Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0634
Vulnerability from certfr_avis - Published: 2024-07-30 - Updated: 2024-07-30
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Apple indique que la vulnérabilité CVE-2024-23296 est activement exploitée.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | macOS Monterey versions antérieures à 12.7.6 | ||
| Apple | N/A | iOS et iPadOS versions antérieures à 17.6 | ||
| Apple | N/A | macOS Ventura versions antérieures à 13.6.8 | ||
| Apple | N/A | visionOS versions antérieures à 1.3 | ||
| Apple | N/A | tvOS versions antérieures à 17.6 | ||
| Apple | N/A | iOS et iPadOS versions antérieures à 16.7.9 | ||
| Apple | N/A | watchOS versions antérieures à 10.6 | ||
| Apple | N/A | Safari versions antérieures à 17.6 | ||
| Apple | N/A | macOS Sonoma versions antérieures à 14.6 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "macOS Monterey versions ant\u00e9rieures \u00e0 12.7.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS et iPadOS versions ant\u00e9rieures \u00e0 17.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Ventura versions ant\u00e9rieures \u00e0 13.6.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "visionOS versions ant\u00e9rieures \u00e0 1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 17.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS et iPadOS versions ant\u00e9rieures \u00e0 16.7.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 10.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 17.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-24795",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24795"
},
{
"name": "CVE-2023-52356",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52356"
},
{
"name": "CVE-2024-40824",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40824"
},
{
"name": "CVE-2023-27952",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27952"
},
{
"name": "CVE-2024-27823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27823"
},
{
"name": "CVE-2024-40779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40779"
},
{
"name": "CVE-2023-38709",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38709"
},
{
"name": "CVE-2024-40794",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40794"
},
{
"name": "CVE-2024-40813",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40813"
},
{
"name": "CVE-2024-27316",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27316"
},
{
"name": "CVE-2024-40793",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40793"
},
{
"name": "CVE-2024-40781",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40781"
},
{
"name": "CVE-2024-40818",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40818"
},
{
"name": "CVE-2024-40816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40816"
},
{
"name": "CVE-2024-40804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40804"
},
{
"name": "CVE-2024-40817",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40817"
},
{
"name": "CVE-2024-23296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23296"
},
{
"name": "CVE-2024-2466",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2466"
},
{
"name": "CVE-2024-40827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40827"
},
{
"name": "CVE-2024-27804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27804"
},
{
"name": "CVE-2024-40785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40785"
},
{
"name": "CVE-2024-40777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40777"
},
{
"name": "CVE-2024-40776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40776"
},
{
"name": "CVE-2024-40798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40798"
},
{
"name": "CVE-2023-6277",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6277"
},
{
"name": "CVE-2024-27871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27871"
},
{
"name": "CVE-2024-40815",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40815"
},
{
"name": "CVE-2024-27872",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27872"
},
{
"name": "CVE-2024-23261",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23261"
},
{
"name": "CVE-2024-40789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40789"
},
{
"name": "CVE-2024-40834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40834"
},
{
"name": "CVE-2024-40809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40809"
},
{
"name": "CVE-2024-27873",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27873"
},
{
"name": "CVE-2024-27878",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27878"
},
{
"name": "CVE-2024-40784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40784"
},
{
"name": "CVE-2024-40823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40823"
},
{
"name": "CVE-2024-2379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2379"
},
{
"name": "CVE-2024-40812",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40812"
},
{
"name": "CVE-2024-40774",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40774"
},
{
"name": "CVE-2024-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2004"
},
{
"name": "CVE-2024-40796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40796"
},
{
"name": "CVE-2024-40828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40828"
},
{
"name": "CVE-2024-27862",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27862"
},
{
"name": "CVE-2024-27826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27826"
},
{
"name": "CVE-2024-40836",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40836"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2024-27883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27883"
},
{
"name": "CVE-2024-40788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40788"
},
{
"name": "CVE-2024-40782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40782"
},
{
"name": "CVE-2024-40822",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40822"
},
{
"name": "CVE-2024-27877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27877"
},
{
"name": "CVE-2024-40780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40780"
},
{
"name": "CVE-2024-27882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27882"
},
{
"name": "CVE-2024-40805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40805"
},
{
"name": "CVE-2024-40829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40829"
},
{
"name": "CVE-2024-40835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40835"
},
{
"name": "CVE-2024-40786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40786"
},
{
"name": "CVE-2024-40833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40833"
},
{
"name": "CVE-2024-40806",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40806"
},
{
"name": "CVE-2024-40778",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40778"
},
{
"name": "CVE-2024-40814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40814"
},
{
"name": "CVE-2024-40783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40783"
},
{
"name": "CVE-2024-40807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40807"
},
{
"name": "CVE-2024-40832",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40832"
},
{
"name": "CVE-2024-27863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27863"
},
{
"name": "CVE-2024-40803",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40803"
},
{
"name": "CVE-2024-40811",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40811"
},
{
"name": "CVE-2024-6387",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6387"
},
{
"name": "CVE-2024-40775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40775"
},
{
"name": "CVE-2024-27881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27881"
},
{
"name": "CVE-2024-4558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4558"
},
{
"name": "CVE-2024-40787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40787"
},
{
"name": "CVE-2024-40821",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40821"
},
{
"name": "CVE-2024-40802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40802"
},
{
"name": "CVE-2024-40800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40800"
},
{
"name": "CVE-2024-40795",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40795"
},
{
"name": "CVE-2024-40799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40799"
}
],
"initial_release_date": "2024-07-30T00:00:00",
"last_revision_date": "2024-07-30T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0634",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-30T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nApple indique que la vuln\u00e9rabilit\u00e9 CVE-2024-23296 est activement exploit\u00e9e.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2024-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT214119",
"url": "https://support.apple.com/kb/HT214119"
},
{
"published_at": "2024-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT214117",
"url": "https://support.apple.com/kb/HT214117"
},
{
"published_at": "2024-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT214123",
"url": "https://support.apple.com/kb/HT214123"
},
{
"published_at": "2024-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT214120",
"url": "https://support.apple.com/kb/HT214120"
},
{
"published_at": "2024-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT214124",
"url": "https://support.apple.com/kb/HT214124"
},
{
"published_at": "2024-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT214118",
"url": "https://support.apple.com/kb/HT214118"
},
{
"published_at": "2024-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT214121",
"url": "https://support.apple.com/kb/HT214121"
},
{
"published_at": "2024-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT214116",
"url": "https://support.apple.com/kb/HT214116"
},
{
"published_at": "2024-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT214122",
"url": "https://support.apple.com/kb/HT214122"
}
]
}
CVE-2024-24795 (GCVE-0-2024-24795)
Vulnerability from cvelistv5 – Published: 2024-04-04 19:20 – Updated: 2024-11-12 19:48
VLAI
EPSS
Title
Apache HTTP Server: HTTP Response Splitting in multiple modules
Summary
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.
Users are recommended to upgrade to version 2.4.59, which fixes this issue.
Severity
6.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
10 references
| URL | Tags |
|---|---|
| https://httpd.apache.org/security/vulnerabilities… | vendor-advisory |
| https://security.netapp.com/advisory/ntap-2024041… | x_transferred |
| https://lists.fedoraproject.org/archives/list/pac… | x_transferred |
| http://www.openwall.com/lists/oss-security/2024/04/04/5 | x_transferred |
| https://lists.fedoraproject.org/archives/list/pac… | x_transferred |
| https://lists.fedoraproject.org/archives/list/pac… | x_transferred |
| https://lists.debian.org/debian-lts-announce/2024… | x_transferred |
| https://lists.debian.org/debian-lts-announce/2024… | x_transferred |
| https://support.apple.com/kb/HT214119 | x_transferred |
| http://seclists.org/fulldisclosure/2024/Jul/18 | x_transferred |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache HTTP Server |
Affected:
2.4.0 , ≤ 2.4.58
(semver)
|
Credits
Keran Mu, Tsinghua University and Zhongguancun Laboratory.
Jianjun Chen, Tsinghua University and Zhongguancun Laboratory.
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-24795",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T19:38:36.908335Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T19:48:20.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:12.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240415-0013/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/04/5"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00014.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214119"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache HTTP Server",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.4.58",
"status": "affected",
"version": "2.4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Keran Mu, Tsinghua University and Zhongguancun Laboratory."
},
{
"lang": "en",
"type": "finder",
"value": "Jianjun Chen, Tsinghua University and Zhongguancun Laboratory."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.\u003cbr\u003e\u003cbr\u003eUsers are recommended to upgrade to version 2.4.59, which fixes this issue."
}
],
"value": "HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.\n\nUsers are recommended to upgrade to version 2.4.59, which fixes this issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-113",
"description": "CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Response Splitting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T12:16:15.822Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2023-09-06T11:37:00.000Z",
"value": "Reported to security team"
}
],
"title": "Apache HTTP Server: HTTP Response Splitting in multiple modules",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-24795",
"datePublished": "2024-04-04T19:20:48.803Z",
"dateReserved": "2024-01-31T13:49:58.441Z",
"dateUpdated": "2024-11-12T19:48:20.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27316 (GCVE-0-2024-27316)
Vulnerability from cvelistv5 – Published: 2024-04-04 19:21 – Updated: 2025-11-04 22:06
VLAI
EPSS
Title
Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames
Summary
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
10 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache HTTP Server |
Affected:
2.4.17 , ≤ 2.4.58
(semver)
|
|
| apache | http_server |
Affected:
2.4.17 , ≤ 2.4.58
(semver)
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* |
Credits
Bartek Nowotarski (https://nowotarski.info/)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "http_server",
"vendor": "apache",
"versions": [
{
"lessThanOrEqual": "2.4.58",
"status": "affected",
"version": "2.4.17",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27316",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-29T15:46:29.859482Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T15:50:30.340Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T22:06:02.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2024/04/03/16"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/04/4"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214119"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/18"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MIUBKSCJGPJ6M2U63V6BKFDF725ODLG7/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240415-0013/"
},
{
"url": "https://www.kb.cert.org/vuls/id/421644"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FO73U3SLBYFGIW2YKXOK7RI4D6DJSZ2B/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache HTTP Server",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.4.58",
"status": "affected",
"version": "2.4.17",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bartek Nowotarski (https://nowotarski.info/)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion."
}
],
"value": "HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T22:06:03.835Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"url": "https://www.openwall.com/lists/oss-security/2024/04/03/16"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/04/4"
},
{
"url": "https://support.apple.com/kb/HT214119"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/18"
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-02-22T15:29:00.000Z",
"value": "Reported to security team"
}
],
"title": "Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-27316",
"datePublished": "2024-04-04T19:21:41.984Z",
"dateReserved": "2024-02-23T14:20:56.465Z",
"dateUpdated": "2025-11-04T22:06:02.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27804 (GCVE-0-2024-27804)
Vulnerability from cvelistv5 – Published: 2024-05-13 23:00 – Updated: 2026-04-02 18:10
VLAI
EPSS
Summary
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.3, watchOS 10.5. An app may be able to cause unexpected system termination.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- An app may be able to cause unexpected system termination
- CWE-1325 - Improperly Controlled Sequential Memory Allocation
Assigner
References
19 references
| URL | Tags |
|---|---|
| https://support.apple.com/en-us/120901 | |
| https://support.apple.com/en-us/120902 | |
| https://support.apple.com/en-us/120903 | |
| https://support.apple.com/en-us/120905 | |
| https://support.apple.com/en-us/120915 | |
| https://support.apple.com/en-us/HT214101 | x_transferred |
| https://support.apple.com/en-us/HT214106 | x_transferred |
| https://support.apple.com/en-us/HT214104 | x_transferred |
| https://support.apple.com/en-us/HT214102 | x_transferred |
| http://seclists.org/fulldisclosure/2024/May/17 | x_transferred |
| http://seclists.org/fulldisclosure/2024/May/10 | x_transferred |
| https://support.apple.com/kb/HT214102 | x_transferred |
| https://support.apple.com/kb/HT214104 | x_transferred |
| https://support.apple.com/kb/HT214106 | x_transferred |
| http://seclists.org/fulldisclosure/2024/May/12 | x_transferred |
| http://seclists.org/fulldisclosure/2024/May/16 | x_transferred |
| https://support.apple.com/kb/HT214101 | x_transferred |
| https://support.apple.com/kb/HT214123 | x_transferred |
| http://seclists.org/fulldisclosure/2024/Jul/23 | x_transferred |
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | iOS and iPadOS |
Affected:
0 , < 17.5
(custom)
|
|
| Apple | macOS |
Affected:
0 , < 14.5
(custom)
|
|
| Apple | tvOS |
Affected:
0 , < 17.5
(custom)
|
|
| Apple | visionOS |
Affected:
0 , < 1.3
(custom)
|
|
| Apple | watchOS |
Affected:
0 , < 10.5
(custom)
|
|
| apple | watchos |
Affected:
0 , < 10.5
(custom)
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* |
|
| apple | ipad_os |
Affected:
0 , < 17.5
(custom)
cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:* |
|
| apple | iphone_os |
Affected:
0 , < 17.5
(custom)
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* |
|
| apple | tvos |
Affected:
0 , < 17.5
(custom)
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* |
|
| apple | macos |
Affected:
0 , < 14.5
(custom)
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "watchos",
"vendor": "apple",
"versions": [
{
"lessThan": "10.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ipad_os",
"vendor": "apple",
"versions": [
{
"lessThan": "17.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "iphone_os",
"vendor": "apple",
"versions": [
{
"lessThan": "17.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tvos",
"vendor": "apple",
"versions": [
{
"lessThan": "17.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos",
"vendor": "apple",
"versions": [
{
"lessThan": "14.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27804",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-16T04:00:16.579332Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1325",
"description": "CWE-1325 Improperly Controlled Sequential Memory Allocation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T14:50:52.579Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:41:55.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214101"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214106"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214104"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214102"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/May/17"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/May/10"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214102"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214104"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214106"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/May/12"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/May/16"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214101"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214123"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/23"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.3, watchOS 10.5. An app may be able to cause unexpected system termination."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to cause unexpected system termination",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:10:44.472Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/120901"
},
{
"url": "https://support.apple.com/en-us/120902"
},
{
"url": "https://support.apple.com/en-us/120903"
},
{
"url": "https://support.apple.com/en-us/120905"
},
{
"url": "https://support.apple.com/en-us/120915"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-27804",
"datePublished": "2024-05-13T23:00:48.211Z",
"dateReserved": "2024-02-26T15:32:28.517Z",
"dateUpdated": "2026-04-02T18:10:44.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27823 (GCVE-0-2024-27823)
Vulnerability from cvelistv5 – Published: 2024-07-29 22:16 – Updated: 2026-04-02 18:14
VLAI
EPSS
Summary
A race condition was addressed with improved locking. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.3, watchOS 10.5. An attacker in a privileged network position may be able to spoof network packets.
Severity
5.9 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- An attacker in a privileged network position may be able to spoof network packets
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
25 references
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | iOS and iPadOS |
Affected:
0 , < 16.7.8
(custom)
Affected: 0 , < 17.5 (custom) |
|
| Apple | macOS |
Affected:
0 , < 12.7.5
(custom)
Affected: 0 , < 13.6.7 (custom) Affected: 0 , < 14.5 (custom) |
|
| Apple | tvOS |
Affected:
0 , < 17.5
(custom)
|
|
| Apple | visionOS |
Affected:
0 , < 1.3
(custom)
|
|
| Apple | watchOS |
Affected:
0 , < 10.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27823",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T13:27:57.267700Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-26T16:12:56.174Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:18:18.893Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214101"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214100"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214107"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214106"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214105"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214104"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214123"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214102"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214107"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214102"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214104"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214105"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214100"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214106"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214101"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/23"
},
{
"url": "https://support.apple.com/kb/HT214123"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.7.8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "17.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "12.7.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "13.6.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "14.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A race condition was addressed with improved locking. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.3, watchOS 10.5. An attacker in a privileged network position may be able to spoof network packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An attacker in a privileged network position may be able to spoof network packets",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:14:38.459Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/120898"
},
{
"url": "https://support.apple.com/en-us/120899"
},
{
"url": "https://support.apple.com/en-us/120900"
},
{
"url": "https://support.apple.com/en-us/120901"
},
{
"url": "https://support.apple.com/en-us/120902"
},
{
"url": "https://support.apple.com/en-us/120903"
},
{
"url": "https://support.apple.com/en-us/120905"
},
{
"url": "https://support.apple.com/en-us/120915"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-27823",
"datePublished": "2024-07-29T22:16:47.880Z",
"dateReserved": "2024-02-26T15:32:28.524Z",
"dateUpdated": "2026-04-02T18:14:38.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27826 (GCVE-0-2024-27826)
Vulnerability from cvelistv5 – Published: 2024-07-29 22:17 – Updated: 2026-04-02 18:26
VLAI
EPSS
Summary
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.6, macOS Sonoma 14.5, macOS Ventura 13.6.8, tvOS 17.5, visionOS 1.3, watchOS 10.5. A local attacker may be able to cause unexpected system shutdown.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- A local attacker may be able to cause unexpected system shutdown
- CWE-269 - Improper Privilege Management
Assigner
References
24 references
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | iOS and iPadOS |
Affected:
0 , < 17.5
(custom)
|
|
| Apple | macOS |
Affected:
0 , < 12.7.6
(custom)
Affected: 0 , < 13.6.8 (custom) Affected: 0 , < 14.5 (custom) |
|
| Apple | tvOS |
Affected:
0 , < 17.5
(custom)
|
|
| Apple | visionOS |
Affected:
0 , < 1.3
(custom)
|
|
| Apple | watchOS |
Affected:
0 , < 10.5
(custom)
|
|
| apple | watch_os |
Affected:
0 , < 10.5
(custom)
cpe:2.3:o:apple:watch_os:*:*:*:*:*:*:*:* |
|
| apple | visionos |
Affected:
0 , < 1.3
(custom)
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:* |
|
| apple | ipad_os |
Affected:
0 , < 17.5
(custom)
cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:* |
|
| apple | tv_os |
Affected:
0 , < 17.5
(custom)
cpe:2.3:o:apple:tv_os:*:*:*:*:*:*:*:* |
|
| apple | iphone_os |
Affected:
0 , < 17.5
(custom)
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* |
|
| apple | macos |
Affected:
12.0 , < 12.7.6
(custom)
Affected: 13.0 , < 13.6.85 (custom) Affected: 14.0 , < 14.5 (custom) cpe:2.3:o:apple:macos:12.0:*:*:*:*:*:*:* cpe:2.3:o:apple:macos:13.0:*:*:*:*:*:*:* cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:apple:watch_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "watch_os",
"vendor": "apple",
"versions": [
{
"lessThan": "10.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "visionos",
"vendor": "apple",
"versions": [
{
"lessThan": "1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ipad_os",
"vendor": "apple",
"versions": [
{
"lessThan": "17.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:tv_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tv_os",
"vendor": "apple",
"versions": [
{
"lessThan": "17.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "iphone_os",
"vendor": "apple",
"versions": [
{
"lessThan": "17.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:macos:12.0:*:*:*:*:*:*:*",
"cpe:2.3:o:apple:macos:13.0:*:*:*:*:*:*:*",
"cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos",
"vendor": "apple",
"versions": [
{
"lessThan": "12.7.6",
"status": "affected",
"version": "12.0",
"versionType": "custom"
},
{
"lessThan": "13.6.85",
"status": "affected",
"version": "13.0",
"versionType": "custom"
},
{
"lessThan": "14.5",
"status": "affected",
"version": "14.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27826",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T03:55:46.840884Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T14:00:19.820Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:18:23.014Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214101"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214120"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214106"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214104"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214123"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214102"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214118"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214102"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214104"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214106"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214101"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/23"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/20"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/19"
},
{
"url": "https://support.apple.com/kb/HT214123"
},
{
"url": "https://support.apple.com/kb/HT214120"
},
{
"url": "https://support.apple.com/kb/HT214118"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "12.7.6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "13.6.8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "14.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.6, macOS Sonoma 14.5, macOS Ventura 13.6.8, tvOS 17.5, visionOS 1.3, watchOS 10.5. A local attacker may be able to cause unexpected system shutdown."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A local attacker may be able to cause unexpected system shutdown",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:26:54.823Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/120901"
},
{
"url": "https://support.apple.com/en-us/120902"
},
{
"url": "https://support.apple.com/en-us/120903"
},
{
"url": "https://support.apple.com/en-us/120905"
},
{
"url": "https://support.apple.com/en-us/120910"
},
{
"url": "https://support.apple.com/en-us/120912"
},
{
"url": "https://support.apple.com/en-us/120915"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-27826",
"datePublished": "2024-07-29T22:17:21.773Z",
"dateReserved": "2024-02-26T15:32:28.524Z",
"dateUpdated": "2026-04-02T18:26:54.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27862 (GCVE-0-2024-27862)
Vulnerability from cvelistv5 – Published: 2024-07-29 22:16 – Updated: 2026-04-02 18:14
VLAI
EPSS
Summary
A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.6. Enabling Lockdown Mode while setting up a Mac may cause FileVault to become unexpectedly disabled.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Enabling Lockdown Mode while setting up a Mac may cause FileVault to become unexpectedly disabled
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
4 references
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos",
"vendor": "apple",
"versions": [
{
"lessThan": "14.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27862",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T14:07:23.003056Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T14:12:05.896Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:19:00.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214119"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/18"
},
{
"url": "https://support.apple.com/kb/HT214119"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.6. Enabling Lockdown Mode while setting up a Mac may cause FileVault to become unexpectedly disabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Enabling Lockdown Mode while setting up a Mac may cause FileVault to become unexpectedly disabled",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:14:51.199Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/120911"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-27862",
"datePublished": "2024-07-29T22:16:48.695Z",
"dateReserved": "2024-02-26T15:32:28.540Z",
"dateUpdated": "2026-04-02T18:14:51.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27863 (GCVE-0-2024-27863)
Vulnerability from cvelistv5 – Published: 2024-07-29 22:16 – Updated: 2026-04-02 18:15
VLAI
EPSS
Summary
An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. A local attacker may be able to determine kernel memory layout.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- A local attacker may be able to determine kernel memory layout
- CWE-noinfo Not enough information
Assigner
References
20 references
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27863",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-30T14:49:36.907707Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T16:10:42.854Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:19:07.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214117"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214124"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214119"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214123"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214122"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/16"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/23"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/21"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/22"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/18"
},
{
"url": "https://support.apple.com/kb/HT214124"
},
{
"url": "https://support.apple.com/kb/HT214123"
},
{
"url": "https://support.apple.com/kb/HT214122"
},
{
"url": "https://support.apple.com/kb/HT214119"
},
{
"url": "https://support.apple.com/kb/HT214117"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. A local attacker may be able to determine kernel memory layout."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A local attacker may be able to determine kernel memory layout",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:15:13.322Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/120909"
},
{
"url": "https://support.apple.com/en-us/120911"
},
{
"url": "https://support.apple.com/en-us/120914"
},
{
"url": "https://support.apple.com/en-us/120915"
},
{
"url": "https://support.apple.com/en-us/120916"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-27863",
"datePublished": "2024-07-29T22:16:49.497Z",
"dateReserved": "2024-02-26T15:32:28.540Z",
"dateUpdated": "2026-04-02T18:15:13.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27871 (GCVE-0-2024-27871)
Vulnerability from cvelistv5 – Published: 2024-07-29 22:17 – Updated: 2026-04-02 18:27
VLAI
EPSS
Summary
A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. An app may be able to access protected user data.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- An app may be able to access protected user data
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | iOS and iPadOS |
Affected:
0 , < 17.6
(custom)
|
|
| Apple | macOS |
Affected:
0 , < 14.6
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27871",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-30T14:45:21.275083Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T16:05:27.754Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:19:10.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214117"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214119"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/16"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/18"
},
{
"url": "https://support.apple.com/kb/HT214119"
},
{
"url": "https://support.apple.com/kb/HT214117"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. An app may be able to access protected user data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to access protected user data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:27:01.053Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/120909"
},
{
"url": "https://support.apple.com/en-us/120911"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-27871",
"datePublished": "2024-07-29T22:17:22.604Z",
"dateReserved": "2024-02-26T15:32:28.541Z",
"dateUpdated": "2026-04-02T18:27:01.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27872 (GCVE-0-2024-27872)
Vulnerability from cvelistv5 – Published: 2024-07-29 22:16 – Updated: 2026-04-02 18:08
VLAI
EPSS
Summary
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sonoma 14.6. An app may be able to access protected user data.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- An app may be able to access protected user data
- CWE-61 - UNIX Symbolic Link (Symlink) Following
Assigner
References
4 references
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27872",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-30T18:30:57.256066Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61 UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T18:51:39.718Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:19:11.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214119"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/18"
},
{
"url": "https://support.apple.com/kb/HT214119"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sonoma 14.6. An app may be able to access protected user data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to access protected user data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:08:01.001Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/120911"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-27872",
"datePublished": "2024-07-29T22:16:28.477Z",
"dateReserved": "2024-02-26T15:32:28.541Z",
"dateUpdated": "2026-04-02T18:08:01.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27873 (GCVE-0-2024-27873)
Vulnerability from cvelistv5 – Published: 2024-07-29 22:16 – Updated: 2026-04-02 18:11
VLAI
EPSS
Summary
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. Processing a maliciously crafted video file may lead to unexpected app termination.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Processing a maliciously crafted video file may lead to unexpected app termination
- CWE-787 - Out-of-bounds Write
Assigner
References
19 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | iOS and iPadOS |
Affected:
0 , < 16.7.9
(custom)
Affected: 0 , < 17.6 (custom) |
|
| Apple | macOS |
Affected:
0 , < 12.7.6
(custom)
Affected: 0 , < 13.6.8 (custom) Affected: 0 , < 14.6 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27873",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-29T23:52:08.601993Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T18:17:50.870Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:19:17.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214117"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214116"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214120"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214119"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214118"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/16"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/20"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/17"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/18"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/19"
},
{
"url": "https://support.apple.com/kb/HT214120"
},
{
"url": "https://support.apple.com/kb/HT214119"
},
{
"url": "https://support.apple.com/kb/HT214118"
},
{
"url": "https://support.apple.com/kb/HT214117"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.7.9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "17.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "12.7.6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "13.6.8",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "14.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. Processing a maliciously crafted video file may lead to unexpected app termination."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing a maliciously crafted video file may lead to unexpected app termination",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:11:25.530Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/120908"
},
{
"url": "https://support.apple.com/en-us/120909"
},
{
"url": "https://support.apple.com/en-us/120910"
},
{
"url": "https://support.apple.com/en-us/120911"
},
{
"url": "https://support.apple.com/en-us/120912"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-27873",
"datePublished": "2024-07-29T22:16:40.354Z",
"dateReserved": "2024-02-26T15:32:28.542Z",
"dateUpdated": "2026-04-02T18:11:25.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…