db": "PACKETSTORM",
"id": "169258"
},
{
"db": "PACKETSTORM",
"id": "168382"
},
{
"db": "PACKETSTORM",
"id": "169401"
},
{
"db": "PACKETSTORM",
"id": "168226"
},
{
"db": "PACKETSTORM",
"id": "168397"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3345"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017329"
},
{
"db": "NVD",
"id": "CVE-2022-32893"
}
]
},
"id": "VAR-202208-1345",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-424982"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T20:54:41.352000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213414",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00019.html"
},
{
"title": "Apple macOS Monterey Safari Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=206037"
},
{
"title": "Apple: macOS Monterey 12.5.1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=1bb557c916beb7d241af583e99c5c90b"
},
{
"title": "Apple: iOS 15.6.1 and iPadOS 15.6.1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=935bf26a0e1b2691d379b98ca5e49eb8"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-32893"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3345"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017329"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424982"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017329"
},
{
"db": "NVD",
"id": "CVE-2022-32893"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://security.gentoo.org/glsa/202208-39"
},
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/aug/16"
},
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2022/oct/49"
},
{
"trust": 2.5,
"url": "http://www.openwall.com/lists/oss-security/2022/08/25/5"
},
{
"trust": 2.5,
"url": "http://www.openwall.com/lists/oss-security/2022/08/26/2"
},
{
"trust": 2.5,
"url": "http://www.openwall.com/lists/oss-security/2022/08/29/1"
},
{
"trust": 2.5,
"url": "http://www.openwall.com/lists/oss-security/2022/08/29/2"
},
{
"trust": 2.5,
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/10"
},
{
"trust": 2.5,
"url": "http://www.openwall.com/lists/oss-security/2022/09/13/1"
},
{
"trust": 2.3,
"url": "https://support.apple.com/en-us/ht213413"
},
{
"trust": 2.3,
"url": "https://support.apple.com/en-us/ht213414"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2022/dsa-5219"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2022/dsa-5220"
},
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht213412"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00019.html"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32893"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2022-32893"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ykjgv2exvmyqw3oajni4wutkkvmd2yyk/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7setaaxepgnbmyktudfezhs5lgsq64ql/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-32893"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ykjgv2exvmyqw3oajni4wutkkvmd2yyk/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7setaaxepgnbmyktudfezhs5lgsq64ql/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4318"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4604"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168382/ubuntu-security-notice-usn-5611-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168397/red-hat-security-advisory-2022-6540-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168119/apple-security-advisory-2022-08-18-1.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/webkitgtk-wpe-webkit-buffer-overflow-39127"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168439/red-hat-security-advisory-2022-6634-01.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213428"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4264"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-ios-macos-two-vulnerabilities-39070"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5473"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4299"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4453"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4584"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-32893/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168227/apple-security-advisory-2022-08-31-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4105"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4679"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht213413"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6634"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32894"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213413."
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213414."
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/wpewebkit"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.36.7-0ubuntu0.22.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.36.7-0ubuntu0.20.04.1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5611-1"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/webkit2gtk"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22589"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22628"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22677"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2294"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26709"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30293"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2022-0008.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30294"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22590"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22662"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22624"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26717"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2022-0002.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26700"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26716"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22592"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26710"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32792"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2022-0003.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32784"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22629"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2022-0007.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6540"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-424982"
},
{
"db": "VULMON",
"id": "CVE-2022-32893"
},
{
"db": "PACKETSTORM",
"id": "168439"
},
{
"db": "PACKETSTORM",
"id": "168117"
},
{
"db": "PACKETSTORM",
"id": "168119"
},
{
"db": "PACKETSTORM",
"id": "169258"
},
{
"db": "PACKETSTORM",
"id": "168382"
},
{
"db": "PACKETSTORM",
"id": "169401"
},
{
"db": "PACKETSTORM",
"id": "168226"
},
{
"db": "PACKETSTORM",
"id": "168397"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3345"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017329"
},
{
"db": "NVD",
"id": "CVE-2022-32893"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-424982"
},
{
"db": "VULMON",
"id": "CVE-2022-32893"
},
{
"db": "PACKETSTORM",
"id": "168439"
},
{
"db": "PACKETSTORM",
"id": "168117"
},
{
"db": "PACKETSTORM",
"id": "168119"
},
{
"db": "PACKETSTORM",
"id": "169258"
},
{
"db": "PACKETSTORM",
"id": "168382"
},
{
"db": "PACKETSTORM",
"id": "169401"
},
{
"db": "PACKETSTORM",
"id": "168226"
},
{
"db": "PACKETSTORM",
"id": "168397"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3345"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017329"
},
{
"db": "NVD",
"id": "CVE-2022-32893"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-424982"
},
{
"date": "2022-09-21T13:46:12",
"db": "PACKETSTORM",
"id": "168439"
},
{
"date": "2022-08-19T19:28:42",
"db": "PACKETSTORM",
"id": "168117"
},
{
"date": "2022-08-19T19:29:10",
"db": "PACKETSTORM",
"id": "168119"
},
{
"date": "2022-08-28T19:12:00",
"db": "PACKETSTORM",
"id": "169258"
},
{
"date": "2022-09-14T15:09:46",
"db": "PACKETSTORM",
"id": "168382"
},
{
"date": "2022-08-28T19:12:00",
"db": "PACKETSTORM",
"id": "169401"
},
{
"date": "2022-09-01T16:33:44",
"db": "PACKETSTORM",
"id": "168226"
},
{
"date": "2022-09-15T14:21:45",
"db": "PACKETSTORM",
"id": "168397"
},
{
"date": "2022-08-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-3345"
},
{
"date": "2023-10-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-017329"
},
{
"date": "2022-08-24T20:15:09.147000",
"db": "NVD",
"id": "CVE-2022-32893"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-07T00:00:00",
"db": "VULHUB",
"id": "VHN-424982"
},
{
"date": "2022-11-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-3345"
},
{
"date": "2023-10-12T07:43:00",
"db": "JVNDB",
"id": "JVNDB-2022-017329"
},
{
"date": "2025-10-23T18:02:27.140000",
"db": "NVD",
"id": "CVE-2022-32893"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "168382"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-3345"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "apple\u0027s \u00a0Safari\u00a0 Out-of-Bounds Write Vulnerability in Other Vendors\u0027 Products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-017329"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-3345"
}
],
"trust": 0.6
}
}
VAR-202205-1370
Vulnerability from variot - Updated: 2026-03-09 19:59Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Google Chrome Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ========================================================================== Ubuntu Security Notice USN-5568-1 August 15, 2022
webkit2gtk vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in WebKitGTK.
Software Description: - webkit2gtk: Web content engine library for GTK+
Details:
Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: libjavascriptcoregtk-4.0-18 2.36.6-0ubuntu0.22.04.1 libwebkit2gtk-4.0-37 2.36.6-0ubuntu0.22.04.1 libwebkit2gtk-4.1-0 2.36.6-0ubuntu0.22.04.1
Ubuntu 20.04 LTS: libjavascriptcoregtk-4.0-18 2.36.6-0ubuntu0.20.04.1 libwebkit2gtk-4.0-37 2.36.6-0ubuntu0.20.04.1
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK, such as Epiphany, to make all the necessary changes.
For the stable distribution (bullseye), these problems have been fixed in version 103.0.5060.114-1~deb11u1.
We recommend that you upgrade your chromium packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2022-07-20-2 macOS Monterey 12.5
macOS Monterey 12.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213345.
APFS Available for: macOS Monterey Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32832: Tommy Muir (@Muirey03)
AppleMobileFileIntegrity Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: An authorization issue was addressed with improved state management. CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro
Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32810: Mohamed Ghannam (@_simo36)
Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32840: Mohamed Ghannam (@_simo36)
Apple Neural Engine Available for: macOS Monterey Impact: An app may be able to break out of its sandbox Description: This issue was addressed with improved checks. CVE-2022-32845: Mohamed Ghannam (@_simo36)
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: This issue was addressed with improved checks. CVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu Security, Mickey Jin (@patch1t) of Trend Micro
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security CVE-2022-32852: Ye Zhang (@co0py_Cat) of Baidu Security CVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security
AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security
Audio Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32820: an anonymous researcher
Audio Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32825: John Aakerblom (@jaakerblom)
Automation Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved checks. CVE-2022-32789: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Calendar Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: The issue was addressed with improved handling of caches. CVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security
CoreMedia Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom (@jaakerblom)
CoreText Available for: macOS Monterey Impact: A remote user may cause an unexpected app termination or arbitrary code execution Description: The issue was addressed with improved bounds checks. CVE-2022-32839: STAR Labs (@starlabs_sg)
File System Events Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: A logic issue was addressed with improved state management. CVE-2022-32819: Joshua Mason of Mandiant
GPU Drivers Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: Multiple out-of-bounds write issues were addressed with improved bounds checking. CVE-2022-32793: an anonymous researcher
GPU Drivers Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-32821: John Aakerblom (@jaakerblom)
iCloud Photo Library Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2022-32849: Joshua Jones
ICU Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.
ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may result in disclosure of process memory Description: The issue was addressed with improved memory handling. CVE-2022-32841: hjy79425575 ImageIO Available for: macOS Monterey Impact: Processing an image may lead to a denial-of-service Description: A null pointer dereference was addressed with improved validation. CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit)
Intel Graphics Driver Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2022-32811: ABC Research s.r.o
Intel Graphics Driver Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o.
Kernel Available for: macOS Monterey Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32813: Xinru Chi of Pangu Lab CVE-2022-32815: Xinru Chi of Pangu Lab
Kernel Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32817: Xinru Chi of Pangu Lab
Kernel Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: This issue was addressed with improved checks. CVE-2022-32829: an anonymous researcher
Liblouis Available for: macOS Monterey Impact: An app may cause unexpected app termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China (nipc.org.cn)
libxml2 Available for: macOS Monterey Impact: An app may be able to leak sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-32823
Multi-Touch Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved checks. CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)
Multi-Touch Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)
PackageKit Available for: macOS Monterey Impact: An app may be able to modify protected parts of the file system Description: An issue in the handling of environment variables was addressed with improved validation. CVE-2022-32786: Mickey Jin (@patch1t)
PackageKit Available for: macOS Monterey Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed with improved checks. CVE-2022-32800: Mickey Jin (@patch1t)
PluginKit Available for: macOS Monterey Impact: An app may be able to read arbitrary files Description: A logic issue was addressed with improved state management. CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro
PS Normalizer Available for: macOS Monterey Impact: Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-32843: Kai Lu of Zscaler's ThreatLabz
SMB Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-32796: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-32842: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32798: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Monterey Impact: A user in a privileged network position may be able to leak sensitive information Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-32799: Sreejith Krishnan R (@skr0x1c0)
SMB Available for: macOS Monterey Impact: An app may be able to leak sensitive kernel state Description: The issue was addressed with improved memory handling. CVE-2022-32818: Sreejith Krishnan R (@skr0x1c0)
Software Update Available for: macOS Monterey Impact: A user in a privileged network position can track a user’s activity Description: This issue was addressed by using HTTPS when sending information over the network. CVE-2022-32857: Jeffrey Paul (sneak.berlin)
Spindump Available for: macOS Monterey Impact: An app may be able to overwrite arbitrary files Description: This issue was addressed with improved file handling. CVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Spotlight Available for: macOS Monterey Impact: An app may be able to gain root privileges Description: This issue was addressed with improved checks. CVE-2022-32801: Joshua Mason (@josh@jhu.edu)
subversion Available for: macOS Monterey Impact: Multiple issues in subversion Description: Multiple issues were addressed by updating subversion. CVE-2021-28544: Evgeny Kotkov, visualsvn.com CVE-2022-24070: Evgeny Kotkov, visualsvn.com CVE-2022-29046: Evgeny Kotkov, visualsvn.com CVE-2022-29048: Evgeny Kotkov, visualsvn.com
TCC Available for: macOS Monterey Impact: An app may be able to access sensitive user information Description: An access issue was addressed with improvements to the sandbox. CVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
WebKit Available for: macOS Monterey Impact: Visiting a website that frames malicious content may lead to UI spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 239316 CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ.
WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. WebKit Bugzilla: 240720 CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero Day Initiative
WebRTC Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 242339 CVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team
Wi-Fi Available for: macOS Monterey Impact: An app may be able to cause unexpected system termination or write kernel memory Description: This issue was addressed with improved checks. CVE-2022-32837: Wang Yu of Cyberserval
Wi-Fi Available for: macOS Monterey Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory Description: This issue was addressed with improved checks. CVE-2022-32847: Wang Yu of Cyberserval
Windows Server Available for: macOS Monterey Impact: An app may be able to capture a user’s screen Description: A logic issue was addressed with improved checks. CVE-2022-32848: Jeremy Legendre of MacEnhance
Additional recognition
802.1X We would like to acknowledge Shin Sun of National Taiwan University for their assistance.
AppleMobileFileIntegrity We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.
Calendar We would like to acknowledge Joshua Jones for their assistance.
configd We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła (@_r3ggi) of SecuRing for their assistance.
DiskArbitration We would like to acknowledge Mike Cush for their assistance.
macOS Monterey 12.5 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYiL4ACgkQeC9qKD1p rhhjpQ//TQX1ihtXRIjFpPOViMy6IxuLE1CsKFxq5MweXelbPB/UdeUl/zL5G54b /Lx2XYKoWj6u27FCO0BHxBqtYbAd6sfx70VLCk5W6gyk/yCi0n3zh7BvRvWB/Ugh 6NuHB39a1kbbjLLoQPbW0L6egdrCfqP/+ZujqjKl7xI58nda9jMHJC1ns87KQoDn Er5SAGf7M2ErGNzOFqvXjpJYvGsrKJyfqNxp99H/sPlzu7URX9Gq3f3n1o55IUUa mcxlBPDfUmDQPjdSqw/BprQkDOvp0fzmTy+phB0fkgmvVJ8EmEJAoilL4SyH4uW9 V1GD9rtjUKh7G/gSFAo7y0HBDQoM+E9hA+4PPlH2o1nUOAl6BRWUka6jf4yaqrpr pfo1K2hPQj1g4MMZFCDWkJ+7V1+1GTQ9WlagL5gB3QaKefiSG4cTnL06Y8zn38TD TY3JrdqUI7Pzugu+FuHs7P168yNIGXTscb1ptrVlaVBaVuyICmEcKX4HS+I5o30q WqCOaRoaa6WRqBwNEy7zVAExjSPt7t8ZWt85avWSt+rLxNGiVkPrpHu4fE+V2IAV fz1VA4S/w69h9uJHXdcG+QfvNxX+zj/vljF6DK3dyQ957Mqfyr2y9ojSbdf6vo4n DJFXNxbEk35loy/kDDidC1C1sFKY+JeQF7ZBi0/QOyuSdSdJrSg= =ibIr -----END PGP SIGNATURE-----
.
Background
QtWebEngine is a library for rendering dynamic web content in Qt5 and Qt6 C++ and QML applications. CVE-2022-32832: Tommy Muir (@Muirey03)
AppleAVD Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote user may be able to cause kernel code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2022-32821: John Aakerblom (@jaakerblom)
Home Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 15.6 and iPadOS 15.6". - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-35
https://security.gentoo.org/
Severity: High Title: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #858104, #859442, #863512, #865501, #864723 ID: 202208-35
Synopsis
Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution.
Background
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
Google Chrome is one fast, simple, and secure browser for all your devices.
Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 104.0.5112.101 >= 104.0.5112.101 2 www-client/chromium-bin < 104.0.5112.101 >= 104.0.5112.101 3 www-client/google-chrome < 104.0.5112.101 >= 104.0.5112.101 4 www-client/microsoft-edge < 104.0.1293.63 >= 104.0.1293.63
Description
Multiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Chromium users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/chromium-104.0.5112.101"
All Chromium binary users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/chromium-bin-104.0.5112.101"
All Google Chrome users should upgrade to tha latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/google-chrome-104.0.5112.101"
All Microsoft Edge users should upgrade to tha latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-104.0.1293.63"
References
[ 1 ] CVE-2022-2163 https://nvd.nist.gov/vuln/detail/CVE-2022-2163 [ 2 ] CVE-2022-2294 https://nvd.nist.gov/vuln/detail/CVE-2022-2294 [ 3 ] CVE-2022-2295 https://nvd.nist.gov/vuln/detail/CVE-2022-2295 [ 4 ] CVE-2022-2296 https://nvd.nist.gov/vuln/detail/CVE-2022-2296 [ 5 ] CVE-2022-2477 https://nvd.nist.gov/vuln/detail/CVE-2022-2477 [ 6 ] CVE-2022-2478 https://nvd.nist.gov/vuln/detail/CVE-2022-2478 [ 7 ] CVE-2022-2479 https://nvd.nist.gov/vuln/detail/CVE-2022-2479 [ 8 ] CVE-2022-2480 https://nvd.nist.gov/vuln/detail/CVE-2022-2480 [ 9 ] CVE-2022-2481 https://nvd.nist.gov/vuln/detail/CVE-2022-2481 [ 10 ] CVE-2022-2603 https://nvd.nist.gov/vuln/detail/CVE-2022-2603 [ 11 ] CVE-2022-2604 https://nvd.nist.gov/vuln/detail/CVE-2022-2604 [ 12 ] CVE-2022-2605 https://nvd.nist.gov/vuln/detail/CVE-2022-2605 [ 13 ] CVE-2022-2606 https://nvd.nist.gov/vuln/detail/CVE-2022-2606 [ 14 ] CVE-2022-2607 https://nvd.nist.gov/vuln/detail/CVE-2022-2607 [ 15 ] CVE-2022-2608 https://nvd.nist.gov/vuln/detail/CVE-2022-2608 [ 16 ] CVE-2022-2609 https://nvd.nist.gov/vuln/detail/CVE-2022-2609 [ 17 ] CVE-2022-2610 https://nvd.nist.gov/vuln/detail/CVE-2022-2610 [ 18 ] CVE-2022-2611 https://nvd.nist.gov/vuln/detail/CVE-2022-2611 [ 19 ] CVE-2022-2612 https://nvd.nist.gov/vuln/detail/CVE-2022-2612 [ 20 ] CVE-2022-2613 https://nvd.nist.gov/vuln/detail/CVE-2022-2613 [ 21 ] CVE-2022-2614 https://nvd.nist.gov/vuln/detail/CVE-2022-2614 [ 22 ] CVE-2022-2615 https://nvd.nist.gov/vuln/detail/CVE-2022-2615 [ 23 ] CVE-2022-2616 https://nvd.nist.gov/vuln/detail/CVE-2022-2616 [ 24 ] CVE-2022-2617 https://nvd.nist.gov/vuln/detail/CVE-2022-2617 [ 25 ] CVE-2022-2618 https://nvd.nist.gov/vuln/detail/CVE-2022-2618 [ 26 ] CVE-2022-2619 https://nvd.nist.gov/vuln/detail/CVE-2022-2619 [ 27 ] CVE-2022-2620 https://nvd.nist.gov/vuln/detail/CVE-2022-2620 [ 28 ] CVE-2022-2621 https://nvd.nist.gov/vuln/detail/CVE-2022-2621 [ 29 ] CVE-2022-2622 https://nvd.nist.gov/vuln/detail/CVE-2022-2622 [ 30 ] CVE-2022-2623 https://nvd.nist.gov/vuln/detail/CVE-2022-2623 [ 31 ] CVE-2022-2624 https://nvd.nist.gov/vuln/detail/CVE-2022-2624 [ 32 ] CVE-2022-2852 https://nvd.nist.gov/vuln/detail/CVE-2022-2852 [ 33 ] CVE-2022-2853 https://nvd.nist.gov/vuln/detail/CVE-2022-2853 [ 34 ] CVE-2022-2854 https://nvd.nist.gov/vuln/detail/CVE-2022-2854 [ 35 ] CVE-2022-2855 https://nvd.nist.gov/vuln/detail/CVE-2022-2855 [ 36 ] CVE-2022-2856 https://nvd.nist.gov/vuln/detail/CVE-2022-2856 [ 37 ] CVE-2022-2857 https://nvd.nist.gov/vuln/detail/CVE-2022-2857 [ 38 ] CVE-2022-2858 https://nvd.nist.gov/vuln/detail/CVE-2022-2858 [ 39 ] CVE-2022-2859 https://nvd.nist.gov/vuln/detail/CVE-2022-2859 [ 40 ] CVE-2022-2860 https://nvd.nist.gov/vuln/detail/CVE-2022-2860 [ 41 ] CVE-2022-2861 https://nvd.nist.gov/vuln/detail/CVE-2022-2861 [ 42 ] CVE-2022-33636 https://nvd.nist.gov/vuln/detail/CVE-2022-33636 [ 43 ] CVE-2022-33649 https://nvd.nist.gov/vuln/detail/CVE-2022-33649 [ 44 ] CVE-2022-35796 https://nvd.nist.gov/vuln/detail/CVE-2022-35796
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-35
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 .
Background
WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "extra packages for enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "8.0"
},
{
"_id": null,
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.5"
},
{
"_id": null,
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "8.7"
},
{
"_id": null,
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"_id": null,
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.6.8"
},
{
"_id": null,
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"_id": null,
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.6"
},
{
"_id": null,
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"_id": null,
"model": "webrtc",
"scope": "eq",
"trust": 1.0,
"vendor": "webrtc",
"version": null
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"_id": null,
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.6"
},
{
"_id": null,
"model": "wpe webkit",
"scope": "lt",
"trust": 1.0,
"vendor": "wpewebkit",
"version": "2.36.5"
},
{
"_id": null,
"model": "webkitgtk",
"scope": "lt",
"trust": 1.0,
"vendor": "webkitgtk",
"version": "2.36.5"
},
{
"_id": null,
"model": "chrome",
"scope": "lt",
"trust": 1.0,
"vendor": "google",
"version": "103.0.5060.114"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"_id": null,
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.6"
},
{
"_id": null,
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"_id": null,
"model": "webrtc",
"scope": null,
"trust": 0.8,
"vendor": "the webrtc",
"version": null
},
{
"_id": null,
"model": "ipados",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"_id": null,
"model": "extra packages for enterprise linux",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"_id": null,
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"_id": null,
"model": "chrome",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"_id": null,
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"_id": null,
"model": "webkitgtk",
"scope": null,
"trust": 0.8,
"vendor": "the webkitgtk team",
"version": null
},
{
"_id": null,
"model": "webkit",
"scope": null,
"trust": 0.8,
"vendor": "the wpe team",
"version": null
},
{
"_id": null,
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016029"
},
{
"db": "NVD",
"id": "CVE-2022-2294"
}
]
},
"credits": {
"_id": null,
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "167787"
},
{
"db": "PACKETSTORM",
"id": "167786"
},
{
"db": "PACKETSTORM",
"id": "167792"
}
],
"trust": 0.3
},
"cve": "CVE-2022-2294",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-2294",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-2294",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-2294",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2022-2294",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-2294",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202207-345",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-345"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016029"
},
{
"db": "NVD",
"id": "CVE-2022-2294"
},
{
"db": "NVD",
"id": "CVE-2022-2294"
}
]
},
"description": {
"_id": null,
"data": "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Google Chrome Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ==========================================================================\nUbuntu Security Notice USN-5568-1\nAugust 15, 2022\n\nwebkit2gtk vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in WebKitGTK. \n\nSoftware Description:\n- webkit2gtk: Web content engine library for GTK+\n\nDetails:\n\nSeveral security issues were discovered in the WebKitGTK Web and JavaScript\nengines. If a user were tricked into viewing a malicious website, a remote\nattacker could exploit a variety of issues related to web browser security,\nincluding cross-site scripting attacks, denial of service attacks, and\narbitrary code execution. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.04 LTS:\n libjavascriptcoregtk-4.0-18 2.36.6-0ubuntu0.22.04.1\n libwebkit2gtk-4.0-37 2.36.6-0ubuntu0.22.04.1\n libwebkit2gtk-4.1-0 2.36.6-0ubuntu0.22.04.1\n\nUbuntu 20.04 LTS:\n libjavascriptcoregtk-4.0-18 2.36.6-0ubuntu0.20.04.1\n libwebkit2gtk-4.0-37 2.36.6-0ubuntu0.20.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. After a standard system update you need to restart any applications\nthat use WebKitGTK, such as Epiphany, to make all the necessary changes. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 103.0.5060.114-1~deb11u1. \n\nWe recommend that you upgrade your chromium packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2022-07-20-2 macOS Monterey 12.5\n\nmacOS Monterey 12.5 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT213345. \n\nAPFS\nAvailable for: macOS Monterey\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32832: Tommy Muir (@Muirey03)\n\nAppleMobileFileIntegrity\nAvailable for: macOS Monterey\nImpact: An app may be able to gain root privileges\nDescription: An authorization issue was addressed with improved state\nmanagement. \nCVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro\n\nApple Neural Engine\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32810: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: This issue was addressed with improved checks. \nCVE-2022-32840: Mohamed Ghannam (@_simo36)\n\nApple Neural Engine\nAvailable for: macOS Monterey\nImpact: An app may be able to break out of its sandbox\nDescription: This issue was addressed with improved checks. \nCVE-2022-32845: Mohamed Ghannam (@_simo36)\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected termination or disclosure of process memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu\nSecurity, Mickey Jin (@patch1t) of Trend Micro\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected termination or disclosure of process memory\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security\nCVE-2022-32852: Ye Zhang (@co0py_Cat) of Baidu Security\nCVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security\n\nAppleScript\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected termination or disclosure of process memory\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security\n\nAudio\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-32820: an anonymous researcher\n\nAudio\nAvailable for: macOS Monterey\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32825: John Aakerblom (@jaakerblom)\n\nAutomation\nAvailable for: macOS Monterey\nImpact: An app may be able to bypass Privacy preferences\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32789: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\nCalendar\nAvailable for: macOS Monterey\nImpact: An app may be able to access sensitive user information\nDescription: The issue was addressed with improved handling of\ncaches. \nCVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security\n\nCoreMedia\nAvailable for: macOS Monterey\nImpact: An app may be able to disclose kernel memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom\n(@jaakerblom)\n\nCoreText\nAvailable for: macOS Monterey\nImpact: A remote user may cause an unexpected app termination or\narbitrary code execution\nDescription: The issue was addressed with improved bounds checks. \nCVE-2022-32839: STAR Labs (@starlabs_sg)\n\nFile System Events\nAvailable for: macOS Monterey\nImpact: An app may be able to gain root privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32819: Joshua Mason of Mandiant\n\nGPU Drivers\nAvailable for: macOS Monterey\nImpact: An app may be able to disclose kernel memory\nDescription: Multiple out-of-bounds write issues were addressed with\nimproved bounds checking. \nCVE-2022-32793: an anonymous researcher\n\nGPU Drivers\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2022-32821: John Aakerblom (@jaakerblom)\n\niCloud Photo Library\nAvailable for: macOS Monterey\nImpact: An app may be able to access sensitive user information\nDescription: An information disclosure issue was addressed by\nremoving the vulnerable code. \nCVE-2022-32849: Joshua Jones\n\nICU\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \n\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted image may result in\ndisclosure of process memory\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32841: hjy79425575\nImageIO\nAvailable for: macOS Monterey\nImpact: Processing an image may lead to a denial-of-service\nDescription: A null pointer dereference was addressed with improved\nvalidation. \nCVE-2022-32785: Yi\u011fit Can YILMAZ (@yilmazcanyigit)\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption vulnerability was addressed with\nimproved locking. \nCVE-2022-32811: ABC Research s.r.o\n\nIntel Graphics Driver\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o. \n\nKernel\nAvailable for: macOS Monterey\nImpact: An app with root privileges may be able to execute arbitrary\ncode with kernel privileges\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32813: Xinru Chi of Pangu Lab\nCVE-2022-32815: Xinru Chi of Pangu Lab\n\nKernel\nAvailable for: macOS Monterey\nImpact: An app may be able to disclose kernel memory\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-32817: Xinru Chi of Pangu Lab\n\nKernel\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: This issue was addressed with improved checks. \nCVE-2022-32829: an anonymous researcher\n\nLiblouis\nAvailable for: macOS Monterey\nImpact: An app may cause unexpected app termination or arbitrary code\nexecution\nDescription: This issue was addressed with improved checks. \nCVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China\n(nipc.org.cn)\n\nlibxml2\nAvailable for: macOS Monterey\nImpact: An app may be able to leak sensitive user information\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2022-32823\n\nMulti-Touch\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved\nchecks. \nCVE-2022-32814: Pan ZhenPeng (@Peterpan0927)\n\nMulti-Touch\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2022-32814: Pan ZhenPeng (@Peterpan0927)\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: An issue in the handling of environment variables was\naddressed with improved validation. \nCVE-2022-32786: Mickey Jin (@patch1t)\n\nPackageKit\nAvailable for: macOS Monterey\nImpact: An app may be able to modify protected parts of the file\nsystem\nDescription: This issue was addressed with improved checks. \nCVE-2022-32800: Mickey Jin (@patch1t)\n\nPluginKit\nAvailable for: macOS Monterey\nImpact: An app may be able to read arbitrary files\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro\n\nPS Normalizer\nAvailable for: macOS Monterey\nImpact: Processing a maliciously crafted Postscript file may result\nin unexpected app termination or disclosure of process memory\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2022-32843: Kai Lu of Zscaler\u0027s ThreatLabz\n\nSMB\nAvailable for: macOS Monterey\nImpact: An app may be able to execute arbitrary code with kernel\nprivileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2022-32796: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Monterey\nImpact: An app may be able to gain elevated privileges\nDescription: An out-of-bounds read issue was addressed with improved\ninput validation. \nCVE-2022-32842: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Monterey\nImpact: An app may be able to gain elevated privileges\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nCVE-2022-32798: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Monterey\nImpact: A user in a privileged network position may be able to leak\nsensitive information\nDescription: An out-of-bounds read issue was addressed with improved\nbounds checking. \nCVE-2022-32799: Sreejith Krishnan R (@skr0x1c0)\n\nSMB\nAvailable for: macOS Monterey\nImpact: An app may be able to leak sensitive kernel state\nDescription: The issue was addressed with improved memory handling. \nCVE-2022-32818: Sreejith Krishnan R (@skr0x1c0)\n\nSoftware Update\nAvailable for: macOS Monterey\nImpact: A user in a privileged network position can track a user\u2019s\nactivity\nDescription: This issue was addressed by using HTTPS when sending\ninformation over the network. \nCVE-2022-32857: Jeffrey Paul (sneak.berlin)\n\nSpindump\nAvailable for: macOS Monterey\nImpact: An app may be able to overwrite arbitrary files\nDescription: This issue was addressed with improved file handling. \nCVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n\nSpotlight\nAvailable for: macOS Monterey\nImpact: An app may be able to gain root privileges\nDescription: This issue was addressed with improved checks. \nCVE-2022-32801: Joshua Mason (@josh@jhu.edu)\n\nsubversion\nAvailable for: macOS Monterey\nImpact: Multiple issues in subversion\nDescription: Multiple issues were addressed by updating subversion. \nCVE-2021-28544: Evgeny Kotkov, visualsvn.com\nCVE-2022-24070: Evgeny Kotkov, visualsvn.com\nCVE-2022-29046: Evgeny Kotkov, visualsvn.com\nCVE-2022-29048: Evgeny Kotkov, visualsvn.com\n\nTCC\nAvailable for: macOS Monterey\nImpact: An app may be able to access sensitive user information\nDescription: An access issue was addressed with improvements to the\nsandbox. \nCVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nWebKit\nAvailable for: macOS Monterey\nImpact: Visiting a website that frames malicious content may lead to\nUI spoofing\nDescription: The issue was addressed with improved UI handling. \nWebKit Bugzilla: 239316\nCVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs\n\u0026 DNSLab, Korea Univ. \n\nWebKit\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\ninput validation. \nWebKit Bugzilla: 240720\nCVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero\nDay Initiative\n\nWebRTC\nAvailable for: macOS Monterey\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution. \nDescription: A memory corruption issue was addressed with improved\nstate management. \nWebKit Bugzilla: 242339\nCVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: An app may be able to cause unexpected system termination or\nwrite kernel memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-32837: Wang Yu of Cyberserval\n\nWi-Fi\nAvailable for: macOS Monterey\nImpact: A remote user may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: This issue was addressed with improved checks. \nCVE-2022-32847: Wang Yu of Cyberserval\n\nWindows Server\nAvailable for: macOS Monterey\nImpact: An app may be able to capture a user\u2019s screen\nDescription: A logic issue was addressed with improved checks. \nCVE-2022-32848: Jeremy Legendre of MacEnhance\n\nAdditional recognition\n\n802.1X\nWe would like to acknowledge Shin Sun of National Taiwan University\nfor their assistance. \n\nAppleMobileFileIntegrity\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a\n(@_r3ggi) of SecuRing for their assistance. \n\nCalendar\nWe would like to acknowledge Joshua Jones for their assistance. \n\nconfigd\nWe would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive\nSecurity, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Regu\u0142a\n(@_r3ggi) of SecuRing for their assistance. \n\nDiskArbitration\nWe would like to acknowledge Mike Cush for their assistance. \n\nmacOS Monterey 12.5 may be obtained from the Mac App Store or Apple\u0027s\nSoftware Downloads web site: https://support.apple.com/downloads/\nAll information is also posted on the Apple Security Updates\nweb site: https://support.apple.com/en-us/HT201222. \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYiL4ACgkQeC9qKD1p\nrhhjpQ//TQX1ihtXRIjFpPOViMy6IxuLE1CsKFxq5MweXelbPB/UdeUl/zL5G54b\n/Lx2XYKoWj6u27FCO0BHxBqtYbAd6sfx70VLCk5W6gyk/yCi0n3zh7BvRvWB/Ugh\n6NuHB39a1kbbjLLoQPbW0L6egdrCfqP/+ZujqjKl7xI58nda9jMHJC1ns87KQoDn\nEr5SAGf7M2ErGNzOFqvXjpJYvGsrKJyfqNxp99H/sPlzu7URX9Gq3f3n1o55IUUa\nmcxlBPDfUmDQPjdSqw/BprQkDOvp0fzmTy+phB0fkgmvVJ8EmEJAoilL4SyH4uW9\nV1GD9rtjUKh7G/gSFAo7y0HBDQoM+E9hA+4PPlH2o1nUOAl6BRWUka6jf4yaqrpr\npfo1K2hPQj1g4MMZFCDWkJ+7V1+1GTQ9WlagL5gB3QaKefiSG4cTnL06Y8zn38TD\nTY3JrdqUI7Pzugu+FuHs7P168yNIGXTscb1ptrVlaVBaVuyICmEcKX4HS+I5o30q\nWqCOaRoaa6WRqBwNEy7zVAExjSPt7t8ZWt85avWSt+rLxNGiVkPrpHu4fE+V2IAV\nfz1VA4S/w69h9uJHXdcG+QfvNxX+zj/vljF6DK3dyQ957Mqfyr2y9ojSbdf6vo4n\nDJFXNxbEk35loy/kDDidC1C1sFKY+JeQF7ZBi0/QOyuSdSdJrSg=\n=ibIr\n-----END PGP SIGNATURE-----\n\n\n\n. \n\nBackground\n=========\nQtWebEngine is a library for rendering dynamic web content in Qt5 and\nQt6 C++ and QML applications. \nCVE-2022-32832: Tommy Muir (@Muirey03)\n\nAppleAVD\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A remote user may be able to cause kernel code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2022-32821: John Aakerblom (@jaakerblom)\n\nHome\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A user may be able to view restricted content from the lock\nscreen\nDescription: A logic issue was addressed with improved state\nmanagement. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/ iTunes and Software Update on the\ndevice will automatically check Apple\u0027s update server on its weekly\nschedule. When an update is detected, it is downloaded and the option\nto be installed is presented to the user when the iOS device is\ndocked. We recommend applying the update immediately if possible. \nSelecting Don\u0027t Install will present the option the next time you\nconnect your iOS device. The automatic update process may take up to\na week depending on the day that iTunes or the device checks for\nupdates. You may manually obtain the update via the Check for Updates\nbutton within iTunes, or the Software Update on your device. To\ncheck that the iPhone, iPod touch, or iPad has been updated: *\nNavigate to Settings * Select General * Select About. The version\nafter applying this update will be \"iOS 15.6 and iPadOS 15.6\". - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-35\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities\n Date: August 21, 2022\n Bugs: #858104, #859442, #863512, #865501, #864723\n ID: 202208-35\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in Chromium and its\nderivatives, the worst of which could result in remote code execution. \n\nBackground\n=========\nChromium is an open-source browser project that aims to build a safer,\nfaster, and more stable way for all users to experience the web. \n\nGoogle Chrome is one fast, simple, and secure browser for all your\ndevices. \n\nMicrosoft Edge is a browser that combines a minimal design with\nsophisticated technology to make the web faster, safer, and easier. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-client/chromium \u003c 104.0.5112.101 \u003e= 104.0.5112.101\n 2 www-client/chromium-bin \u003c 104.0.5112.101 \u003e= 104.0.5112.101\n 3 www-client/google-chrome \u003c 104.0.5112.101 \u003e= 104.0.5112.101\n 4 www-client/microsoft-edge \u003c 104.0.1293.63 \u003e= 104.0.1293.63\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Chromium and its\nderivatives. Please review the CVE identifiers referenced below for\ndetails. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Chromium users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/chromium-104.0.5112.101\"\n\nAll Chromium binary users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/chromium-bin-104.0.5112.101\"\n\nAll Google Chrome users should upgrade to tha latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/google-chrome-104.0.5112.101\"\n\nAll Microsoft Edge users should upgrade to tha latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/microsoft-edge-104.0.1293.63\"\n\nReferences\n=========\n[ 1 ] CVE-2022-2163\n https://nvd.nist.gov/vuln/detail/CVE-2022-2163\n[ 2 ] CVE-2022-2294\n https://nvd.nist.gov/vuln/detail/CVE-2022-2294\n[ 3 ] CVE-2022-2295\n https://nvd.nist.gov/vuln/detail/CVE-2022-2295\n[ 4 ] CVE-2022-2296\n https://nvd.nist.gov/vuln/detail/CVE-2022-2296\n[ 5 ] CVE-2022-2477\n https://nvd.nist.gov/vuln/detail/CVE-2022-2477\n[ 6 ] CVE-2022-2478\n https://nvd.nist.gov/vuln/detail/CVE-2022-2478\n[ 7 ] CVE-2022-2479\n https://nvd.nist.gov/vuln/detail/CVE-2022-2479\n[ 8 ] CVE-2022-2480\n https://nvd.nist.gov/vuln/detail/CVE-2022-2480\n[ 9 ] CVE-2022-2481\n https://nvd.nist.gov/vuln/detail/CVE-2022-2481\n[ 10 ] CVE-2022-2603\n https://nvd.nist.gov/vuln/detail/CVE-2022-2603\n[ 11 ] CVE-2022-2604\n https://nvd.nist.gov/vuln/detail/CVE-2022-2604\n[ 12 ] CVE-2022-2605\n https://nvd.nist.gov/vuln/detail/CVE-2022-2605\n[ 13 ] CVE-2022-2606\n https://nvd.nist.gov/vuln/detail/CVE-2022-2606\n[ 14 ] CVE-2022-2607\n https://nvd.nist.gov/vuln/detail/CVE-2022-2607\n[ 15 ] CVE-2022-2608\n https://nvd.nist.gov/vuln/detail/CVE-2022-2608\n[ 16 ] CVE-2022-2609\n https://nvd.nist.gov/vuln/detail/CVE-2022-2609\n[ 17 ] CVE-2022-2610\n https://nvd.nist.gov/vuln/detail/CVE-2022-2610\n[ 18 ] CVE-2022-2611\n https://nvd.nist.gov/vuln/detail/CVE-2022-2611\n[ 19 ] CVE-2022-2612\n https://nvd.nist.gov/vuln/detail/CVE-2022-2612\n[ 20 ] CVE-2022-2613\n https://nvd.nist.gov/vuln/detail/CVE-2022-2613\n[ 21 ] CVE-2022-2614\n https://nvd.nist.gov/vuln/detail/CVE-2022-2614\n[ 22 ] CVE-2022-2615\n https://nvd.nist.gov/vuln/detail/CVE-2022-2615\n[ 23 ] CVE-2022-2616\n https://nvd.nist.gov/vuln/detail/CVE-2022-2616\n[ 24 ] CVE-2022-2617\n https://nvd.nist.gov/vuln/detail/CVE-2022-2617\n[ 25 ] CVE-2022-2618\n https://nvd.nist.gov/vuln/detail/CVE-2022-2618\n[ 26 ] CVE-2022-2619\n https://nvd.nist.gov/vuln/detail/CVE-2022-2619\n[ 27 ] CVE-2022-2620\n https://nvd.nist.gov/vuln/detail/CVE-2022-2620\n[ 28 ] CVE-2022-2621\n https://nvd.nist.gov/vuln/detail/CVE-2022-2621\n[ 29 ] CVE-2022-2622\n https://nvd.nist.gov/vuln/detail/CVE-2022-2622\n[ 30 ] CVE-2022-2623\n https://nvd.nist.gov/vuln/detail/CVE-2022-2623\n[ 31 ] CVE-2022-2624\n https://nvd.nist.gov/vuln/detail/CVE-2022-2624\n[ 32 ] CVE-2022-2852\n https://nvd.nist.gov/vuln/detail/CVE-2022-2852\n[ 33 ] CVE-2022-2853\n https://nvd.nist.gov/vuln/detail/CVE-2022-2853\n[ 34 ] CVE-2022-2854\n https://nvd.nist.gov/vuln/detail/CVE-2022-2854\n[ 35 ] CVE-2022-2855\n https://nvd.nist.gov/vuln/detail/CVE-2022-2855\n[ 36 ] CVE-2022-2856\n https://nvd.nist.gov/vuln/detail/CVE-2022-2856\n[ 37 ] CVE-2022-2857\n https://nvd.nist.gov/vuln/detail/CVE-2022-2857\n[ 38 ] CVE-2022-2858\n https://nvd.nist.gov/vuln/detail/CVE-2022-2858\n[ 39 ] CVE-2022-2859\n https://nvd.nist.gov/vuln/detail/CVE-2022-2859\n[ 40 ] CVE-2022-2860\n https://nvd.nist.gov/vuln/detail/CVE-2022-2860\n[ 41 ] CVE-2022-2861\n https://nvd.nist.gov/vuln/detail/CVE-2022-2861\n[ 42 ] CVE-2022-33636\n https://nvd.nist.gov/vuln/detail/CVE-2022-33636\n[ 43 ] CVE-2022-33649\n https://nvd.nist.gov/vuln/detail/CVE-2022-33649\n[ 44 ] CVE-2022-35796\n https://nvd.nist.gov/vuln/detail/CVE-2022-35796\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-35\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \n\nBackground\n=========\nWebKitGTK+ is a full-featured port of the WebKit rendering engine,\nsuitable for projects requiring any kind of web integration, from hybrid\nHTML/CSS applications to full-fledged web browsers",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2294"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016029"
},
{
"db": "VULHUB",
"id": "VHN-427072"
},
{
"db": "PACKETSTORM",
"id": "168089"
},
{
"db": "PACKETSTORM",
"id": "169355"
},
{
"db": "PACKETSTORM",
"id": "167787"
},
{
"db": "PACKETSTORM",
"id": "175908"
},
{
"db": "PACKETSTORM",
"id": "167786"
},
{
"db": "PACKETSTORM",
"id": "168126"
},
{
"db": "PACKETSTORM",
"id": "167792"
},
{
"db": "PACKETSTORM",
"id": "168226"
}
],
"trust": 2.43
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-427072",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427072"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2022-2294",
"trust": 4.2
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/07/28/2",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "168126",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168226",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167792",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168089",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016029",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202207-345",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.3553",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4061",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3389",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3254",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070442",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071215",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072104",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070614",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071824",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "167786",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167787",
"trust": 0.2
},
{
"db": "CNVD",
"id": "CNVD-2022-49948",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-427072",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-2294",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169355",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "175908",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427072"
},
{
"db": "VULMON",
"id": "CVE-2022-2294"
},
{
"db": "PACKETSTORM",
"id": "168089"
},
{
"db": "PACKETSTORM",
"id": "169355"
},
{
"db": "PACKETSTORM",
"id": "167787"
},
{
"db": "PACKETSTORM",
"id": "175908"
},
{
"db": "PACKETSTORM",
"id": "167786"
},
{
"db": "PACKETSTORM",
"id": "168126"
},
{
"db": "PACKETSTORM",
"id": "167792"
},
{
"db": "PACKETSTORM",
"id": "168226"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-345"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016029"
},
{
"db": "NVD",
"id": "CVE-2022-2294"
}
]
},
"id": "VAR-202205-1370",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-427072"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T19:59:25.491000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/"
},
{
"title": "Google Chrome Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=202541"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/ExpLangcn/FuYao-Go "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-2294"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-345"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016029"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427072"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016029"
},
{
"db": "NVD",
"id": "CVE-2022-2294"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202208-35"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202208-39"
},
{
"trust": 1.7,
"url": "https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html"
},
{
"trust": 1.7,
"url": "https://crbug.com/1341043"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2022/07/28/2"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2294"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202311-11"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/h2c4xojviildxtosmwjxhsqnexfwsod7/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5bqrtr4siunihllpwtgysdnqk7dycrsb/"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2022-2294"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5bqrtr4siunihllpwtgysdnqk7dycrsb/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/h2c4xojviildxtosmwjxhsqnexfwsod7/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070442"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072104"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/chrome-multiple-vulnerabilities-38727"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168126/gentoo-linux-security-advisory-202208-35.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168226/gentoo-linux-security-advisory-202208-39.html"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213346"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/webkit-buffer-overflow-via-webrtc-38874"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4061"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167792/apple-security-advisory-2022-07-20-7.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168089/ubuntu-security-notice-usn-5568-1.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070614"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071824"
},
{
"trust": 0.6,
"url": "https://chromereleases.googleblog.com/2022/07/chrome-for-android-update.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3254"
},
{
"trust": 0.6,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2022-2294"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3553"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2294/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3389"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071215"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32792"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/en-us/ht201222."
},
{
"trust": 0.3,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.3,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.3,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32784"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2296"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2295"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32793"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26981"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32787"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.36.6-0ubuntu0.22.04.1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5568-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/webkit2gtk/2.36.6-0ubuntu0.20.04.1"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/chromium"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24070"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213345."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32786"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29046"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29048"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28544"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32789"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-3079"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4761"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2940"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2939"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4177"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5996"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2932"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4178"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4195"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2725"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-44708"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5486"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-3216"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-3201"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4190"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0138"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4174"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2723"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4077"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4191"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5482"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4764"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2941"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5853"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4437"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0137"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4193"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4175"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-21796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5485"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41115"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2724"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4070"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5857"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2929"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0135"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4438"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4073"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5480"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5856"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4071"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5481"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2937"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4179"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4076"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4069"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-6112"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4181"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5859"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4176"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2935"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5855"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4188"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-3214"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4440"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0130"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5473"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5858"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4186"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4763"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4194"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4180"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2930"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2722"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4074"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4185"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0132"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5478"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2934"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4075"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4078"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2931"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5476"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5477"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4762"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5474"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5850"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5479"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2726"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-3217"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4189"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5997"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5854"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4436"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5487"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4439"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2933"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0133"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5483"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5484"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0139"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-44688"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0131"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2936"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5852"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-4182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-3215"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-5475"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-21775"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4072"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-0140"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4068"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-2938"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32788"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32802"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32810"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32814"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32813"
},
{
"trust": 0.1,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213346."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26768"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32815"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2612"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-35796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2608"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2618"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2611"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33636"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2624"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2613"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2610"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2623"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2617"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2622"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2856"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2857"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2478"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2853"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2858"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2481"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2604"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2616"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2479"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2855"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33649"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2619"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2860"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2480"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2859"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2852"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2609"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2477"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2606"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2854"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2861"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2605"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2163"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2607"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2620"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213341."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22589"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22628"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22677"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26709"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30293"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2022-0008.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30294"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22590"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22662"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22624"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26717"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2022-0002.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26700"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26716"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22592"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26710"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32893"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2022-0003.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22629"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2022-0007.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-427072"
},
{
"db": "PACKETSTORM",
"id": "168089"
},
{
"db": "PACKETSTORM",
"id": "169355"
},
{
"db": "PACKETSTORM",
"id": "167787"
},
{
"db": "PACKETSTORM",
"id": "175908"
},
{
"db": "PACKETSTORM",
"id": "167786"
},
{
"db": "PACKETSTORM",
"id": "168126"
},
{
"db": "PACKETSTORM",
"id": "167792"
},
{
"db": "PACKETSTORM",
"id": "168226"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-345"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016029"
},
{
"db": "NVD",
"id": "CVE-2022-2294"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-427072",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2022-2294",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "168089",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "169355",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "167787",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "175908",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "167786",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "168126",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "167792",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "168226",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202207-345",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016029",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2022-2294",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2022-07-28T00:00:00",
"db": "VULHUB",
"id": "VHN-427072",
"ident": null
},
{
"date": "2022-08-15T16:05:06",
"db": "PACKETSTORM",
"id": "168089",
"ident": null
},
{
"date": "2022-07-28T19:12:00",
"db": "PACKETSTORM",
"id": "169355",
"ident": null
},
{
"date": "2022-07-22T16:22:49",
"db": "PACKETSTORM",
"id": "167787",
"ident": null
},
{
"date": "2023-11-25T17:01:13",
"db": "PACKETSTORM",
"id": "175908",
"ident": null
},
{
"date": "2022-07-22T16:22:17",
"db": "PACKETSTORM",
"id": "167786",
"ident": null
},
{
"date": "2022-08-22T16:02:18",
"db": "PACKETSTORM",
"id": "168126",
"ident": null
},
{
"date": "2022-07-22T16:25:07",
"db": "PACKETSTORM",
"id": "167792",
"ident": null
},
{
"date": "2022-09-01T16:33:44",
"db": "PACKETSTORM",
"id": "168226",
"ident": null
},
{
"date": "2022-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-345",
"ident": null
},
{
"date": "2023-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-016029",
"ident": null
},
{
"date": "2022-07-28T02:15:07.797000",
"db": "NVD",
"id": "CVE-2022-2294",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-11-29T00:00:00",
"db": "VULHUB",
"id": "VHN-427072",
"ident": null
},
{
"date": "2022-09-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202207-345",
"ident": null
},
{
"date": "2023-09-29T09:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-016029",
"ident": null
},
{
"date": "2025-10-24T14:09:38.790000",
"db": "NVD",
"id": "CVE-2022-2294",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "168089"
},
{
"db": "PACKETSTORM",
"id": "175908"
},
{
"db": "PACKETSTORM",
"id": "168126"
},
{
"db": "CNNVD",
"id": "CNNVD-202207-345"
}
],
"trust": 0.9
},
"title": {
"_id": null,
"data": "Google\u00a0Chrome\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016029"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202207-345"
}
],
"trust": 0.6
}
}
VAR-202108-1267
Vulnerability from variot - Updated: 2026-03-07 20:56An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. apple's Safari Integer overflow vulnerabilities exist in products from multiple vendors.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. (CVE-2020-22592) A use after free issue was addressed with improved memory management. (CVE-2020-27918) "Clear History and Website Data" did not clear the history. A user may be unable to fully delete browsing history. (CVE-2020-29623) This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. (CVE-2021-1765) A use after free issue was addressed with improved memory management. (CVE-2021-1789) A port redirection issue was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. A malicious website may be able to access restricted ports on arbitrary servers. The highest threat from this vulnerability is to data integrity. (CVE-2021-1799) This issue was addressed with improved iframe sandbox enforcement. (CVE-2021-1801) A memory corruption issue was addressed with improved state management. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1870) A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775) A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in WebKitGTK 2.30.4. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (CVE-2021-21779) An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. The victim needs to visit a malicious web site to trigger the vulnerability. (CVE-2021-21806) A use after free issue was addressed with improved memory management. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30663) A memory corruption issue was addressed with improved state management. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. A malicious application may be able to leak sensitive user information. A malicious website may be able to access restricted ports on arbitrary servers. (CVE-2021-30720) Multiple memory corruption issues were addressed with improved memory handling. (CVE-2021-30734) Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. (CVE-2021-30744) Multiple memory corruption issues were addressed with improved memory handling. (CVE-2021-30758) A memory corruption issue was addressed with improved state management. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30761) A use after free issue was addressed with improved memory management. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30762) A use after free issue was addressed with improved memory management. (CVE-2021-30797) Multiple memory corruption issues were addressed with improved memory handling. (CVE-2021-30799) A use-after-free flaw was found in WebKitGTK. (CVE-2021-30809) A confusion type flaw was found in WebKitGTK. (CVE-2021-30818) An out-of-bounds read flaw was found in WebKitGTK. A specially crafted audio file could use this flaw to trigger a disclosure of memory when processed. (CVE-2021-30836) A memory corruption issue was addressed with improved memory handling. (CVE-2021-30846) A memory corruption issue was addressed with improved memory handling. (CVE-2021-30848) Multiple memory corruption issues were addressed with improved memory handling. (CVE-2021-30887) An information leak flaw was found in WebKitGTK. A malicious web site using Content Security Policy reports could use this flaw to leak information via redirects. (CVE-2021-30888) A buffer overflow flaw was found in WebKitGTK. (CVE-2021-30934) A use after free issue was addressed with improved memory management. (CVE-2021-30936) A use after free issue was addressed with improved memory management. (CVE-2021-30984) ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. (CVE-2021-32912) BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit prior to 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. (CVE-2021-42762) A segmentation violation vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45481) A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45482) A use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45483) A use after free issue was addressed with improved memory management. (CVE-2022-22592) A cookie management issue was addressed with improved state management. (CVE-2022-22662) A logic issue in the handling of concurrent media was addressed with improved state handling. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. (CVE-2022-22677) A memory corruption issue was addressed with improved state management. (CVE-2022-26700) A use after free issue was addressed with improved memory management. (CVE-2022-26709) A use after free issue was addressed with improved memory management. (CVE-2022-26710) A memory corruption issue was addressed with improved state management. (CVE-2022-26716) A use after free issue was addressed with improved memory management. (CVE-2022-26717) A memory corruption issue was addressed with improved state management. (CVE-2022-26719) In WebKitGTK up to and including 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. (CVE-2022-32792) Multiple out-of-bounds write issues were addressed with improved bounds checking. An app may be able to disclose kernel memory. (CVE-2022-32793) The issue was addressed with improved UI handling. Visiting a website that frames malicious content may lead to UI spoofing. (CVE-2022-32885) An out-of-bounds write issue was addressed with improved bounds checking. (CVE-2022-32923) The issue was addressed with improved UI handling. Visiting a malicious website may lead to user interface spoofing. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. (CVE-2022-42856) A memory corruption issue was addressed with improved state management. (CVE-2022-42863) A use after free issue was addressed with improved memory management. (CVE-2022-42867) A memory consumption issue was addressed with improved memory handling. (CVE-2022-46698) A memory corruption issue was addressed with improved state management. (CVE-2022-46700) A flaw was found in the WebKitGTK package. This may, in theory, allow a remote malicious user to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system. (CVE-2023-23529) A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25358) A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25360) A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25361) A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25362) A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25363) The vulnerability allows a remote malicious user to bypass Same Origin Policy restrictions. (CVE-2023-27932) The vulnerability exists due to excessive data output by the application. A remote attacker can track sensitive user information. (CVE-2023-27954) An out-of-bounds read issue in WebKit that could be abused to disclose sensitive information when processing web content. (CVE-2023-28204) A use after free issue was addressed with improved memory management. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-32373) N/A (CVE-2023-32409). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: webkit2gtk3 security, bug fix, and enhancement update Advisory ID: RHSA-2022:1777-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1777 Issue date: 2022-05-10 CVE Names: CVE-2021-30809 CVE-2021-30818 CVE-2021-30823 CVE-2021-30836 CVE-2021-30846 CVE-2021-30848 CVE-2021-30849 CVE-2021-30851 CVE-2021-30884 CVE-2021-30887 CVE-2021-30888 CVE-2021-30889 CVE-2021-30890 CVE-2021-30897 CVE-2021-30934 CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 CVE-2021-45481 CVE-2021-45482 CVE-2021-45483 CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 CVE-2022-22594 CVE-2022-22620 CVE-2022-22637 =====================================================================
- Summary:
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
The following packages have been upgraded to a later upstream version: webkit2gtk3 (2.34.6).
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source: webkit2gtk3-2.34.6-1.el8.src.rpm
aarch64: webkit2gtk3-2.34.6-1.el8.aarch64.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-debugsource-2.34.6-1.el8.aarch64.rpm webkit2gtk3-devel-2.34.6-1.el8.aarch64.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.aarch64.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.aarch64.rpm
ppc64le: webkit2gtk3-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-debugsource-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-devel-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.ppc64le.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm
s390x: webkit2gtk3-2.34.6-1.el8.s390x.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-debugsource-2.34.6-1.el8.s390x.rpm webkit2gtk3-devel-2.34.6-1.el8.s390x.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.s390x.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.s390x.rpm
x86_64: webkit2gtk3-2.34.6-1.el8.i686.rpm webkit2gtk3-2.34.6-1.el8.x86_64.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-debugsource-2.34.6-1.el8.i686.rpm webkit2gtk3-debugsource-2.34.6-1.el8.x86_64.rpm webkit2gtk3-devel-2.34.6-1.el8.i686.rpm webkit2gtk3-devel-2.34.6-1.el8.x86_64.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-devel-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-devel-2.34.6-1.el8.x86_64.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.i686.rpm webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-30809 https://access.redhat.com/security/cve/CVE-2021-30818 https://access.redhat.com/security/cve/CVE-2021-30823 https://access.redhat.com/security/cve/CVE-2021-30836 https://access.redhat.com/security/cve/CVE-2021-30846 https://access.redhat.com/security/cve/CVE-2021-30848 https://access.redhat.com/security/cve/CVE-2021-30849 https://access.redhat.com/security/cve/CVE-2021-30851 https://access.redhat.com/security/cve/CVE-2021-30884 https://access.redhat.com/security/cve/CVE-2021-30887 https://access.redhat.com/security/cve/CVE-2021-30888 https://access.redhat.com/security/cve/CVE-2021-30889 https://access.redhat.com/security/cve/CVE-2021-30890 https://access.redhat.com/security/cve/CVE-2021-30897 https://access.redhat.com/security/cve/CVE-2021-30934 https://access.redhat.com/security/cve/CVE-2021-30936 https://access.redhat.com/security/cve/CVE-2021-30951 https://access.redhat.com/security/cve/CVE-2021-30952 https://access.redhat.com/security/cve/CVE-2021-30953 https://access.redhat.com/security/cve/CVE-2021-30954 https://access.redhat.com/security/cve/CVE-2021-30984 https://access.redhat.com/security/cve/CVE-2021-45481 https://access.redhat.com/security/cve/CVE-2021-45482 https://access.redhat.com/security/cve/CVE-2021-45483 https://access.redhat.com/security/cve/CVE-2022-22589 https://access.redhat.com/security/cve/CVE-2022-22590 https://access.redhat.com/security/cve/CVE-2022-22592 https://access.redhat.com/security/cve/CVE-2022-22594 https://access.redhat.com/security/cve/CVE-2022-22620 https://access.redhat.com/security/cve/CVE-2022-22637 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
For the oldstable distribution (buster), these problems have been fixed in version 2.34.4-1~deb10u1.
For the stable distribution (bullseye), these problems have been fixed in version 2.34.4-1~deb11u1.
We recommend that you upgrade your webkit2gtk packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-12-15-6 watchOS 8.3
watchOS 8.3 addresses the following issues. CVE-2021-30960: JunDong Xie of Ant Security Light-Year Lab
CFNetwork Proxies Available for: Apple Watch Series 3 and later Impact: User traffic might unexpectedly be leaked to a proxy server despite PAC configurations Description: A logic issue was addressed with improved state management. CVE-2021-30957: JunDong Xie of Ant Security Light-Year Lab
CoreAudio Available for: Apple Watch Series 3 and later Impact: Playing a malicious audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab
Crash Reporter Available for: Apple Watch Series 3 and later Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks. CVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin (@patch1t) of Trend Micro
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30916: Zweig of Kunlun Lab
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2021-30937: Sergei Glazunov of Google Project Zero
Kernel Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2021-30927: Xinru Chi of Pangu Lab CVE-2021-30980: Xinru Chi of Pangu Lab
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30949: Ian Beer of Google Project Zero
Kernel Available for: Apple Watch Series 3 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30993: OSS-Fuzz, Ned Williamson of Google Project Zero
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2021-30955: Zweig of Kunlun Lab
Preferences Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to elevate privileges Description: A race condition was addressed with improved state handling. CVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)
Sandbox Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass certain Privacy preferences Description: A validation issue related to hard link behavior was addressed with improved sandbox restrictions. CVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security
Sandbox Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass certain Privacy preferences Description: A logic issue was addressed with improved restrictions. CVE-2021-30946: @gorelics
Sandbox Available for: Apple Watch Series 3 and later Impact: An application may be able to access a user's files Description: An access issue was addressed with additional sandbox restrictions. CVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security
TCC Available for: Apple Watch Series 3 and later Impact: A local user may be able to modify protected parts of the file system Description: A logic issue was addressed with improved state management. CVE-2021-30767: @gorelics
TCC Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass Privacy preferences Description: An inherited permissions issue was addressed with additional restrictions. CVE-2021-30954: Kunlun Lab
Additional recognition
Bluetooth We would like to acknowledge Haram Park, Korea University for their assistance.
ColorSync We would like to acknowledge Mateusz Jurczyk of Google Project Zero for their assistance.
Contacts We would like to acknowledge Minchan Park (03stin) for their assistance.
Kernel We would like to acknowledge Amit Klein of Bar-Ilan University's Center for Research in Applied Cryptography and Cyber Security for their assistance.
WebKit We would like to acknowledge Peter Snyder of Brave and Soroush Karami for their assistance.
Installation note:
Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UnYACgkQeC9qKD1p rhj6SQ//YijQ31LlBeSJC1QfKKY86KApE/FiGxuNG04YGeLBujsOxrfRw/xmd9Xn wkBGmpHOrtguoNYjANNXwFBornC3wk7nse8kND8nEv7HYO8zxAa5lMDjGtuO1SY1 eG4mUeWVEAw6Avzt7Y/2sFi6nK5ft6PzWJaBKc6GU4pipGxptrdPLohow8KLu4Xh TL60gUilkVWlvgEbVrI3AYmxeKdkdrJdAU+caGTZUUzWHJfzIOLkb4o1143OQfqj t1vJrA6Hy43fQdU/ceJi1n/DR4N+Xg9kWyEXI6+06m0Ss41QcWfMwEks7dT/zIG+ wlLR+00WO7VdCwHt5x/bz09YzdGWgoOUz5xNicqI0idyHmELtxlnYhXez48+j2Xz xnzdfOoCp9E7bXBOQa2bKZqffNmYMGK1hR1tcgF+3gsmz9Zz+huAG2VBNjVByYaS rwfvG7WhhbNc9qzm3fykvgq8NF7Z1G7RKNKPPzhG7QIAC5s4S0wemw1voy53yvmj FPisKbj/AT2+qUoOuYODNTMOJje0OcfnjoKdWrN63xIOPWShSfIx4bhjIHy3ASwj zn94MyzNhrVGOwoRXC+uQu0f/cdSUGx8L7XdHLp0sjAPMsrqE3X+RuMOFYtds7aI 1TwxV/lhKMX5VzOcPeBASRRbXNWYs6mIXKAHBGTKcNkIR0djZOk=onN+ -----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202202-01
https://security.gentoo.org/
Severity: High Title: WebkitGTK+: Multiple vulnerabilities Date: February 01, 2022 Bugs: #779175, #801400, #813489, #819522, #820434, #829723, #831739 ID: 202202-01
Synopsis
Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in the arbitrary execution of code.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.34.4 >= 2.34.4
Description
Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.34.4"
References
[ 1 ] CVE-2021-30848 https://nvd.nist.gov/vuln/detail/CVE-2021-30848 [ 2 ] CVE-2021-30888 https://nvd.nist.gov/vuln/detail/CVE-2021-30888 [ 3 ] CVE-2021-30682 https://nvd.nist.gov/vuln/detail/CVE-2021-30682 [ 4 ] CVE-2021-30889 https://nvd.nist.gov/vuln/detail/CVE-2021-30889 [ 5 ] CVE-2021-30666 https://nvd.nist.gov/vuln/detail/CVE-2021-30666 [ 6 ] CVE-2021-30665 https://nvd.nist.gov/vuln/detail/CVE-2021-30665 [ 7 ] CVE-2021-30890 https://nvd.nist.gov/vuln/detail/CVE-2021-30890 [ 8 ] CVE-2021-30661 https://nvd.nist.gov/vuln/detail/CVE-2021-30661 [ 9 ] WSA-2021-0005 https://webkitgtk.org/security/WSA-2021-0005.html [ 10 ] CVE-2021-30761 https://nvd.nist.gov/vuln/detail/CVE-2021-30761 [ 11 ] CVE-2021-30897 https://nvd.nist.gov/vuln/detail/CVE-2021-30897 [ 12 ] CVE-2021-30823 https://nvd.nist.gov/vuln/detail/CVE-2021-30823 [ 13 ] CVE-2021-30734 https://nvd.nist.gov/vuln/detail/CVE-2021-30734 [ 14 ] CVE-2021-30934 https://nvd.nist.gov/vuln/detail/CVE-2021-30934 [ 15 ] CVE-2021-1871 https://nvd.nist.gov/vuln/detail/CVE-2021-1871 [ 16 ] CVE-2021-30762 https://nvd.nist.gov/vuln/detail/CVE-2021-30762 [ 17 ] WSA-2021-0006 https://webkitgtk.org/security/WSA-2021-0006.html [ 18 ] CVE-2021-30797 https://nvd.nist.gov/vuln/detail/CVE-2021-30797 [ 19 ] CVE-2021-30936 https://nvd.nist.gov/vuln/detail/CVE-2021-30936 [ 20 ] CVE-2021-30663 https://nvd.nist.gov/vuln/detail/CVE-2021-30663 [ 21 ] CVE-2021-1825 https://nvd.nist.gov/vuln/detail/CVE-2021-1825 [ 22 ] CVE-2021-30951 https://nvd.nist.gov/vuln/detail/CVE-2021-30951 [ 23 ] CVE-2021-30952 https://nvd.nist.gov/vuln/detail/CVE-2021-30952 [ 24 ] CVE-2021-1788 https://nvd.nist.gov/vuln/detail/CVE-2021-1788 [ 25 ] CVE-2021-1820 https://nvd.nist.gov/vuln/detail/CVE-2021-1820 [ 26 ] CVE-2021-30953 https://nvd.nist.gov/vuln/detail/CVE-2021-30953 [ 27 ] CVE-2021-30749 https://nvd.nist.gov/vuln/detail/CVE-2021-30749 [ 28 ] CVE-2021-30849 https://nvd.nist.gov/vuln/detail/CVE-2021-30849 [ 29 ] CVE-2021-1826 https://nvd.nist.gov/vuln/detail/CVE-2021-1826 [ 30 ] CVE-2021-30836 https://nvd.nist.gov/vuln/detail/CVE-2021-30836 [ 31 ] CVE-2021-30954 https://nvd.nist.gov/vuln/detail/CVE-2021-30954 [ 32 ] CVE-2021-30984 https://nvd.nist.gov/vuln/detail/CVE-2021-30984 [ 33 ] CVE-2021-30851 https://nvd.nist.gov/vuln/detail/CVE-2021-30851 [ 34 ] CVE-2021-30758 https://nvd.nist.gov/vuln/detail/CVE-2021-30758 [ 35 ] CVE-2021-42762 https://nvd.nist.gov/vuln/detail/CVE-2021-42762 [ 36 ] CVE-2021-1844 https://nvd.nist.gov/vuln/detail/CVE-2021-1844 [ 37 ] CVE-2021-30689 https://nvd.nist.gov/vuln/detail/CVE-2021-30689 [ 38 ] CVE-2021-45482 https://nvd.nist.gov/vuln/detail/CVE-2021-45482 [ 39 ] CVE-2021-30858 https://nvd.nist.gov/vuln/detail/CVE-2021-30858 [ 40 ] CVE-2021-21779 https://nvd.nist.gov/vuln/detail/CVE-2021-21779 [ 41 ] WSA-2021-0004 https://webkitgtk.org/security/WSA-2021-0004.html [ 42 ] CVE-2021-30846 https://nvd.nist.gov/vuln/detail/CVE-2021-30846 [ 43 ] CVE-2021-30744 https://nvd.nist.gov/vuln/detail/CVE-2021-30744 [ 44 ] CVE-2021-30809 https://nvd.nist.gov/vuln/detail/CVE-2021-30809 [ 45 ] CVE-2021-30884 https://nvd.nist.gov/vuln/detail/CVE-2021-30884 [ 46 ] CVE-2021-30720 https://nvd.nist.gov/vuln/detail/CVE-2021-30720 [ 47 ] CVE-2021-30799 https://nvd.nist.gov/vuln/detail/CVE-2021-30799 [ 48 ] CVE-2021-30795 https://nvd.nist.gov/vuln/detail/CVE-2021-30795 [ 49 ] CVE-2021-1817 https://nvd.nist.gov/vuln/detail/CVE-2021-1817 [ 50 ] CVE-2021-21775 https://nvd.nist.gov/vuln/detail/CVE-2021-21775 [ 51 ] CVE-2021-30887 https://nvd.nist.gov/vuln/detail/CVE-2021-30887 [ 52 ] CVE-2021-21806 https://nvd.nist.gov/vuln/detail/CVE-2021-21806 [ 53 ] CVE-2021-30818 https://nvd.nist.gov/vuln/detail/CVE-2021-30818
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202202-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.2"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"_id": null,
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "8.3"
},
{
"_id": null,
"model": "wpe webkit",
"scope": "lt",
"trust": 1.0,
"vendor": "wpewebkit",
"version": "2.34.4"
},
{
"_id": null,
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.1"
},
{
"_id": null,
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.2"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"_id": null,
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"_id": null,
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.2"
},
{
"_id": null,
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.2"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"_id": null,
"model": "webkitgtk",
"scope": "lt",
"trust": 1.0,
"vendor": "webkitgtk",
"version": "2.34.4"
},
{
"_id": null,
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"_id": null,
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"_id": null,
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"_id": null,
"model": "safari",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"_id": null,
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"_id": null,
"model": "watchos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "8.3"
},
{
"_id": null,
"model": "ipados",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"_id": null,
"model": "tvos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021204"
},
{
"db": "NVD",
"id": "CVE-2021-30952"
}
]
},
"credits": {
"_id": null,
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
}
],
"trust": 0.3
},
"cve": "CVE-2021-30952",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-30952",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-390685",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-30952",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-30952",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-30952",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-30952",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2021-30952",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-30952",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-2056",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-390685",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-30952",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390685"
},
{
"db": "VULMON",
"id": "CVE-2021-30952"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2056"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021204"
},
{
"db": "NVD",
"id": "CVE-2021-30952"
},
{
"db": "NVD",
"id": "CVE-2021-30952"
}
]
},
"description": {
"_id": null,
"data": "An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. apple\u0027s Safari Integer overflow vulnerabilities exist in products from multiple vendors.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. (CVE-2020-22592)\nA use after free issue was addressed with improved memory management. (CVE-2020-27918)\n\"Clear History and Website Data\" did not clear the history. A user may be unable to fully delete browsing history. (CVE-2020-29623)\nThis issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. (CVE-2021-1765)\nA use after free issue was addressed with improved memory management. (CVE-2021-1789)\nA port redirection issue was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. A malicious website may be able to access restricted ports on arbitrary servers. The highest threat from this vulnerability is to data integrity. (CVE-2021-1799)\nThis issue was addressed with improved iframe sandbox enforcement. (CVE-2021-1801)\nA memory corruption issue was addressed with improved state management. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-1870)\nA use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. (CVE-2021-21775)\nA use-after-free vulnerability exists in the way Webkit\u0027s GraphicsContext handles certain events in WebKitGTK 2.30.4. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. (CVE-2021-21779)\nAn exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. The victim needs to visit a malicious web site to trigger the vulnerability. (CVE-2021-21806)\nA use after free issue was addressed with improved memory management. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30663)\nA memory corruption issue was addressed with improved state management. Apple is aware of a report that this issue may have been actively exploited.. Apple is aware of a report that this issue may have been actively exploited.. A malicious application may be able to leak sensitive user information. A malicious website may be able to access restricted ports on arbitrary servers. (CVE-2021-30720)\nMultiple memory corruption issues were addressed with improved memory handling. (CVE-2021-30734)\nDescription: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. (CVE-2021-30744)\nMultiple memory corruption issues were addressed with improved memory handling. (CVE-2021-30758)\nA memory corruption issue was addressed with improved state management. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30761)\nA use after free issue was addressed with improved memory management. Apple is aware of a report that this issue may have been actively exploited.. (CVE-2021-30762)\nA use after free issue was addressed with improved memory management. (CVE-2021-30797)\nMultiple memory corruption issues were addressed with improved memory handling. (CVE-2021-30799)\nA use-after-free flaw was found in WebKitGTK. (CVE-2021-30809)\nA confusion type flaw was found in WebKitGTK. (CVE-2021-30818)\nAn out-of-bounds read flaw was found in WebKitGTK. A specially crafted audio file could use this flaw to trigger a disclosure of memory when processed. (CVE-2021-30836)\nA memory corruption issue was addressed with improved memory handling. (CVE-2021-30846)\nA memory corruption issue was addressed with improved memory handling. (CVE-2021-30848)\nMultiple memory corruption issues were addressed with improved memory handling. (CVE-2021-30887)\nAn information leak flaw was found in WebKitGTK. A malicious web site using Content Security Policy reports could use this flaw to leak information via redirects. (CVE-2021-30888)\nA buffer overflow flaw was found in WebKitGTK. (CVE-2021-30934)\nA use after free issue was addressed with improved memory management. (CVE-2021-30936)\nA use after free issue was addressed with improved memory management. (CVE-2021-30984)\n** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. (CVE-2021-32912)\nBubblewrapLauncher.cpp in WebKitGTK and WPE WebKit prior to 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. (CVE-2021-42762)\nA segmentation violation vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45481)\nA use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45482)\nA use-after-free vulnerability was found in webkitgtk. An attacker with network access could pass specially crafted HTML files causing an application to halt or crash. (CVE-2021-45483)\nA use after free issue was addressed with improved memory management. (CVE-2022-22592)\nA cookie management issue was addressed with improved state management. (CVE-2022-22662)\nA logic issue in the handling of concurrent media was addressed with improved state handling. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. (CVE-2022-22677)\nA memory corruption issue was addressed with improved state management. (CVE-2022-26700)\nA use after free issue was addressed with improved memory management. (CVE-2022-26709)\nA use after free issue was addressed with improved memory management. (CVE-2022-26710)\nA memory corruption issue was addressed with improved state management. (CVE-2022-26716)\nA use after free issue was addressed with improved memory management. (CVE-2022-26717)\nA memory corruption issue was addressed with improved state management. (CVE-2022-26719)\nIn WebKitGTK up to and including 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. (CVE-2022-32792)\nMultiple out-of-bounds write issues were addressed with improved bounds checking. An app may be able to disclose kernel memory. (CVE-2022-32793)\nThe issue was addressed with improved UI handling. Visiting a website that frames malicious content may lead to UI spoofing. (CVE-2022-32885)\nAn out-of-bounds write issue was addressed with improved bounds checking. (CVE-2022-32923)\nThe issue was addressed with improved UI handling. Visiting a malicious website may lead to user interface spoofing. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.. (CVE-2022-42856)\nA memory corruption issue was addressed with improved state management. (CVE-2022-42863)\nA use after free issue was addressed with improved memory management. (CVE-2022-42867)\nA memory consumption issue was addressed with improved memory handling. (CVE-2022-46698)\nA memory corruption issue was addressed with improved state management. (CVE-2022-46700)\nA flaw was found in the WebKitGTK package. This may, in theory, allow a remote malicious user to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system. (CVE-2023-23529)\nA use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25358)\nA use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25360)\nA use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25361)\nA use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25362)\nA use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK prior to 2.36.8 allows malicious users to execute code remotely. (CVE-2023-25363)\nThe vulnerability allows a remote malicious user to bypass Same Origin Policy restrictions. (CVE-2023-27932)\nThe vulnerability exists due to excessive data output by the application. A remote attacker can track sensitive user information. (CVE-2023-27954)\nAn out-of-bounds read issue in WebKit that could be abused to disclose sensitive information when processing web content. (CVE-2023-28204)\nA use after free issue was addressed with improved memory management. Apple is aware of a report that this issue may have been actively exploited. (CVE-2023-32373)\nN/A (CVE-2023-32409). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: webkit2gtk3 security, bug fix, and enhancement update\nAdvisory ID: RHSA-2022:1777-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:1777\nIssue date: 2022-05-10\nCVE Names: CVE-2021-30809 CVE-2021-30818 CVE-2021-30823 \n CVE-2021-30836 CVE-2021-30846 CVE-2021-30848 \n CVE-2021-30849 CVE-2021-30851 CVE-2021-30884 \n CVE-2021-30887 CVE-2021-30888 CVE-2021-30889 \n CVE-2021-30890 CVE-2021-30897 CVE-2021-30934 \n CVE-2021-30936 CVE-2021-30951 CVE-2021-30952 \n CVE-2021-30953 CVE-2021-30954 CVE-2021-30984 \n CVE-2021-45481 CVE-2021-45482 CVE-2021-45483 \n CVE-2022-22589 CVE-2022-22590 CVE-2022-22592 \n CVE-2022-22594 CVE-2022-22620 CVE-2022-22637 \n=====================================================================\n\n1. Summary:\n\nAn update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nWebKitGTK is the port of the portable web rendering engine WebKit to the\nGTK platform. \n\nThe following packages have been upgraded to a later upstream version:\nwebkit2gtk3 (2.34.6). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.6 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nwebkit2gtk3-2.34.6-1.el8.src.rpm\n\naarch64:\nwebkit2gtk3-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.aarch64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.aarch64.rpm\n\nppc64le:\nwebkit2gtk3-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.ppc64le.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm\n\ns390x:\nwebkit2gtk3-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.s390x.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.s390x.rpm\n\nx86_64:\nwebkit2gtk3-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-debuginfo-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-debugsource-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-devel-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-devel-debuginfo-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-debuginfo-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-devel-2.34.6-1.el8.x86_64.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.i686.rpm\nwebkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-30809\nhttps://access.redhat.com/security/cve/CVE-2021-30818\nhttps://access.redhat.com/security/cve/CVE-2021-30823\nhttps://access.redhat.com/security/cve/CVE-2021-30836\nhttps://access.redhat.com/security/cve/CVE-2021-30846\nhttps://access.redhat.com/security/cve/CVE-2021-30848\nhttps://access.redhat.com/security/cve/CVE-2021-30849\nhttps://access.redhat.com/security/cve/CVE-2021-30851\nhttps://access.redhat.com/security/cve/CVE-2021-30884\nhttps://access.redhat.com/security/cve/CVE-2021-30887\nhttps://access.redhat.com/security/cve/CVE-2021-30888\nhttps://access.redhat.com/security/cve/CVE-2021-30889\nhttps://access.redhat.com/security/cve/CVE-2021-30890\nhttps://access.redhat.com/security/cve/CVE-2021-30897\nhttps://access.redhat.com/security/cve/CVE-2021-30934\nhttps://access.redhat.com/security/cve/CVE-2021-30936\nhttps://access.redhat.com/security/cve/CVE-2021-30951\nhttps://access.redhat.com/security/cve/CVE-2021-30952\nhttps://access.redhat.com/security/cve/CVE-2021-30953\nhttps://access.redhat.com/security/cve/CVE-2021-30954\nhttps://access.redhat.com/security/cve/CVE-2021-30984\nhttps://access.redhat.com/security/cve/CVE-2021-45481\nhttps://access.redhat.com/security/cve/CVE-2021-45482\nhttps://access.redhat.com/security/cve/CVE-2021-45483\nhttps://access.redhat.com/security/cve/CVE-2022-22589\nhttps://access.redhat.com/security/cve/CVE-2022-22590\nhttps://access.redhat.com/security/cve/CVE-2022-22592\nhttps://access.redhat.com/security/cve/CVE-2022-22594\nhttps://access.redhat.com/security/cve/CVE-2022-22620\nhttps://access.redhat.com/security/cve/CVE-2022-22637\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.34.4-1~deb10u1. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.34.4-1~deb11u1. \n\nWe recommend that you upgrade your webkit2gtk packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-12-15-6 watchOS 8.3\n\nwatchOS 8.3 addresses the following issues. \nCVE-2021-30960: JunDong Xie of Ant Security Light-Year Lab\n\nCFNetwork Proxies\nAvailable for: Apple Watch Series 3 and later\nImpact: User traffic might unexpectedly be leaked to a proxy server\ndespite PAC configurations\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30957: JunDong Xie of Ant Security Light-Year Lab\n\nCoreAudio\nAvailable for: Apple Watch Series 3 and later\nImpact: Playing a malicious audio file may lead to arbitrary code\nexecution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab\n\nCrash Reporter\nAvailable for: Apple Watch Series 3 and later\nImpact: A local attacker may be able to elevate their privileges\nDescription: This issue was addressed with improved checks. \nCVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year\nLab, Mickey Jin (@patch1t) of Trend Micro\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30916: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption vulnerability was addressed with\nimproved locking. \nCVE-2021-30937: Sergei Glazunov of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30927: Xinru Chi of Pangu Lab\nCVE-2021-30980: Xinru Chi of Pangu Lab\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30949: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: An attacker in a privileged network position may be able to\nexecute arbitrary code\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2021-30993: OSS-Fuzz, Ned Williamson of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2021-30955: Zweig of Kunlun Lab\n\nPreferences\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to elevate privileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin\n(@patch1t)\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: A validation issue related to hard link behavior was\naddressed with improved sandbox restrictions. \nCVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-30946: @gorelics\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: An application may be able to access a user\u0027s files\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security\n\nTCC\nAvailable for: Apple Watch Series 3 and later\nImpact: A local user may be able to modify protected parts of the\nfile system\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30767: @gorelics\n\nTCC\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: An inherited permissions issue was addressed with\nadditional restrictions. \nCVE-2021-30954: Kunlun Lab\n\nAdditional recognition\n\nBluetooth\nWe would like to acknowledge Haram Park, Korea University for their\nassistance. \n\nColorSync\nWe would like to acknowledge Mateusz Jurczyk of Google Project Zero\nfor their assistance. \n\nContacts\nWe would like to acknowledge Minchan Park (03stin) for their\nassistance. \n\nKernel\nWe would like to acknowledge Amit Klein of Bar-Ilan University\u0027s\nCenter for Research in Applied Cryptography and Cyber Security for\ntheir assistance. \n\nWebKit\nWe would like to acknowledge Peter Snyder of Brave and Soroush Karami\nfor their assistance. \n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/kb/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\". \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UnYACgkQeC9qKD1p\nrhj6SQ//YijQ31LlBeSJC1QfKKY86KApE/FiGxuNG04YGeLBujsOxrfRw/xmd9Xn\nwkBGmpHOrtguoNYjANNXwFBornC3wk7nse8kND8nEv7HYO8zxAa5lMDjGtuO1SY1\neG4mUeWVEAw6Avzt7Y/2sFi6nK5ft6PzWJaBKc6GU4pipGxptrdPLohow8KLu4Xh\nTL60gUilkVWlvgEbVrI3AYmxeKdkdrJdAU+caGTZUUzWHJfzIOLkb4o1143OQfqj\nt1vJrA6Hy43fQdU/ceJi1n/DR4N+Xg9kWyEXI6+06m0Ss41QcWfMwEks7dT/zIG+\nwlLR+00WO7VdCwHt5x/bz09YzdGWgoOUz5xNicqI0idyHmELtxlnYhXez48+j2Xz\nxnzdfOoCp9E7bXBOQa2bKZqffNmYMGK1hR1tcgF+3gsmz9Zz+huAG2VBNjVByYaS\nrwfvG7WhhbNc9qzm3fykvgq8NF7Z1G7RKNKPPzhG7QIAC5s4S0wemw1voy53yvmj\nFPisKbj/AT2+qUoOuYODNTMOJje0OcfnjoKdWrN63xIOPWShSfIx4bhjIHy3ASwj\nzn94MyzNhrVGOwoRXC+uQu0f/cdSUGx8L7XdHLp0sjAPMsrqE3X+RuMOFYtds7aI\n1TwxV/lhKMX5VzOcPeBASRRbXNWYs6mIXKAHBGTKcNkIR0djZOk=onN+\n-----END PGP SIGNATURE-----\n\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202202-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: WebkitGTK+: Multiple vulnerabilities\n Date: February 01, 2022\n Bugs: #779175, #801400, #813489, #819522, #820434, #829723,\n #831739\n ID: 202202-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in WebkitGTK+, the worst of\nwhich could result in the arbitrary execution of code. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-libs/webkit-gtk \u003c 2.34.4 \u003e= 2.34.4\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in WebkitGTK+. Please\nreview the CVE identifiers referenced below for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll WebkitGTK+ users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/webkit-gtk-2.34.4\"\n\nReferences\n=========\n[ 1 ] CVE-2021-30848\n https://nvd.nist.gov/vuln/detail/CVE-2021-30848\n[ 2 ] CVE-2021-30888\n https://nvd.nist.gov/vuln/detail/CVE-2021-30888\n[ 3 ] CVE-2021-30682\n https://nvd.nist.gov/vuln/detail/CVE-2021-30682\n[ 4 ] CVE-2021-30889\n https://nvd.nist.gov/vuln/detail/CVE-2021-30889\n[ 5 ] CVE-2021-30666\n https://nvd.nist.gov/vuln/detail/CVE-2021-30666\n[ 6 ] CVE-2021-30665\n https://nvd.nist.gov/vuln/detail/CVE-2021-30665\n[ 7 ] CVE-2021-30890\n https://nvd.nist.gov/vuln/detail/CVE-2021-30890\n[ 8 ] CVE-2021-30661\n https://nvd.nist.gov/vuln/detail/CVE-2021-30661\n[ 9 ] WSA-2021-0005\n https://webkitgtk.org/security/WSA-2021-0005.html\n[ 10 ] CVE-2021-30761\n https://nvd.nist.gov/vuln/detail/CVE-2021-30761\n[ 11 ] CVE-2021-30897\n https://nvd.nist.gov/vuln/detail/CVE-2021-30897\n[ 12 ] CVE-2021-30823\n https://nvd.nist.gov/vuln/detail/CVE-2021-30823\n[ 13 ] CVE-2021-30734\n https://nvd.nist.gov/vuln/detail/CVE-2021-30734\n[ 14 ] CVE-2021-30934\n https://nvd.nist.gov/vuln/detail/CVE-2021-30934\n[ 15 ] CVE-2021-1871\n https://nvd.nist.gov/vuln/detail/CVE-2021-1871\n[ 16 ] CVE-2021-30762\n https://nvd.nist.gov/vuln/detail/CVE-2021-30762\n[ 17 ] WSA-2021-0006\n https://webkitgtk.org/security/WSA-2021-0006.html\n[ 18 ] CVE-2021-30797\n https://nvd.nist.gov/vuln/detail/CVE-2021-30797\n[ 19 ] CVE-2021-30936\n https://nvd.nist.gov/vuln/detail/CVE-2021-30936\n[ 20 ] CVE-2021-30663\n https://nvd.nist.gov/vuln/detail/CVE-2021-30663\n[ 21 ] CVE-2021-1825\n https://nvd.nist.gov/vuln/detail/CVE-2021-1825\n[ 22 ] CVE-2021-30951\n https://nvd.nist.gov/vuln/detail/CVE-2021-30951\n[ 23 ] CVE-2021-30952\n https://nvd.nist.gov/vuln/detail/CVE-2021-30952\n[ 24 ] CVE-2021-1788\n https://nvd.nist.gov/vuln/detail/CVE-2021-1788\n[ 25 ] CVE-2021-1820\n https://nvd.nist.gov/vuln/detail/CVE-2021-1820\n[ 26 ] CVE-2021-30953\n https://nvd.nist.gov/vuln/detail/CVE-2021-30953\n[ 27 ] CVE-2021-30749\n https://nvd.nist.gov/vuln/detail/CVE-2021-30749\n[ 28 ] CVE-2021-30849\n https://nvd.nist.gov/vuln/detail/CVE-2021-30849\n[ 29 ] CVE-2021-1826\n https://nvd.nist.gov/vuln/detail/CVE-2021-1826\n[ 30 ] CVE-2021-30836\n https://nvd.nist.gov/vuln/detail/CVE-2021-30836\n[ 31 ] CVE-2021-30954\n https://nvd.nist.gov/vuln/detail/CVE-2021-30954\n[ 32 ] CVE-2021-30984\n https://nvd.nist.gov/vuln/detail/CVE-2021-30984\n[ 33 ] CVE-2021-30851\n https://nvd.nist.gov/vuln/detail/CVE-2021-30851\n[ 34 ] CVE-2021-30758\n https://nvd.nist.gov/vuln/detail/CVE-2021-30758\n[ 35 ] CVE-2021-42762\n https://nvd.nist.gov/vuln/detail/CVE-2021-42762\n[ 36 ] CVE-2021-1844\n https://nvd.nist.gov/vuln/detail/CVE-2021-1844\n[ 37 ] CVE-2021-30689\n https://nvd.nist.gov/vuln/detail/CVE-2021-30689\n[ 38 ] CVE-2021-45482\n https://nvd.nist.gov/vuln/detail/CVE-2021-45482\n[ 39 ] CVE-2021-30858\n https://nvd.nist.gov/vuln/detail/CVE-2021-30858\n[ 40 ] CVE-2021-21779\n https://nvd.nist.gov/vuln/detail/CVE-2021-21779\n[ 41 ] WSA-2021-0004\n https://webkitgtk.org/security/WSA-2021-0004.html\n[ 42 ] CVE-2021-30846\n https://nvd.nist.gov/vuln/detail/CVE-2021-30846\n[ 43 ] CVE-2021-30744\n https://nvd.nist.gov/vuln/detail/CVE-2021-30744\n[ 44 ] CVE-2021-30809\n https://nvd.nist.gov/vuln/detail/CVE-2021-30809\n[ 45 ] CVE-2021-30884\n https://nvd.nist.gov/vuln/detail/CVE-2021-30884\n[ 46 ] CVE-2021-30720\n https://nvd.nist.gov/vuln/detail/CVE-2021-30720\n[ 47 ] CVE-2021-30799\n https://nvd.nist.gov/vuln/detail/CVE-2021-30799\n[ 48 ] CVE-2021-30795\n https://nvd.nist.gov/vuln/detail/CVE-2021-30795\n[ 49 ] CVE-2021-1817\n https://nvd.nist.gov/vuln/detail/CVE-2021-1817\n[ 50 ] CVE-2021-21775\n https://nvd.nist.gov/vuln/detail/CVE-2021-21775\n[ 51 ] CVE-2021-30887\n https://nvd.nist.gov/vuln/detail/CVE-2021-30887\n[ 52 ] CVE-2021-21806\n https://nvd.nist.gov/vuln/detail/CVE-2021-21806\n[ 53 ] CVE-2021-30818\n https://nvd.nist.gov/vuln/detail/CVE-2021-30818\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202202-01\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-30952"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021204"
},
{
"db": "VULHUB",
"id": "VHN-390685"
},
{
"db": "VULMON",
"id": "CVE-2021-30952"
},
{
"db": "PACKETSTORM",
"id": "167037"
},
{
"db": "PACKETSTORM",
"id": "169186"
},
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
},
{
"db": "PACKETSTORM",
"id": "169195"
},
{
"db": "PACKETSTORM",
"id": "165794"
}
],
"trust": 2.43
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2021-30952",
"trust": 4.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/01/21/2",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "167037",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "165360",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021204",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2022012631",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021121510",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021121434",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051140",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012301",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0371",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0899",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4260",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0405",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2056",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "165359",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "165358",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-390685",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-30952",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169186",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169195",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165794",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390685"
},
{
"db": "VULMON",
"id": "CVE-2021-30952"
},
{
"db": "PACKETSTORM",
"id": "167037"
},
{
"db": "PACKETSTORM",
"id": "169186"
},
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
},
{
"db": "PACKETSTORM",
"id": "169195"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2056"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021204"
},
{
"db": "NVD",
"id": "CVE-2021-30952"
}
]
},
"id": "VAR-202108-1267",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-390685"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-07T20:56:10.748000Z",
"patch": {
"_id": null,
"data": [
{
"title": "HT212980 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://www.debian.org/security/2022/dsa-5060"
},
{
"title": "Apple iOS and iPadOS Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174544"
},
{
"title": "Red Hat: CVE-2021-30952",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-30952"
},
{
"title": "Debian Security Advisories: DSA-5060-1 webkit2gtk -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=743b4956bba0b69beefec691bcb80a4f"
},
{
"title": "Debian Security Advisories: DSA-5061-1 wpewebkit -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=de655d6c12336519b9a7054c0eb4670d"
},
{
"title": "Amazon Linux 2: ALAS2-2023-2088",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2023-2088"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-30952"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2056"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021204"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-190",
"trust": 1.1
},
{
"problemtype": "Integer overflow or wraparound (CWE-190) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390685"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021204"
},
{
"db": "NVD",
"id": "CVE-2021-30952"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.6,
"url": "http://www.openwall.com/lists/oss-security/2022/01/21/2"
},
{
"trust": 2.4,
"url": "https://support.apple.com/en-us/ht212976"
},
{
"trust": 2.4,
"url": "https://support.apple.com/en-us/ht212982"
},
{
"trust": 1.9,
"url": "https://www.debian.org/security/2022/dsa-5060"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2022/dsa-5061"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212975"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212978"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212980"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30952"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7eqvz3cemtinlbz7pbc7wrxvevcrhnsm/"
},
{
"trust": 1.0,
"url": "https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hqkwd4bxrdd2ygr5avu7h5j5piqieu6v/"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2021-30952"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7eqvz3cemtinlbz7pbc7wrxvevcrhnsm/"
},
{
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hqkwd4bxrdd2ygr5avu7h5j5piqieu6v/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-30952"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30984"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30953"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30936"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30954"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30934"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30951"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0371"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-37064"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167037/red-hat-security-advisory-2022-1777-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021121510"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/webkitgtk-multiple-vulnerabilities-37345"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051140"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4260"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0405"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021121434"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0899"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165360/apple-security-advisory-2021-12-15-7.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012301"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012631"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.3,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30888"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30848"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30884"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45482"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30809"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30846"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30849"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30897"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30836"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30887"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30823"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30889"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30818"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30851"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30890"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.2,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30966"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30926"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30957"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30958"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30960"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30916"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30945"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30939"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30955"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30937"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30980"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30949"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30947"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30942"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/190.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://alas.aws.amazon.com/al2/alas-2023-2088.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22592"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22637"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30809"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30846"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22589"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30890"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1777"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30888"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22620"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30887"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45483"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22590"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30897"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30936"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30851"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30848"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45483"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30849"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30836"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45481"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30818"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30889"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-45482"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30951"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22589"
},
{
"trust": 0.1,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30953"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30984"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30954"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45481"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22590"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30884"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/webkit2gtk"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30993"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30995"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212980."
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212975."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30767"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30964"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212982."
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/wpewebkit"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1844"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30744"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1820"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30762"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0005.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30858"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30682"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30663"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42762"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30758"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30799"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21779"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/202202-01"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1871"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30665"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30795"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1825"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30661"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30666"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30734"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21775"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1826"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30749"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30689"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0004.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30761"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1788"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://webkitgtk.org/security/wsa-2021-0006.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21806"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390685"
},
{
"db": "VULMON",
"id": "CVE-2021-30952"
},
{
"db": "PACKETSTORM",
"id": "167037"
},
{
"db": "PACKETSTORM",
"id": "169186"
},
{
"db": "PACKETSTORM",
"id": "165358"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "PACKETSTORM",
"id": "165360"
},
{
"db": "PACKETSTORM",
"id": "169195"
},
{
"db": "PACKETSTORM",
"id": "165794"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2056"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021204"
},
{
"db": "NVD",
"id": "CVE-2021-30952"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-390685",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2021-30952",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "167037",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "169186",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165358",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165359",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165360",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "169195",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "165794",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2056",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021204",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2021-30952",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-390685",
"ident": null
},
{
"date": "2021-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2021-30952",
"ident": null
},
{
"date": "2022-05-11T15:50:41",
"db": "PACKETSTORM",
"id": "167037",
"ident": null
},
{
"date": "2022-01-28T20:12:00",
"db": "PACKETSTORM",
"id": "169186",
"ident": null
},
{
"date": "2021-12-17T19:19:55",
"db": "PACKETSTORM",
"id": "165358",
"ident": null
},
{
"date": "2021-12-17T19:20:06",
"db": "PACKETSTORM",
"id": "165359",
"ident": null
},
{
"date": "2021-12-17T19:23:27",
"db": "PACKETSTORM",
"id": "165360",
"ident": null
},
{
"date": "2022-01-28T20:12:00",
"db": "PACKETSTORM",
"id": "169195",
"ident": null
},
{
"date": "2022-02-01T17:03:05",
"db": "PACKETSTORM",
"id": "165794",
"ident": null
},
{
"date": "2021-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-2056",
"ident": null
},
{
"date": "2024-07-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-021204",
"ident": null
},
{
"date": "2021-08-24T19:15:21.777000",
"db": "NVD",
"id": "CVE-2021-30952",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-02-25T00:00:00",
"db": "VULHUB",
"id": "VHN-390685",
"ident": null
},
{
"date": "2022-02-25T00:00:00",
"db": "VULMON",
"id": "CVE-2021-30952",
"ident": null
},
{
"date": "2022-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-2056",
"ident": null
},
{
"date": "2024-07-18T07:57:00",
"db": "JVNDB",
"id": "JVNDB-2021-021204",
"ident": null
},
{
"date": "2026-03-06T13:44:17.940000",
"db": "NVD",
"id": "CVE-2021-30952",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-2056"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "apple\u0027s \u00a0Safari\u00a0 Integer overflow vulnerability in products from multiple vendors",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021204"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-2056"
}
],
"trust": 0.6
}
}
CVE-2025-43343 (GCVE-0-2025-43343)
Vulnerability from nvd – Published: 2025-09-15 22:35 – Updated: 2026-04-02 18:21- Processing maliciously crafted web content may lead to an unexpected process crash
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43343",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-16T13:36:38.705148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T17:24:21.978Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-12-17T14:48:14.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/Sep/57"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Sep/53"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Sep/59"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Sep/49"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/10/13/4"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:19946"
},
{
"url": "https://ubuntu.com/security/CVE-2025-43343"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2025-43343"
},
{
"url": "https://webkitgtk.org/security/WSA-2025-0007.html"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to an unexpected process crash",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:21:37.147Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125108"
},
{
"url": "https://support.apple.com/en-us/125110"
},
{
"url": "https://support.apple.com/en-us/125113"
},
{
"url": "https://support.apple.com/en-us/125114"
},
{
"url": "https://support.apple.com/en-us/125115"
},
{
"url": "https://support.apple.com/en-us/125116"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43343",
"datePublished": "2025-09-15T22:35:30.400Z",
"dateReserved": "2025-04-16T15:24:37.110Z",
"dateUpdated": "2026-04-02T18:21:37.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43342 (GCVE-0-2025-43342)
Vulnerability from nvd – Published: 2025-09-15 22:35 – Updated: 2026-04-02 18:18- Processing maliciously crafted web content may lead to an unexpected process crash
- CWE-20 - Improper Input Validation
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | Safari |
Affected:
0 , < 26
(custom)
|
|
| Apple | iOS and iPadOS |
Affected:
0 , < 18.7
(custom)
Affected: 0 , < 26 (custom) |
|
| Apple | macOS |
Affected:
0 , < 26
(custom)
|
|
| Apple | tvOS |
Affected:
0 , < 26
(custom)
|
|
| Apple | visionOS |
Affected:
0 , < 26
(custom)
|
|
| Apple | watchOS |
Affected:
0 , < 26
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-16T13:38:38.852885Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T17:25:29.262Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:10:40.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/Sep/57"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Sep/53"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Sep/59"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Sep/49"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/09/22/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A correctness issue was addressed with improved checks. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to an unexpected process crash",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:18:35.046Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125108"
},
{
"url": "https://support.apple.com/en-us/125109"
},
{
"url": "https://support.apple.com/en-us/125110"
},
{
"url": "https://support.apple.com/en-us/125113"
},
{
"url": "https://support.apple.com/en-us/125114"
},
{
"url": "https://support.apple.com/en-us/125115"
},
{
"url": "https://support.apple.com/en-us/125116"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43342",
"datePublished": "2025-09-15T22:35:12.163Z",
"dateReserved": "2025-04-16T15:24:37.110Z",
"dateUpdated": "2026-04-02T18:18:35.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-31277 (GCVE-0-2025-31277)
Vulnerability from nvd – Published: 2025-07-29 23:29 – Updated: 2026-07-15 01:26| Vendor | Product | Version | |
|---|---|---|---|
| Apple | Safari |
Affected:
0 , < 18.6
(custom)
|
|
| Apple | iOS and iPadOS |
Affected:
0 , < 18.6
(custom)
|
|
| Apple | macOS |
Affected:
0 , < 15.6
(custom)
|
|
| Apple | tvOS |
Affected:
0 , < 18.6
(custom)
|
|
| Apple | visionOS |
Affected:
0 , < 2.6
(custom)
|
|
| Apple | watchOS |
Affected:
0 , < 11.6
(custom)
|
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:2.50.0-1.el7_9 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:2.50.0-1.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
0:2.50.0-1.el8_2 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.2 |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:2.50.0-1.el8_4 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4 |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On |
Unaffected:
0:2.50.0-1.el8_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.4 |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:2.50.0-1.el8_6 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6 |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:2.50.0-1.el8_6 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6 |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:2.50.0-1.el8_6 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.6 |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:2.50.0-1.el8_8.1 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.8 |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:2.50.0-1.el8_8.1 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:2.50.1-0.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:2.50.0-2.el9_0 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0 |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:2.50.0-2.el9_2 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2 |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:2.50.0-2.el9_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-31277",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-31T03:56:01.249253Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"id": "CVE-2025-31277",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-21T04:00:59.438579Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-03-20",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31277"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T13:14:07.203Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain/"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31277"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:52:50.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/Aug/0"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Jul/36"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Jul/32"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Jul/30"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "webkitgtk4",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.50.0-1.el7_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "webkit2gtk3",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.50.0-1.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2"
],
"defaultStatus": "affected",
"packageName": "webkit2gtk3",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.50.0-1.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4"
],
"defaultStatus": "affected",
"packageName": "webkit2gtk3",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.50.0-1.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4"
],
"defaultStatus": "affected",
"packageName": "webkit2gtk3",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.50.0-1.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6"
],
"defaultStatus": "affected",
"packageName": "webkit2gtk3",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.50.0-1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6"
],
"defaultStatus": "affected",
"packageName": "webkit2gtk3",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.50.0-1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6"
],
"defaultStatus": "affected",
"packageName": "webkit2gtk3",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.50.0-1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8"
],
"defaultStatus": "affected",
"packageName": "webkit2gtk3",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.50.0-1.el8_8.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8"
],
"defaultStatus": "affected",
"packageName": "webkit2gtk3",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.50.0-1.el8_8.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "webkit2gtk3",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.50.1-0.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0"
],
"defaultStatus": "affected",
"packageName": "webkit2gtk3",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.50.0-2.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2"
],
"defaultStatus": "affected",
"packageName": "webkit2gtk3",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.50.0-2.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4"
],
"defaultStatus": "affected",
"packageName": "webkit2gtk3",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.50.0-2.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "webkitgtk",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "webkitgtk3",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
}
],
"datePublic": "2026-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in WebKitGTK. Processing malicious web content can cause memory corruption due to improper memory handling."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T01:26:42.323Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-31277"
},
{
"name": "RHBZ#2448780",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448780"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31277.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19352"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:17802"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19157"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19165"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19109"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:17807"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:17643"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:17743"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:17741"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:18097"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2025:19352: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)"
},
{
"lang": "en",
"value": "RHSA-2025:17802: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2025:19157: Red Hat Enterprise Linux AppStream AUS (v. 8.2)"
},
{
"lang": "en",
"value": "RHSA-2025:19165: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
},
{
"lang": "en",
"value": "RHSA-2025:19109: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
},
{
"lang": "en",
"value": "RHSA-2025:17807: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
},
{
"lang": "en",
"value": "RHSA-2025:17643: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
},
{
"lang": "en",
"value": "RHSA-2025:17743: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2025:17741: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2025:18097: Red Hat Enterprise Linux AppStream (v. 9)"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-18T20:06:11.785Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-03-18T00:00:00.000Z",
"value": "Made public."
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to memory corruption",
"workarounds": [
{
"lang": "en",
"value": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "2.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to memory corruption",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:27:12.615Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/124147"
},
{
"url": "https://support.apple.com/en-us/124149"
},
{
"url": "https://support.apple.com/en-us/124152"
},
{
"url": "https://support.apple.com/en-us/124153"
},
{
"url": "https://support.apple.com/en-us/124154"
},
{
"url": "https://support.apple.com/en-us/124155"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-31277",
"datePublished": "2025-07-29T23:29:31.341Z",
"dateReserved": "2025-03-27T16:13:58.344Z",
"dateUpdated": "2026-07-15T01:26:42.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-6558 (GCVE-0-2025-6558)
Vulnerability from nvd – Published: 2025-07-15 18:12 – Updated: 2026-02-26 17:50- CWE-20 - Insufficient validation of untrusted input
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-6558",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T03:55:29.491017Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-07-22",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6558"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:50:40.914Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6558"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-22T00:00:00.000Z",
"value": "CVE-2025-6558 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:14:50.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Aug/0"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Jul/37"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Jul/35"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Jul/32"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Jul/30"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/08/02/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "138.0.7204.157",
"status": "affected",
"version": "138.0.7204.157",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Insufficient validation of untrusted input",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-15T18:12:36.848Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html"
},
{
"url": "https://issues.chromium.org/issues/427162086"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2025-6558",
"datePublished": "2025-07-15T18:12:36.848Z",
"dateReserved": "2025-06-23T22:30:38.590Z",
"dateUpdated": "2026-02-26T17:50:40.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27834 (GCVE-0-2024-27834)
Vulnerability from nvd – Published: 2024-05-13 23:00 – Updated: 2026-04-02 18:15- An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication
- CWE-277 - Insecure Inherited Permissions
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | Safari |
Affected:
0 , < 17.5
(custom)
|
|
| Apple | iOS and iPadOS |
Affected:
0 , < 16.7.8
(custom)
Affected: 0 , < 17.5 (custom) |
|
| Apple | macOS |
Affected:
0 , < 14.5
(custom)
|
|
| Apple | tvOS |
Affected:
0 , < 17.5
(custom)
|
|
| Apple | watchOS |
Affected:
0 , < 10.5
(custom)
|
|
| apple | ipad_os |
Affected:
0 , < 17.5
(custom)
cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:* |
|
| apple | macos |
Affected:
0 , < 14.5
(custom)
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* |
|
| apple | tvos |
Affected:
0 , < 17.5
(custom)
cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:* |
|
| apple | watchos |
Affected:
0 , < 10.5
(custom)
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* |
|
| apple | iphone_os |
Affected:
0 , < 17.5
(custom)
cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ipad_os",
"vendor": "apple",
"versions": [
{
"lessThan": "17.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos",
"vendor": "apple",
"versions": [
{
"lessThan": "14.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tvos",
"vendor": "apple",
"versions": [
{
"lessThan": "17.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "watchos",
"vendor": "apple",
"versions": [
{
"lessThan": "10.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "iphone_os",
"vendor": "apple",
"versions": [
{
"lessThan": "17.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27834",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-16T04:00:11.988391Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-277",
"description": "CWE-277 Insecure Inherited Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T15:23:00.293Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:18:39.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214101"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214106"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214104"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214103"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214102"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/May/17"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/05/21/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/May/10"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/May/9"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/May/12"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/May/16"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WKIXADCW3O4R2OOSDZGPU55XQFE6NA3M/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADCLQW54XN37VJZNYD3UKCYATJFIMYXG/"
},
{
"url": "https://support.apple.com/kb/HT214106"
},
{
"url": "https://support.apple.com/kb/HT214104"
},
{
"url": "https://support.apple.com/kb/HT214102"
},
{
"url": "https://support.apple.com/kb/HT214100"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.7.8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "17.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, watchOS 10.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:15:05.001Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/120896"
},
{
"url": "https://support.apple.com/en-us/120898"
},
{
"url": "https://support.apple.com/en-us/120901"
},
{
"url": "https://support.apple.com/en-us/120902"
},
{
"url": "https://support.apple.com/en-us/120903"
},
{
"url": "https://support.apple.com/en-us/120905"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-27834",
"datePublished": "2024-05-13T23:00:50.836Z",
"dateReserved": "2024-02-26T15:32:28.527Z",
"dateUpdated": "2026-04-02T18:15:05.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-23284 (GCVE-0-2024-23284)
Vulnerability from nvd – Published: 2024-03-08 01:35 – Updated: 2026-04-02 18:17- Processing maliciously crafted web content may prevent Content Security Policy from being enforced
- CWE-693 - Protection Mechanism Failure
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | Safari |
Affected:
0 , < 17.4
(custom)
|
|
| Apple | iOS and iPadOS |
Affected:
0 , < 16.7.6
(custom)
Affected: 0 , < 17.4 (custom) |
|
| Apple | macOS |
Affected:
0 , < 14.4
(custom)
|
|
| Apple | tvOS |
Affected:
0 , < 17.4
(custom)
|
|
| Apple | visionOS |
Affected:
0 , < 1.1
(custom)
|
|
| Apple | watchOS |
Affected:
0 , < 10.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:27:47.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214087"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214086"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214081"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214082"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214089"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214084"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214088"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/20"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/25"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/24"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/26"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
},
{
"url": "https://support.apple.com/kb/HT214089"
},
{
"url": "https://support.apple.com/kb/HT214087"
},
{
"url": "https://support.apple.com/kb/HT214084"
},
{
"url": "https://support.apple.com/kb/HT214082"
},
{
"url": "https://support.apple.com/kb/HT214081"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23284",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-07T04:00:29.525435Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T20:45:42.133Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.7.6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved state management. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may prevent Content Security Policy from being enforced",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:17:06.626Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/120880"
},
{
"url": "https://support.apple.com/en-us/120881"
},
{
"url": "https://support.apple.com/en-us/120882"
},
{
"url": "https://support.apple.com/en-us/120883"
},
{
"url": "https://support.apple.com/en-us/120893"
},
{
"url": "https://support.apple.com/en-us/120894"
},
{
"url": "https://support.apple.com/en-us/120895"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-23284",
"datePublished": "2024-03-08T01:35:43.782Z",
"dateReserved": "2024-01-12T22:22:21.499Z",
"dateUpdated": "2026-04-02T18:17:06.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-23280 (GCVE-0-2024-23280)
Vulnerability from nvd – Published: 2024-03-08 01:36 – Updated: 2026-04-02 18:25- A maliciously crafted webpage may be able to fingerprint the user
- CWE-noinfo Not enough information
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | Safari |
Affected:
0 , < 17.4
(custom)
|
|
| Apple | iOS and iPadOS |
Affected:
0 , < 17.4
(custom)
|
|
| Apple | macOS |
Affected:
0 , < 14.4
(custom)
|
|
| Apple | tvOS |
Affected:
0 , < 17.4
(custom)
|
|
| Apple | watchOS |
Affected:
0 , < 10.4
(custom)
|
|
| apple | tvos |
Affected:
0 , < 17.4
(custom)
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* |
|
| apple | ios |
Affected:
0 , < 17.4
(custom)
cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:* |
|
| apple | ipados |
Affected:
0 , < 17.4
(custom)
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* |
|
| apple | safari |
Affected:
0 , < 17.4
(custom)
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* |
|
| apple | macos |
Affected:
0 , < 17.4
(custom)
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* |
|
| apple | watchos |
Affected:
0 , < 17.4
(custom)
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:27:35.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214086"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214081"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214089"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214084"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214088"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/20"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/25"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/24"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
},
{
"url": "https://support.apple.com/kb/HT214089"
},
{
"url": "https://support.apple.com/kb/HT214086"
},
{
"url": "https://support.apple.com/kb/HT214084"
},
{
"url": "https://support.apple.com/kb/HT214081"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tvos",
"vendor": "apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ios",
"vendor": "apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ipados",
"vendor": "apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "safari",
"vendor": "apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos",
"vendor": "apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "watchos",
"vendor": "apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23280",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T20:33:30.944280Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T16:45:41.969Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A maliciously crafted webpage may be able to fingerprint the user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A maliciously crafted webpage may be able to fingerprint the user",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:25:29.626Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/120881"
},
{
"url": "https://support.apple.com/en-us/120882"
},
{
"url": "https://support.apple.com/en-us/120893"
},
{
"url": "https://support.apple.com/en-us/120894"
},
{
"url": "https://support.apple.com/en-us/120895"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-23280",
"datePublished": "2024-03-08T01:36:14.625Z",
"dateReserved": "2024-01-12T22:22:21.499Z",
"dateUpdated": "2026-04-02T18:25:29.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-23263 (GCVE-0-2024-23263)
Vulnerability from nvd – Published: 2024-03-08 01:36 – Updated: 2026-04-02 18:26- Processing maliciously crafted web content may prevent Content Security Policy from being enforced
- CWE-20 - Improper Input Validation
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | Safari |
Affected:
0 , < 17.4
(custom)
|
|
| Apple | iOS and iPadOS |
Affected:
0 , < 16.7.6
(custom)
Affected: 0 , < 17.4 (custom) |
|
| Apple | macOS |
Affected:
0 , < 14.4
(custom)
|
|
| Apple | tvOS |
Affected:
0 , < 17.4
(custom)
|
|
| Apple | visionOS |
Affected:
0 , < 1.1
(custom)
|
|
| Apple | watchOS |
Affected:
0 , < 10.4
(custom)
|
|
| apple | visionos |
Affected:
0 , < 1.1
(semver)
cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:* |
|
| apple | tvos |
Affected:
0 , < 17.4
(semver)
cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:* |
|
| apple | iphone_os |
Affected:
16.7 , < 16.7.6
(semver)
cpe:2.3:o:apple:iphone_os:16.7:*:*:*:*:*:*:* |
|
| apple | ipad_os |
Affected:
16.7 , < 16.7.6
(semver)
cpe:2.3:o:apple:ipad_os:16.7:*:*:*:*:*:*:* |
|
| apple | iphone_os |
Affected:
17.0 , < 17.4
(semver)
cpe:2.3:o:apple:iphone_os:17.0:*:*:*:*:*:*:* |
|
| apple | ipad_os |
Affected:
17.0 , < 17.4
(semver)
cpe:2.3:o:apple:ipad_os:17.0:*:*:*:*:*:*:* |
|
| apple | macos |
Affected:
14.0 , < 14.4
(semver)
cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:* |
|
| apple | watchos |
Affected:
0 , < 10.4
(semver)
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* |
|
| webkitgtk | webkitgtk |
Affected:
0 , < 2.45.2
(semver)
cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:* |
|
| apple | safari |
Affected:
0 , < 17.4
(semver)
cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "visionos",
"vendor": "apple",
"versions": [
{
"lessThan": "1.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "tvos",
"vendor": "apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:iphone_os:16.7:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "iphone_os",
"vendor": "apple",
"versions": [
{
"lessThan": "16.7.6",
"status": "affected",
"version": "16.7",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:ipad_os:16.7:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "ipad_os",
"vendor": "apple",
"versions": [
{
"lessThan": "16.7.6",
"status": "affected",
"version": "16.7",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:iphone_os:17.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "iphone_os",
"vendor": "apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "17.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:ipad_os:17.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "ipad_os",
"vendor": "apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "17.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "macos",
"vendor": "apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "14.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "watchos",
"vendor": "apple",
"versions": [
{
"lessThan": "10.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "webkitgtk",
"vendor": "webkitgtk",
"versions": [
{
"lessThan": "2.45.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "safari",
"vendor": "apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23263",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-18T04:00:44.910447Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T14:06:07.414Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:26:26.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214087"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214086"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214081"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214082"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214089"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214084"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214088"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/20"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/25"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/24"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/26"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
},
{
"url": "https://support.apple.com/kb/HT214089"
},
{
"url": "https://support.apple.com/kb/HT214087"
},
{
"url": "https://support.apple.com/kb/HT214084"
},
{
"url": "https://support.apple.com/kb/HT214082"
},
{
"url": "https://support.apple.com/kb/HT214081"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.7.6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may prevent Content Security Policy from being enforced",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:26:35.629Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/120880"
},
{
"url": "https://support.apple.com/en-us/120881"
},
{
"url": "https://support.apple.com/en-us/120882"
},
{
"url": "https://support.apple.com/en-us/120883"
},
{
"url": "https://support.apple.com/en-us/120893"
},
{
"url": "https://support.apple.com/en-us/120894"
},
{
"url": "https://support.apple.com/en-us/120895"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-23263",
"datePublished": "2024-03-08T01:36:19.295Z",
"dateReserved": "2024-01-12T22:22:21.490Z",
"dateUpdated": "2026-04-02T18:26:35.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-23254 (GCVE-0-2024-23254)
Vulnerability from nvd – Published: 2024-03-08 01:36 – Updated: 2026-04-02 18:23- A malicious website may exfiltrate audio data cross-origin
- CWE-noinfo Not enough information
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23254",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-08T15:22:13.972787Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T17:21:36.617Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:25:57.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214087"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214086"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214081"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214089"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214084"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214088"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/20"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/25"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/24"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/26"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
},
{
"url": "https://support.apple.com/kb/HT214089"
},
{
"url": "https://support.apple.com/kb/HT214087"
},
{
"url": "https://support.apple.com/kb/HT214084"
},
{
"url": "https://support.apple.com/kb/HT214081"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved UI handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. A malicious website may exfiltrate audio data cross-origin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A malicious website may exfiltrate audio data cross-origin",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:23:44.403Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/120881"
},
{
"url": "https://support.apple.com/en-us/120882"
},
{
"url": "https://support.apple.com/en-us/120883"
},
{
"url": "https://support.apple.com/en-us/120893"
},
{
"url": "https://support.apple.com/en-us/120894"
},
{
"url": "https://support.apple.com/en-us/120895"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-23254",
"datePublished": "2024-03-08T01:36:07.243Z",
"dateReserved": "2024-01-12T22:22:21.487Z",
"dateUpdated": "2026-04-02T18:23:44.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-42843 (GCVE-0-2023-42843)
Vulnerability from nvd – Published: 2024-02-21 06:41 – Updated: 2025-02-13 17:09- Visiting a malicious website may lead to address bar spoofing
- CWE-290 - Authentication Bypass by Spoofing
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | iOS and iPadOS |
Affected:
unspecified , < 16.7
(custom)
|
|
| Apple | Safari |
Affected:
unspecified , < 17.1
(custom)
|
|
| Apple | macOS |
Affected:
unspecified , < 14.1
(custom)
|
|
| Apple | iOS and iPadOS |
Affected:
unspecified , < 17.1
(custom)
|
|
| apple | ios_and_ipados |
Affected:
0 , < 16.7
(custom)
Affected: 0 , < 17.1 (custom) cpe:2.3:o:apple:ios_and_ipados:*:*:*:*:*:*:*:* |
|
| apple | safari |
Affected:
0 , < 17.1
(custom)
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* |
|
| apple | macos |
Affected:
0 , < 14.1
(custom)
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:apple:ios_and_ipados:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ios_and_ipados",
"vendor": "apple",
"versions": [
{
"lessThan": "16.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "safari",
"vendor": "apple",
"versions": [
{
"lessThan": "17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos",
"vendor": "apple",
"versions": [
{
"lessThan": "14.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-42843",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-04T16:39:32.031098Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T16:45:42.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:30:24.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213981"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213986"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213984"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213982"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Visiting a malicious website may lead to address bar spoofing",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T06:06:12.839Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213981"
},
{
"url": "https://support.apple.com/en-us/HT213986"
},
{
"url": "https://support.apple.com/en-us/HT213984"
},
{
"url": "https://support.apple.com/en-us/HT213982"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2023-42843",
"datePublished": "2024-02-21T06:41:27.506Z",
"dateReserved": "2023-09-14T19:05:11.449Z",
"dateUpdated": "2025-02-13T17:09:48.003Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40397 (GCVE-0-2023-40397)
Vulnerability from nvd – Published: 2023-09-06 20:48 – Updated: 2025-02-13 17:07- A remote attacker may be able to cause arbitrary javascript code execution
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.770Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213843"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A remote attacker may be able to cause arbitrary javascript code execution",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-05T14:06:45.711Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213843"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
},
{
"url": "https://security.gentoo.org/glsa/202401-04"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2023-40397",
"datePublished": "2023-09-06T20:48:06.383Z",
"dateReserved": "2023-08-14T20:26:36.254Z",
"dateUpdated": "2025-02-13T17:07:51.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32370 (GCVE-0-2023-32370)
Vulnerability from nvd – Published: 2023-09-06 01:36 – Updated: 2025-02-13 16:50- Content Security Policy to block domains with wildcards may fail
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:24.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213670"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32370",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T18:17:38.085978Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T18:17:49.178Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. Content Security Policy to block domains with wildcards may fail."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Content Security Policy to block domains with wildcards may fail",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-05T14:06:38.307Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213670"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
},
{
"url": "https://security.gentoo.org/glsa/202401-04"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2023-32370",
"datePublished": "2023-09-06T01:36:31.884Z",
"dateReserved": "2023-05-08T22:31:41.818Z",
"dateUpdated": "2025-02-13T16:50:38.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28198 (GCVE-0-2023-28198)
Vulnerability from nvd – Published: 2023-08-14 22:40 – Updated: 2025-02-13 16:48- Processing web content may lead to arbitrary code execution
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | macOS |
Affected:
unspecified , < 13.3
(custom)
|
|
| Apple | iOS and iPadOS |
Affected:
unspecified , < 16.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:24.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213670"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213676"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing web content may lead to arbitrary code execution",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-05T14:06:22.923Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213670"
},
{
"url": "https://support.apple.com/en-us/HT213676"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
},
{
"url": "https://security.gentoo.org/glsa/202401-04"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2023-28198",
"datePublished": "2023-08-14T22:40:37.966Z",
"dateReserved": "2023-03-13T18:37:25.757Z",
"dateUpdated": "2025-02-13T16:48:32.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8720 (GCVE-0-2019-8720)
Vulnerability from nvd – Published: 2023-03-06 00:00 – Updated: 2025-10-21 23:15{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:24:29.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1876611"
},
{
"tags": [
"x_transferred"
],
"url": "https://webkitgtk.org/security/WSA-2019-0005.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-8720",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T21:22:50.417013Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-05-23",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-8720"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:24.508Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-8720"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-05-23T00:00:00.000Z",
"value": "CVE-2019-8720 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "webkitgtk",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in webkitgtk 2.26.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-06T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1876611"
},
{
"url": "https://webkitgtk.org/security/WSA-2019-0005.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-8720",
"datePublished": "2023-03-06T00:00:00.000Z",
"dateReserved": "2019-02-18T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:24.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-43343 (GCVE-0-2025-43343)
Vulnerability from cvelistv5 – Published: 2025-09-15 22:35 – Updated: 2026-04-02 18:21- Processing maliciously crafted web content may lead to an unexpected process crash
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43343",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-16T13:36:38.705148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T17:24:21.978Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-12-17T14:48:14.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/Sep/57"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Sep/53"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Sep/59"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Sep/49"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/10/13/4"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:19946"
},
{
"url": "https://ubuntu.com/security/CVE-2025-43343"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2025-43343"
},
{
"url": "https://webkitgtk.org/security/WSA-2025-0007.html"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to an unexpected process crash",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:21:37.147Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125108"
},
{
"url": "https://support.apple.com/en-us/125110"
},
{
"url": "https://support.apple.com/en-us/125113"
},
{
"url": "https://support.apple.com/en-us/125114"
},
{
"url": "https://support.apple.com/en-us/125115"
},
{
"url": "https://support.apple.com/en-us/125116"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43343",
"datePublished": "2025-09-15T22:35:30.400Z",
"dateReserved": "2025-04-16T15:24:37.110Z",
"dateUpdated": "2026-04-02T18:21:37.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-43342 (GCVE-0-2025-43342)
Vulnerability from cvelistv5 – Published: 2025-09-15 22:35 – Updated: 2026-04-02 18:18- Processing maliciously crafted web content may lead to an unexpected process crash
- CWE-20 - Improper Input Validation
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | Safari |
Affected:
0 , < 26
(custom)
|
|
| Apple | iOS and iPadOS |
Affected:
0 , < 18.7
(custom)
Affected: 0 , < 26 (custom) |
|
| Apple | macOS |
Affected:
0 , < 26
(custom)
|
|
| Apple | tvOS |
Affected:
0 , < 26
(custom)
|
|
| Apple | visionOS |
Affected:
0 , < 26
(custom)
|
|
| Apple | watchOS |
Affected:
0 , < 26
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-43342",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-16T13:38:38.852885Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T17:25:29.262Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:10:40.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/Sep/57"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Sep/53"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Sep/59"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Sep/49"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/09/22/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A correctness issue was addressed with improved checks. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to an unexpected process crash",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:18:35.046Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/125108"
},
{
"url": "https://support.apple.com/en-us/125109"
},
{
"url": "https://support.apple.com/en-us/125110"
},
{
"url": "https://support.apple.com/en-us/125113"
},
{
"url": "https://support.apple.com/en-us/125114"
},
{
"url": "https://support.apple.com/en-us/125115"
},
{
"url": "https://support.apple.com/en-us/125116"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-43342",
"datePublished": "2025-09-15T22:35:12.163Z",
"dateReserved": "2025-04-16T15:24:37.110Z",
"dateUpdated": "2026-04-02T18:18:35.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-31277 (GCVE-0-2025-31277)
Vulnerability from cvelistv5 – Published: 2025-07-29 23:29 – Updated: 2026-07-15 01:26| Vendor | Product | Version | |
|---|---|---|---|
| Apple | Safari |
Affected:
0 , < 18.6
(custom)
|
|
| Apple | iOS and iPadOS |
Affected:
0 , < 18.6
(custom)
|
|
| Apple | macOS |
Affected:
0 , < 15.6
(custom)
|
|
| Apple | tvOS |
Affected:
0 , < 18.6
(custom)
|
|
| Apple | visionOS |
Affected:
0 , < 2.6
(custom)
|
|
| Apple | watchOS |
Affected:
0 , < 11.6
(custom)
|
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:2.50.0-1.el7_9 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:2.50.0-1.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
0:2.50.0-1.el8_2 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.2 |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:2.50.0-1.el8_4 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.4 |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On |
Unaffected:
0:2.50.0-1.el8_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus_long_life:8.4 |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:2.50.0-1.el8_6 , < *
(rpm)
cpe:/a:redhat:rhel_aus:8.6 |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:2.50.0-1.el8_6 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.6 |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:2.50.0-1.el8_6 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.6 |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:2.50.0-1.el8_8.1 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.8 |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:2.50.0-1.el8_8.1 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:2.50.1-0.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:2.50.0-2.el9_0 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.0 |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:2.50.0-2.el9_2 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:9.2 |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:2.50.0-2.el9_4 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.4 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-31277",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-31T03:56:01.249253Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"id": "CVE-2025-31277",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-21T04:00:59.438579Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2026-03-20",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31277"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T13:14:07.203Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain/"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31277"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:52:50.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/Aug/0"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Jul/36"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Jul/32"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Jul/30"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "webkitgtk4",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.50.0-1.el7_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "webkit2gtk3",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.50.0-1.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2"
],
"defaultStatus": "affected",
"packageName": "webkit2gtk3",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.50.0-1.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4"
],
"defaultStatus": "affected",
"packageName": "webkit2gtk3",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.50.0-1.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4"
],
"defaultStatus": "affected",
"packageName": "webkit2gtk3",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.50.0-1.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6"
],
"defaultStatus": "affected",
"packageName": "webkit2gtk3",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.50.0-1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6"
],
"defaultStatus": "affected",
"packageName": "webkit2gtk3",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.50.0-1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6"
],
"defaultStatus": "affected",
"packageName": "webkit2gtk3",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.50.0-1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8"
],
"defaultStatus": "affected",
"packageName": "webkit2gtk3",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.50.0-1.el8_8.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8"
],
"defaultStatus": "affected",
"packageName": "webkit2gtk3",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.50.0-1.el8_8.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "webkit2gtk3",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.50.1-0.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0"
],
"defaultStatus": "affected",
"packageName": "webkit2gtk3",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.50.0-2.el9_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2"
],
"defaultStatus": "affected",
"packageName": "webkit2gtk3",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.50.0-2.el9_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4"
],
"defaultStatus": "affected",
"packageName": "webkit2gtk3",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.50.0-2.el9_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "webkitgtk",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "webkitgtk3",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
}
],
"datePublic": "2026-03-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in WebKitGTK. Processing malicious web content can cause memory corruption due to improper memory handling."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T01:26:42.323Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-31277"
},
{
"name": "RHBZ#2448780",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448780"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31277.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19352"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:17802"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19157"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19165"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19109"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:17807"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:17643"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:17743"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:17741"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:18097"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2025:19352: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)"
},
{
"lang": "en",
"value": "RHSA-2025:17802: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2025:19157: Red Hat Enterprise Linux AppStream AUS (v. 8.2)"
},
{
"lang": "en",
"value": "RHSA-2025:19165: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
},
{
"lang": "en",
"value": "RHSA-2025:19109: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
},
{
"lang": "en",
"value": "RHSA-2025:17807: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
},
{
"lang": "en",
"value": "RHSA-2025:17643: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
},
{
"lang": "en",
"value": "RHSA-2025:17743: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2025:17741: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2025:18097: Red Hat Enterprise Linux AppStream (v. 9)"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-18T20:06:11.785Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-03-18T00:00:00.000Z",
"value": "Made public."
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to memory corruption",
"workarounds": [
{
"lang": "en",
"value": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "2.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to memory corruption",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:27:12.615Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/124147"
},
{
"url": "https://support.apple.com/en-us/124149"
},
{
"url": "https://support.apple.com/en-us/124152"
},
{
"url": "https://support.apple.com/en-us/124153"
},
{
"url": "https://support.apple.com/en-us/124154"
},
{
"url": "https://support.apple.com/en-us/124155"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-31277",
"datePublished": "2025-07-29T23:29:31.341Z",
"dateReserved": "2025-03-27T16:13:58.344Z",
"dateUpdated": "2026-07-15T01:26:42.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-6558 (GCVE-0-2025-6558)
Vulnerability from cvelistv5 – Published: 2025-07-15 18:12 – Updated: 2026-02-26 17:50- CWE-20 - Insufficient validation of untrusted input
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-6558",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T03:55:29.491017Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-07-22",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6558"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:50:40.914Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-6558"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-22T00:00:00.000Z",
"value": "CVE-2025-6558 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:14:50.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Aug/0"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Jul/37"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Jul/35"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Jul/32"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Jul/30"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/08/02/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "138.0.7204.157",
"status": "affected",
"version": "138.0.7204.157",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Insufficient validation of untrusted input",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-15T18:12:36.848Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html"
},
{
"url": "https://issues.chromium.org/issues/427162086"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2025-6558",
"datePublished": "2025-07-15T18:12:36.848Z",
"dateReserved": "2025-06-23T22:30:38.590Z",
"dateUpdated": "2026-02-26T17:50:40.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27834 (GCVE-0-2024-27834)
Vulnerability from cvelistv5 – Published: 2024-05-13 23:00 – Updated: 2026-04-02 18:15- An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication
- CWE-277 - Insecure Inherited Permissions
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | Safari |
Affected:
0 , < 17.5
(custom)
|
|
| Apple | iOS and iPadOS |
Affected:
0 , < 16.7.8
(custom)
Affected: 0 , < 17.5 (custom) |
|
| Apple | macOS |
Affected:
0 , < 14.5
(custom)
|
|
| Apple | tvOS |
Affected:
0 , < 17.5
(custom)
|
|
| Apple | watchOS |
Affected:
0 , < 10.5
(custom)
|
|
| apple | ipad_os |
Affected:
0 , < 17.5
(custom)
cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:* |
|
| apple | macos |
Affected:
0 , < 14.5
(custom)
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* |
|
| apple | tvos |
Affected:
0 , < 17.5
(custom)
cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:* |
|
| apple | watchos |
Affected:
0 , < 10.5
(custom)
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* |
|
| apple | iphone_os |
Affected:
0 , < 17.5
(custom)
cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ipad_os",
"vendor": "apple",
"versions": [
{
"lessThan": "17.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos",
"vendor": "apple",
"versions": [
{
"lessThan": "14.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tvos",
"vendor": "apple",
"versions": [
{
"lessThan": "17.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "watchos",
"vendor": "apple",
"versions": [
{
"lessThan": "10.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "iphone_os",
"vendor": "apple",
"versions": [
{
"lessThan": "17.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27834",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-16T04:00:11.988391Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-277",
"description": "CWE-277 Insecure Inherited Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T15:23:00.293Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:18:39.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214101"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214106"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214104"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214103"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214102"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/May/17"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/05/21/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/May/10"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/May/9"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/May/12"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/May/16"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WKIXADCW3O4R2OOSDZGPU55XQFE6NA3M/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADCLQW54XN37VJZNYD3UKCYATJFIMYXG/"
},
{
"url": "https://support.apple.com/kb/HT214106"
},
{
"url": "https://support.apple.com/kb/HT214104"
},
{
"url": "https://support.apple.com/kb/HT214102"
},
{
"url": "https://support.apple.com/kb/HT214100"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.7.8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "17.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, watchOS 10.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:15:05.001Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/120896"
},
{
"url": "https://support.apple.com/en-us/120898"
},
{
"url": "https://support.apple.com/en-us/120901"
},
{
"url": "https://support.apple.com/en-us/120902"
},
{
"url": "https://support.apple.com/en-us/120903"
},
{
"url": "https://support.apple.com/en-us/120905"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-27834",
"datePublished": "2024-05-13T23:00:50.836Z",
"dateReserved": "2024-02-26T15:32:28.527Z",
"dateUpdated": "2026-04-02T18:15:05.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-23263 (GCVE-0-2024-23263)
Vulnerability from cvelistv5 – Published: 2024-03-08 01:36 – Updated: 2026-04-02 18:26- Processing maliciously crafted web content may prevent Content Security Policy from being enforced
- CWE-20 - Improper Input Validation
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | Safari |
Affected:
0 , < 17.4
(custom)
|
|
| Apple | iOS and iPadOS |
Affected:
0 , < 16.7.6
(custom)
Affected: 0 , < 17.4 (custom) |
|
| Apple | macOS |
Affected:
0 , < 14.4
(custom)
|
|
| Apple | tvOS |
Affected:
0 , < 17.4
(custom)
|
|
| Apple | visionOS |
Affected:
0 , < 1.1
(custom)
|
|
| Apple | watchOS |
Affected:
0 , < 10.4
(custom)
|
|
| apple | visionos |
Affected:
0 , < 1.1
(semver)
cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:* |
|
| apple | tvos |
Affected:
0 , < 17.4
(semver)
cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:* |
|
| apple | iphone_os |
Affected:
16.7 , < 16.7.6
(semver)
cpe:2.3:o:apple:iphone_os:16.7:*:*:*:*:*:*:* |
|
| apple | ipad_os |
Affected:
16.7 , < 16.7.6
(semver)
cpe:2.3:o:apple:ipad_os:16.7:*:*:*:*:*:*:* |
|
| apple | iphone_os |
Affected:
17.0 , < 17.4
(semver)
cpe:2.3:o:apple:iphone_os:17.0:*:*:*:*:*:*:* |
|
| apple | ipad_os |
Affected:
17.0 , < 17.4
(semver)
cpe:2.3:o:apple:ipad_os:17.0:*:*:*:*:*:*:* |
|
| apple | macos |
Affected:
14.0 , < 14.4
(semver)
cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:* |
|
| apple | watchos |
Affected:
0 , < 10.4
(semver)
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* |
|
| webkitgtk | webkitgtk |
Affected:
0 , < 2.45.2
(semver)
cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:* |
|
| apple | safari |
Affected:
0 , < 17.4
(semver)
cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "visionos",
"vendor": "apple",
"versions": [
{
"lessThan": "1.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "tvos",
"vendor": "apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:iphone_os:16.7:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "iphone_os",
"vendor": "apple",
"versions": [
{
"lessThan": "16.7.6",
"status": "affected",
"version": "16.7",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:ipad_os:16.7:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "ipad_os",
"vendor": "apple",
"versions": [
{
"lessThan": "16.7.6",
"status": "affected",
"version": "16.7",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:iphone_os:17.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "iphone_os",
"vendor": "apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "17.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:ipad_os:17.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "ipad_os",
"vendor": "apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "17.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "macos",
"vendor": "apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "14.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "watchos",
"vendor": "apple",
"versions": [
{
"lessThan": "10.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "webkitgtk",
"vendor": "webkitgtk",
"versions": [
{
"lessThan": "2.45.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "safari",
"vendor": "apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23263",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-18T04:00:44.910447Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T14:06:07.414Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:26:26.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214087"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214086"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214081"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214082"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214089"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214084"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214088"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/20"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/25"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/24"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/26"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
},
{
"url": "https://support.apple.com/kb/HT214089"
},
{
"url": "https://support.apple.com/kb/HT214087"
},
{
"url": "https://support.apple.com/kb/HT214084"
},
{
"url": "https://support.apple.com/kb/HT214082"
},
{
"url": "https://support.apple.com/kb/HT214081"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.7.6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may prevent Content Security Policy from being enforced",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:26:35.629Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/120880"
},
{
"url": "https://support.apple.com/en-us/120881"
},
{
"url": "https://support.apple.com/en-us/120882"
},
{
"url": "https://support.apple.com/en-us/120883"
},
{
"url": "https://support.apple.com/en-us/120893"
},
{
"url": "https://support.apple.com/en-us/120894"
},
{
"url": "https://support.apple.com/en-us/120895"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-23263",
"datePublished": "2024-03-08T01:36:19.295Z",
"dateReserved": "2024-01-12T22:22:21.490Z",
"dateUpdated": "2026-04-02T18:26:35.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-23280 (GCVE-0-2024-23280)
Vulnerability from cvelistv5 – Published: 2024-03-08 01:36 – Updated: 2026-04-02 18:25- A maliciously crafted webpage may be able to fingerprint the user
- CWE-noinfo Not enough information
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | Safari |
Affected:
0 , < 17.4
(custom)
|
|
| Apple | iOS and iPadOS |
Affected:
0 , < 17.4
(custom)
|
|
| Apple | macOS |
Affected:
0 , < 14.4
(custom)
|
|
| Apple | tvOS |
Affected:
0 , < 17.4
(custom)
|
|
| Apple | watchOS |
Affected:
0 , < 10.4
(custom)
|
|
| apple | tvos |
Affected:
0 , < 17.4
(custom)
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* |
|
| apple | ios |
Affected:
0 , < 17.4
(custom)
cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:* |
|
| apple | ipados |
Affected:
0 , < 17.4
(custom)
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* |
|
| apple | safari |
Affected:
0 , < 17.4
(custom)
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* |
|
| apple | macos |
Affected:
0 , < 17.4
(custom)
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* |
|
| apple | watchos |
Affected:
0 , < 17.4
(custom)
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:27:35.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214086"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214081"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214089"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214084"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214088"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/20"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/25"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/24"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
},
{
"url": "https://support.apple.com/kb/HT214089"
},
{
"url": "https://support.apple.com/kb/HT214086"
},
{
"url": "https://support.apple.com/kb/HT214084"
},
{
"url": "https://support.apple.com/kb/HT214081"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tvos",
"vendor": "apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ios",
"vendor": "apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ipados",
"vendor": "apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "safari",
"vendor": "apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos",
"vendor": "apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "watchos",
"vendor": "apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23280",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T20:33:30.944280Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T16:45:41.969Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A maliciously crafted webpage may be able to fingerprint the user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A maliciously crafted webpage may be able to fingerprint the user",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:25:29.626Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/120881"
},
{
"url": "https://support.apple.com/en-us/120882"
},
{
"url": "https://support.apple.com/en-us/120893"
},
{
"url": "https://support.apple.com/en-us/120894"
},
{
"url": "https://support.apple.com/en-us/120895"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-23280",
"datePublished": "2024-03-08T01:36:14.625Z",
"dateReserved": "2024-01-12T22:22:21.499Z",
"dateUpdated": "2026-04-02T18:25:29.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-23254 (GCVE-0-2024-23254)
Vulnerability from cvelistv5 – Published: 2024-03-08 01:36 – Updated: 2026-04-02 18:23- A malicious website may exfiltrate audio data cross-origin
- CWE-noinfo Not enough information
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23254",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-08T15:22:13.972787Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T17:21:36.617Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:25:57.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214087"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214086"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214081"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214089"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214084"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214088"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/20"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/25"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/24"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/26"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
},
{
"url": "https://support.apple.com/kb/HT214089"
},
{
"url": "https://support.apple.com/kb/HT214087"
},
{
"url": "https://support.apple.com/kb/HT214084"
},
{
"url": "https://support.apple.com/kb/HT214081"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved UI handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. A malicious website may exfiltrate audio data cross-origin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A malicious website may exfiltrate audio data cross-origin",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:23:44.403Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/120881"
},
{
"url": "https://support.apple.com/en-us/120882"
},
{
"url": "https://support.apple.com/en-us/120883"
},
{
"url": "https://support.apple.com/en-us/120893"
},
{
"url": "https://support.apple.com/en-us/120894"
},
{
"url": "https://support.apple.com/en-us/120895"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-23254",
"datePublished": "2024-03-08T01:36:07.243Z",
"dateReserved": "2024-01-12T22:22:21.487Z",
"dateUpdated": "2026-04-02T18:23:44.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-23284 (GCVE-0-2024-23284)
Vulnerability from cvelistv5 – Published: 2024-03-08 01:35 – Updated: 2026-04-02 18:17- Processing maliciously crafted web content may prevent Content Security Policy from being enforced
- CWE-693 - Protection Mechanism Failure
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | Safari |
Affected:
0 , < 17.4
(custom)
|
|
| Apple | iOS and iPadOS |
Affected:
0 , < 16.7.6
(custom)
Affected: 0 , < 17.4 (custom) |
|
| Apple | macOS |
Affected:
0 , < 14.4
(custom)
|
|
| Apple | tvOS |
Affected:
0 , < 17.4
(custom)
|
|
| Apple | visionOS |
Affected:
0 , < 1.1
(custom)
|
|
| Apple | watchOS |
Affected:
0 , < 10.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:27:47.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214087"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214086"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214081"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214082"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214089"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214084"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214088"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/20"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/25"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/24"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/26"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
},
{
"url": "https://support.apple.com/kb/HT214089"
},
{
"url": "https://support.apple.com/kb/HT214087"
},
{
"url": "https://support.apple.com/kb/HT214084"
},
{
"url": "https://support.apple.com/kb/HT214082"
},
{
"url": "https://support.apple.com/kb/HT214081"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23284",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-07T04:00:29.525435Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T20:45:42.133Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.7.6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved state management. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may prevent Content Security Policy from being enforced",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:17:06.626Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/120880"
},
{
"url": "https://support.apple.com/en-us/120881"
},
{
"url": "https://support.apple.com/en-us/120882"
},
{
"url": "https://support.apple.com/en-us/120883"
},
{
"url": "https://support.apple.com/en-us/120893"
},
{
"url": "https://support.apple.com/en-us/120894"
},
{
"url": "https://support.apple.com/en-us/120895"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-23284",
"datePublished": "2024-03-08T01:35:43.782Z",
"dateReserved": "2024-01-12T22:22:21.499Z",
"dateUpdated": "2026-04-02T18:17:06.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-42843 (GCVE-0-2023-42843)
Vulnerability from cvelistv5 – Published: 2024-02-21 06:41 – Updated: 2025-02-13 17:09- Visiting a malicious website may lead to address bar spoofing
- CWE-290 - Authentication Bypass by Spoofing
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | iOS and iPadOS |
Affected:
unspecified , < 16.7
(custom)
|
|
| Apple | Safari |
Affected:
unspecified , < 17.1
(custom)
|
|
| Apple | macOS |
Affected:
unspecified , < 14.1
(custom)
|
|
| Apple | iOS and iPadOS |
Affected:
unspecified , < 17.1
(custom)
|
|
| apple | ios_and_ipados |
Affected:
0 , < 16.7
(custom)
Affected: 0 , < 17.1 (custom) cpe:2.3:o:apple:ios_and_ipados:*:*:*:*:*:*:*:* |
|
| apple | safari |
Affected:
0 , < 17.1
(custom)
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* |
|
| apple | macos |
Affected:
0 , < 14.1
(custom)
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:apple:ios_and_ipados:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ios_and_ipados",
"vendor": "apple",
"versions": [
{
"lessThan": "16.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "safari",
"vendor": "apple",
"versions": [
{
"lessThan": "17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos",
"vendor": "apple",
"versions": [
{
"lessThan": "14.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-42843",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-04T16:39:32.031098Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T16:45:42.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:30:24.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213981"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213986"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213984"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213982"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Visiting a malicious website may lead to address bar spoofing",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-07T06:06:12.839Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213981"
},
{
"url": "https://support.apple.com/en-us/HT213986"
},
{
"url": "https://support.apple.com/en-us/HT213984"
},
{
"url": "https://support.apple.com/en-us/HT213982"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2023-42843",
"datePublished": "2024-02-21T06:41:27.506Z",
"dateReserved": "2023-09-14T19:05:11.449Z",
"dateUpdated": "2025-02-13T17:09:48.003Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40397 (GCVE-0-2023-40397)
Vulnerability from cvelistv5 – Published: 2023-09-06 20:48 – Updated: 2025-02-13 17:07- A remote attacker may be able to cause arbitrary javascript code execution
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.770Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213843"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A remote attacker may be able to cause arbitrary javascript code execution",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-05T14:06:45.711Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213843"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
},
{
"url": "https://security.gentoo.org/glsa/202401-04"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2023-40397",
"datePublished": "2023-09-06T20:48:06.383Z",
"dateReserved": "2023-08-14T20:26:36.254Z",
"dateUpdated": "2025-02-13T17:07:51.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32370 (GCVE-0-2023-32370)
Vulnerability from cvelistv5 – Published: 2023-09-06 01:36 – Updated: 2025-02-13 16:50- Content Security Policy to block domains with wildcards may fail
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:24.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213670"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32370",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T18:17:38.085978Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T18:17:49.178Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. Content Security Policy to block domains with wildcards may fail."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Content Security Policy to block domains with wildcards may fail",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-05T14:06:38.307Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213670"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
},
{
"url": "https://security.gentoo.org/glsa/202401-04"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2023-32370",
"datePublished": "2023-09-06T01:36:31.884Z",
"dateReserved": "2023-05-08T22:31:41.818Z",
"dateUpdated": "2025-02-13T16:50:38.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28198 (GCVE-0-2023-28198)
Vulnerability from cvelistv5 – Published: 2023-08-14 22:40 – Updated: 2025-02-13 16:48- Processing web content may lead to arbitrary code execution
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | macOS |
Affected:
unspecified , < 13.3
(custom)
|
|
| Apple | iOS and iPadOS |
Affected:
unspecified , < 16.4
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:24.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213670"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213676"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing web content may lead to arbitrary code execution",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-05T14:06:22.923Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213670"
},
{
"url": "https://support.apple.com/en-us/HT213676"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
},
{
"url": "https://security.gentoo.org/glsa/202401-04"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2023-28198",
"datePublished": "2023-08-14T22:40:37.966Z",
"dateReserved": "2023-03-13T18:37:25.757Z",
"dateUpdated": "2025-02-13T16:48:32.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}