All the vulnerabilites related to wpewebkit - wpe_webkit
cve-2023-28198
Vulnerability from cvelistv5
Published
2023-08-14 22:40
Modified
2024-08-02 12:30
Severity ?
EPSS score ?
Summary
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Apple | macOS |
Version: unspecified < 13.3 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:30:24.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213670"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213676"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing web content may lead to arbitrary code execution",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T22:40:37.966Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213670"
},
{
"url": "https://support.apple.com/en-us/HT213676"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
},
{
"url": "https://security.gentoo.org/glsa/202401-04"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2023-28198",
"datePublished": "2023-08-14T22:40:37.966Z",
"dateReserved": "2023-03-13T18:37:25.757Z",
"dateUpdated": "2024-08-02T12:30:24.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23254
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2024-12-04 17:21
Severity ?
EPSS score ?
Summary
The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23254",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-08T15:22:13.972787Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T17:21:36.617Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:32.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214087"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214086"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214081"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214089"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214084"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214088"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/20"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/25"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/24"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/26"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A malicious website may exfiltrate audio data cross-origin",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-08T01:36:07.243Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT214087"
},
{
"url": "https://support.apple.com/en-us/HT214086"
},
{
"url": "https://support.apple.com/en-us/HT214081"
},
{
"url": "https://support.apple.com/en-us/HT214089"
},
{
"url": "https://support.apple.com/en-us/HT214084"
},
{
"url": "https://support.apple.com/en-us/HT214088"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/20"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/25"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/24"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/26"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-23254",
"datePublished": "2024-03-08T01:36:07.243Z",
"dateReserved": "2024-01-12T22:22:21.487Z",
"dateUpdated": "2024-12-04T17:21:36.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-40397
Vulnerability from cvelistv5
Published
2023-09-06 20:48
Modified
2024-08-02 18:31
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.770Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213843"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A remote attacker may be able to cause arbitrary javascript code execution",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T20:48:06.383Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213843"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
},
{
"url": "https://security.gentoo.org/glsa/202401-04"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2023-40397",
"datePublished": "2023-09-06T20:48:06.383Z",
"dateReserved": "2023-08-14T20:26:36.254Z",
"dateUpdated": "2024-08-02T18:31:53.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10018
Vulnerability from cvelistv5
Published
2020-03-02 22:11
Modified
2024-08-04 10:50
Severity ?
EPSS score ?
Summary
WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.webkit.org/show_bug.cgi?id=204342#c21 | x_refsource_MISC | |
| https://webkitgtk.org/security/WSA-2020-0003.html | x_refsource_MISC | |
| https://wpewebkit.org/security/WSA-2020-0003.html | x_refsource_MISC | |
| https://www.debian.org/security/2020/dsa-4641 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLERWAS2LL7SX2GHA2DDZ2PL3QC5OHIF/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOR5LPL4UASVAR76EIHCL4O2KGDWGC6K/ | vendor-advisory, x_refsource_FEDORA | |
| https://usn.ubuntu.com/4310-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00008.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/202006-08 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.webkit.org/show_bug.cgi?id=204342#c21"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://webkitgtk.org/security/WSA-2020-0003.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpewebkit.org/security/WSA-2020-0003.html"
},
{
"name": "DSA-4641",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4641"
},
{
"name": "FEDORA-2020-f3fa778924",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLERWAS2LL7SX2GHA2DDZ2PL3QC5OHIF/"
},
{
"name": "FEDORA-2020-f25793aac4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOR5LPL4UASVAR76EIHCL4O2KGDWGC6K/"
},
{
"name": "USN-4310-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4310-1/"
},
{
"name": "openSUSE-SU-2020:0602",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00008.html"
},
{
"name": "GLSA-202006-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202006-08"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-13T03:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.webkit.org/show_bug.cgi?id=204342#c21"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://webkitgtk.org/security/WSA-2020-0003.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpewebkit.org/security/WSA-2020-0003.html"
},
{
"name": "DSA-4641",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4641"
},
{
"name": "FEDORA-2020-f3fa778924",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLERWAS2LL7SX2GHA2DDZ2PL3QC5OHIF/"
},
{
"name": "FEDORA-2020-f25793aac4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOR5LPL4UASVAR76EIHCL4O2KGDWGC6K/"
},
{
"name": "USN-4310-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4310-1/"
},
{
"name": "openSUSE-SU-2020:0602",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00008.html"
},
{
"name": "GLSA-202006-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202006-08"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.webkit.org/show_bug.cgi?id=204342#c21",
"refsource": "MISC",
"url": "https://bugs.webkit.org/show_bug.cgi?id=204342#c21"
},
{
"name": "https://webkitgtk.org/security/WSA-2020-0003.html",
"refsource": "MISC",
"url": "https://webkitgtk.org/security/WSA-2020-0003.html"
},
{
"name": "https://wpewebkit.org/security/WSA-2020-0003.html",
"refsource": "MISC",
"url": "https://wpewebkit.org/security/WSA-2020-0003.html"
},
{
"name": "DSA-4641",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4641"
},
{
"name": "FEDORA-2020-f3fa778924",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLERWAS2LL7SX2GHA2DDZ2PL3QC5OHIF/"
},
{
"name": "FEDORA-2020-f25793aac4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DOR5LPL4UASVAR76EIHCL4O2KGDWGC6K/"
},
{
"name": "USN-4310-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4310-1/"
},
{
"name": "openSUSE-SU-2020:0602",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00008.html"
},
{
"name": "GLSA-202006-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202006-08"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10018",
"datePublished": "2020-03-02T22:11:56",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:50:57.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-32893
Vulnerability from cvelistv5
Published
2022-08-24 00:00
Modified
2024-08-03 07:54
Severity ?
EPSS score ?
Summary
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:54:03.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213414"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213412"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213413"
},
{
"name": "[oss-security] 20220825 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/25/5"
},
{
"name": "[oss-security] 20220826 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/26/2"
},
{
"name": "FEDORA-2022-eada5f24a0",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SETAAXEPGNBMYKTUDFEZHS5LGSQ64QL/"
},
{
"name": "DSA-5220",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5220"
},
{
"name": "DSA-5219",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5219"
},
{
"name": "[oss-security] 20220829 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/29/1"
},
{
"name": "[oss-security] 20220829 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/29/2"
},
{
"name": "[debian-lts-announce] 20220830 [SECURITY] [DLA 3087-1] webkit2gtk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00019.html"
},
{
"name": "GLSA-202208-39",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-39"
},
{
"name": "20220831 APPLE-SA-2022-08-31-1 iOS 12.5.6",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Aug/16"
},
{
"name": "[oss-security] 20220902 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/10"
},
{
"name": "FEDORA-2022-ddfeee50c9",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKJGV2EXVMYQW3OAJNI4WUTKKVMD2YYK/"
},
{
"name": "[oss-security] 20220913 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/13/1"
},
{
"name": "20221030 APPLE-SA-2022-10-27-13 watchOS 9",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/49"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "15.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "12.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-30T00:00:00",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213414"
},
{
"url": "https://support.apple.com/en-us/HT213412"
},
{
"url": "https://support.apple.com/en-us/HT213413"
},
{
"name": "[oss-security] 20220825 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/25/5"
},
{
"name": "[oss-security] 20220826 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/26/2"
},
{
"name": "FEDORA-2022-eada5f24a0",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SETAAXEPGNBMYKTUDFEZHS5LGSQ64QL/"
},
{
"name": "DSA-5220",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5220"
},
{
"name": "DSA-5219",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5219"
},
{
"name": "[oss-security] 20220829 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/29/1"
},
{
"name": "[oss-security] 20220829 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/29/2"
},
{
"name": "[debian-lts-announce] 20220830 [SECURITY] [DLA 3087-1] webkit2gtk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00019.html"
},
{
"name": "GLSA-202208-39",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-39"
},
{
"name": "20220831 APPLE-SA-2022-08-31-1 iOS 12.5.6",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Aug/16"
},
{
"name": "[oss-security] 20220902 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/10"
},
{
"name": "FEDORA-2022-ddfeee50c9",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKJGV2EXVMYQW3OAJNI4WUTKKVMD2YYK/"
},
{
"name": "[oss-security] 20220913 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0008",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/13/1"
},
{
"name": "20221030 APPLE-SA-2022-10-27-13 watchOS 9",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/49"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2022-32893",
"datePublished": "2022-08-24T00:00:00",
"dateReserved": "2022-06-09T00:00:00",
"dateUpdated": "2024-08-03T07:54:03.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23263
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2024-08-01 22:59
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | visionOS |
Version: unspecified < 1.1 |
||||||||||||||||||||||||
|
|||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "visionos",
"vendor": "apple",
"versions": [
{
"lessThan": "1.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "tvos",
"vendor": "apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:iphone_os:16.7:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "iphone_os",
"vendor": "apple",
"versions": [
{
"lessThan": "16.7.6",
"status": "affected",
"version": "16.7",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:ipad_os:16.7:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "ipad_os",
"vendor": "apple",
"versions": [
{
"lessThan": "16.7.6",
"status": "affected",
"version": "16.7",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:iphone_os:17.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "iphone_os",
"vendor": "apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "17.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:ipad_os:17.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "ipad_os",
"vendor": "apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "17.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "macos",
"vendor": "apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "14.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "watchos",
"vendor": "apple",
"versions": [
{
"lessThan": "10.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "webkitgtk",
"vendor": "webkitgtk",
"versions": [
{
"lessThan": "2.45.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "safari",
"vendor": "apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23263",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-18T04:00:44.910447Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T14:06:07.414Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:32.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214087"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214086"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214081"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214082"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214089"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214084"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214088"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/20"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/25"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/24"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/26"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may prevent Content Security Policy from being enforced",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-08T01:36:19.295Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT214087"
},
{
"url": "https://support.apple.com/en-us/HT214086"
},
{
"url": "https://support.apple.com/en-us/HT214081"
},
{
"url": "https://support.apple.com/en-us/HT214082"
},
{
"url": "https://support.apple.com/en-us/HT214089"
},
{
"url": "https://support.apple.com/en-us/HT214084"
},
{
"url": "https://support.apple.com/en-us/HT214088"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/20"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/25"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/24"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/26"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-23263",
"datePublished": "2024-03-08T01:36:19.295Z",
"dateReserved": "2024-01-12T22:22:21.490Z",
"dateUpdated": "2024-08-01T22:59:32.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23284
Vulnerability from cvelistv5
Published
2024-03-08 01:35
Modified
2024-08-26 15:01
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | visionOS |
Version: unspecified < 1.1 |
||||||||||||||||||||||||
|
|||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:32.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214087"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214086"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214081"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214082"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214089"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214084"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214088"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/20"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/25"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/24"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/26"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23284",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-07T04:00:29.525435Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T15:01:51.652Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may prevent Content Security Policy from being enforced",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-08T01:35:43.782Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT214087"
},
{
"url": "https://support.apple.com/en-us/HT214086"
},
{
"url": "https://support.apple.com/en-us/HT214081"
},
{
"url": "https://support.apple.com/en-us/HT214082"
},
{
"url": "https://support.apple.com/en-us/HT214089"
},
{
"url": "https://support.apple.com/en-us/HT214084"
},
{
"url": "https://support.apple.com/en-us/HT214088"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/20"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/25"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/24"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/26"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-23284",
"datePublished": "2024-03-08T01:35:43.782Z",
"dateReserved": "2024-01-12T22:22:21.499Z",
"dateUpdated": "2024-08-26T15:01:51.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11070
Vulnerability from cvelistv5
Published
2019-04-10 20:15
Modified
2024-08-04 22:40
Severity ?
EPSS score ?
Summary
WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.webkit.org/show_bug.cgi?id=193718 | x_refsource_MISC | |
| https://trac.webkit.org/changeset/243197/webkit | x_refsource_MISC | |
| https://seclists.org/bugtraq/2019/Apr/21 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.openwall.com/lists/oss-security/2019/04/11/1 | mailing-list, x_refsource_MLIST | |
| http://packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.html | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YO5ZBUWOOXMVZPBYLZRDZF6ZQGBYJERQ/ | vendor-advisory, x_refsource_FEDORA | |
| https://usn.ubuntu.com/3948-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00031.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/201909-05 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:16.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.webkit.org/show_bug.cgi?id=193718"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trac.webkit.org/changeset/243197/webkit"
},
{
"name": "20190411 WebKitGTK and WPE WebKit Security Advisory WSA-2019-0002",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/21"
},
{
"name": "[oss-security] 20190410 WebKitGTK and WPE WebKit Security Advisory WSA-2019-0002",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/11/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.html"
},
{
"name": "FEDORA-2019-d9a15be3ba",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YO5ZBUWOOXMVZPBYLZRDZF6ZQGBYJERQ/"
},
{
"name": "USN-3948-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3948-1/"
},
{
"name": "openSUSE-SU-2019:1374",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.html"
},
{
"name": "openSUSE-SU-2019:1391",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00031.html"
},
{
"name": "GLSA-201909-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201909-05"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-06T17:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.webkit.org/show_bug.cgi?id=193718"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trac.webkit.org/changeset/243197/webkit"
},
{
"name": "20190411 WebKitGTK and WPE WebKit Security Advisory WSA-2019-0002",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Apr/21"
},
{
"name": "[oss-security] 20190410 WebKitGTK and WPE WebKit Security Advisory WSA-2019-0002",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/11/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.html"
},
{
"name": "FEDORA-2019-d9a15be3ba",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YO5ZBUWOOXMVZPBYLZRDZF6ZQGBYJERQ/"
},
{
"name": "USN-3948-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3948-1/"
},
{
"name": "openSUSE-SU-2019:1374",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.html"
},
{
"name": "openSUSE-SU-2019:1391",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00031.html"
},
{
"name": "GLSA-201909-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201909-05"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11070",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.webkit.org/show_bug.cgi?id=193718",
"refsource": "MISC",
"url": "https://bugs.webkit.org/show_bug.cgi?id=193718"
},
{
"name": "https://trac.webkit.org/changeset/243197/webkit",
"refsource": "MISC",
"url": "https://trac.webkit.org/changeset/243197/webkit"
},
{
"name": "20190411 WebKitGTK and WPE WebKit Security Advisory WSA-2019-0002",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/21"
},
{
"name": "[oss-security] 20190410 WebKitGTK and WPE WebKit Security Advisory WSA-2019-0002",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/04/11/1"
},
{
"name": "http://packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.html"
},
{
"name": "FEDORA-2019-d9a15be3ba",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YO5ZBUWOOXMVZPBYLZRDZF6ZQGBYJERQ/"
},
{
"name": "USN-3948-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3948-1/"
},
{
"name": "openSUSE-SU-2019:1374",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.html"
},
{
"name": "openSUSE-SU-2019:1391",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00031.html"
},
{
"name": "GLSA-201909-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201909-05"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11070",
"datePublished": "2019-04-10T20:15:06",
"dateReserved": "2019-04-10T00:00:00",
"dateUpdated": "2024-08-04T22:40:16.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-8720
Vulnerability from cvelistv5
Published
2023-03-06 00:00
Modified
2024-08-04 21:24
Severity ?
EPSS score ?
Summary
A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:24:29.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1876611"
},
{
"tags": [
"x_transferred"
],
"url": "https://webkitgtk.org/security/WSA-2019-0005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "webkitgtk",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in webkitgtk 2.26.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-06T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1876611"
},
{
"url": "https://webkitgtk.org/security/WSA-2019-0005.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-8720",
"datePublished": "2023-03-06T00:00:00",
"dateReserved": "2019-02-18T00:00:00",
"dateUpdated": "2024-08-04T21:24:29.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-27834
Vulnerability from cvelistv5
Published
2024-05-13 23:00
Modified
2024-08-02 00:41
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ipad_os",
"vendor": "apple",
"versions": [
{
"lessThan": "17.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos",
"vendor": "apple",
"versions": [
{
"lessThan": "14.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tvos",
"vendor": "apple",
"versions": [
{
"lessThan": "17.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "watchos",
"vendor": "apple",
"versions": [
{
"lessThan": "10.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "iphone_os",
"vendor": "apple",
"versions": [
{
"lessThan": "17.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27834",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-16T04:00:11.988391Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-277",
"description": "CWE-277 Insecure Inherited Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T15:23:00.293Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:41:55.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214101"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214106"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214104"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214103"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214102"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/May/17"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/05/21/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/May/10"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/May/9"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/May/12"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/May/16"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WKIXADCW3O4R2OOSDZGPU55XQFE6NA3M/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADCLQW54XN37VJZNYD3UKCYATJFIMYXG/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-13T23:00:50.836Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT214101"
},
{
"url": "https://support.apple.com/en-us/HT214106"
},
{
"url": "https://support.apple.com/en-us/HT214104"
},
{
"url": "https://support.apple.com/en-us/HT214103"
},
{
"url": "https://support.apple.com/en-us/HT214102"
},
{
"url": "http://seclists.org/fulldisclosure/2024/May/17"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/05/21/1"
},
{
"url": "http://seclists.org/fulldisclosure/2024/May/10"
},
{
"url": "http://seclists.org/fulldisclosure/2024/May/9"
},
{
"url": "http://seclists.org/fulldisclosure/2024/May/12"
},
{
"url": "http://seclists.org/fulldisclosure/2024/May/16"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WKIXADCW3O4R2OOSDZGPU55XQFE6NA3M/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADCLQW54XN37VJZNYD3UKCYATJFIMYXG/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-27834",
"datePublished": "2024-05-13T23:00:50.836Z",
"dateReserved": "2024-02-26T15:32:28.527Z",
"dateUpdated": "2024-08-02T00:41:55.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23280
Vulnerability from cvelistv5
Published
2024-03-08 01:36
Modified
2024-10-31 16:45
Severity ?
EPSS score ?
Summary
An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:32.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214086"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214081"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214089"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214084"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214088"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/20"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/25"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/24"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tvos",
"vendor": "apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ios",
"vendor": "apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ipados",
"vendor": "apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "safari",
"vendor": "apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos",
"vendor": "apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "watchos",
"vendor": "apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23280",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T20:33:30.944280Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T16:45:41.969Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A maliciously crafted webpage may be able to fingerprint the user",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-08T01:36:14.625Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT214086"
},
{
"url": "https://support.apple.com/en-us/HT214081"
},
{
"url": "https://support.apple.com/en-us/HT214089"
},
{
"url": "https://support.apple.com/en-us/HT214084"
},
{
"url": "https://support.apple.com/en-us/HT214088"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/20"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/25"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/24"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2024-23280",
"datePublished": "2024-03-08T01:36:14.625Z",
"dateReserved": "2024-01-12T22:22:21.499Z",
"dateUpdated": "2024-10-31T16:45:41.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-42843
Vulnerability from cvelistv5
Published
2024-02-21 06:41
Modified
2024-11-04 16:45
Severity ?
EPSS score ?
Summary
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing.
References
Impacted products
| Vendor | Product | Version | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apple | iOS and iPadOS |
Version: unspecified < 16.7 |
||||||||||||
|
|||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:apple:ios_and_ipados:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ios_and_ipados",
"vendor": "apple",
"versions": [
{
"lessThan": "16.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "safari",
"vendor": "apple",
"versions": [
{
"lessThan": "17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos",
"vendor": "apple",
"versions": [
{
"lessThan": "14.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-42843",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-04T16:39:32.031098Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T16:45:42.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:30:24.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213981"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213986"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213984"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213982"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Visiting a malicious website may lead to address bar spoofing",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-21T06:41:27.506Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213981"
},
{
"url": "https://support.apple.com/en-us/HT213986"
},
{
"url": "https://support.apple.com/en-us/HT213984"
},
{
"url": "https://support.apple.com/en-us/HT213982"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2023-42843",
"datePublished": "2024-02-21T06:41:27.506Z",
"dateReserved": "2023-09-14T19:05:11.449Z",
"dateUpdated": "2024-11-04T16:45:42.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6251
Vulnerability from cvelistv5
Published
2019-01-14 07:00
Modified
2024-08-04 20:16
Severity ?
EPSS score ?
Summary
WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:24.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.gnome.org/GNOME/epiphany/issues/532"
},
{
"name": "20190411 WebKitGTK and WPE WebKit Security Advisory WSA-2019-0002",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Apr/21"
},
{
"name": "[oss-security] 20190410 WebKitGTK and WPE WebKit Security Advisory WSA-2019-0002",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/11/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.html"
},
{
"name": "FEDORA-2019-d9a15be3ba",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YO5ZBUWOOXMVZPBYLZRDZF6ZQGBYJERQ/"
},
{
"name": "FEDORA-2019-b3ad0a302b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNPI3R6QWDJBA5KNGA6QSMKYLY5RRHBZ/"
},
{
"name": "USN-3948-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3948-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.webkit.org/show_bug.cgi?id=194208"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trac.webkit.org/changeset/243434"
},
{
"name": "FEDORA-2019-432b3dff25",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LACVFU4MYYRPJ3IEA4UCN5KUEAGCCJ72/"
},
{
"name": "FEDORA-2019-77433fc7f3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UO3DIA54X7FOUWFZW5YXC2MZ6KNHG6SW/"
},
{
"name": "FEDORA-2019-74f7603660",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSCDI3635E37GL4BNJDRDT2KEUBDLGSO/"
},
{
"name": "openSUSE-SU-2019:1374",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.html"
},
{
"name": "openSUSE-SU-2019:1391",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00031.html"
},
{
"name": "GLSA-201909-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201909-05"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-06T17:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.gnome.org/GNOME/epiphany/issues/532"
},
{
"name": "20190411 WebKitGTK and WPE WebKit Security Advisory WSA-2019-0002",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Apr/21"
},
{
"name": "[oss-security] 20190410 WebKitGTK and WPE WebKit Security Advisory WSA-2019-0002",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/11/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.html"
},
{
"name": "FEDORA-2019-d9a15be3ba",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YO5ZBUWOOXMVZPBYLZRDZF6ZQGBYJERQ/"
},
{
"name": "FEDORA-2019-b3ad0a302b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNPI3R6QWDJBA5KNGA6QSMKYLY5RRHBZ/"
},
{
"name": "USN-3948-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3948-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.webkit.org/show_bug.cgi?id=194208"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trac.webkit.org/changeset/243434"
},
{
"name": "FEDORA-2019-432b3dff25",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LACVFU4MYYRPJ3IEA4UCN5KUEAGCCJ72/"
},
{
"name": "FEDORA-2019-77433fc7f3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UO3DIA54X7FOUWFZW5YXC2MZ6KNHG6SW/"
},
{
"name": "FEDORA-2019-74f7603660",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSCDI3635E37GL4BNJDRDT2KEUBDLGSO/"
},
{
"name": "openSUSE-SU-2019:1374",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.html"
},
{
"name": "openSUSE-SU-2019:1391",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00031.html"
},
{
"name": "GLSA-201909-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201909-05"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.gnome.org/GNOME/epiphany/issues/532",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/epiphany/issues/532"
},
{
"name": "20190411 WebKitGTK and WPE WebKit Security Advisory WSA-2019-0002",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Apr/21"
},
{
"name": "[oss-security] 20190410 WebKitGTK and WPE WebKit Security Advisory WSA-2019-0002",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/04/11/1"
},
{
"name": "http://packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.html"
},
{
"name": "FEDORA-2019-d9a15be3ba",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YO5ZBUWOOXMVZPBYLZRDZF6ZQGBYJERQ/"
},
{
"name": "FEDORA-2019-b3ad0a302b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNPI3R6QWDJBA5KNGA6QSMKYLY5RRHBZ/"
},
{
"name": "USN-3948-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3948-1/"
},
{
"name": "https://bugs.webkit.org/show_bug.cgi?id=194208",
"refsource": "MISC",
"url": "https://bugs.webkit.org/show_bug.cgi?id=194208"
},
{
"name": "https://trac.webkit.org/changeset/243434",
"refsource": "MISC",
"url": "https://trac.webkit.org/changeset/243434"
},
{
"name": "FEDORA-2019-432b3dff25",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LACVFU4MYYRPJ3IEA4UCN5KUEAGCCJ72/"
},
{
"name": "FEDORA-2019-77433fc7f3",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UO3DIA54X7FOUWFZW5YXC2MZ6KNHG6SW/"
},
{
"name": "FEDORA-2019-74f7603660",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSCDI3635E37GL4BNJDRDT2KEUBDLGSO/"
},
{
"name": "openSUSE-SU-2019:1374",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.html"
},
{
"name": "openSUSE-SU-2019:1391",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00031.html"
},
{
"name": "GLSA-201909-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201909-05"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-6251",
"datePublished": "2019-01-14T07:00:00",
"dateReserved": "2019-01-13T00:00:00",
"dateUpdated": "2024-08-04T20:16:24.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32370
Vulnerability from cvelistv5
Published
2023-09-06 01:36
Modified
2024-09-30 18:17
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. Content Security Policy to block domains with wildcards may fail.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:24.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213670"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32370",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T18:17:38.085978Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T18:17:49.178Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. Content Security Policy to block domains with wildcards may fail."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Content Security Policy to block domains with wildcards may fail",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T01:36:31.884Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213670"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
},
{
"url": "https://security.gentoo.org/glsa/202401-04"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2023-32370",
"datePublished": "2023-09-06T01:36:31.884Z",
"dateReserved": "2023-05-08T22:31:41.818Z",
"dateUpdated": "2024-09-30T18:17:49.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-12293
Vulnerability from cvelistv5
Published
2018-06-19 21:00
Modified
2024-08-05 08:30
Severity ?
EPSS score ?
Summary
The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.webkit.org/show_bug.cgi?id=186384 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/201808-04 | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/archive/1/542087/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://www.exploit-db.com/exploits/45205/ | exploit, x_refsource_EXPLOIT-DB | |
| https://trac.webkit.org/changeset/232618 | x_refsource_MISC | |
| https://usn.ubuntu.com/3687-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://packetstormsecurity.com/files/148200/WebKitGTK-Data-Leak-Code-Execution.html | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2018/06/14/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.webkit.org/show_bug.cgi?id=186384"
},
{
"name": "GLSA-201808-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201808-04"
},
{
"name": "20180614 WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/542087/100/0/threaded"
},
{
"name": "45205",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45205/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trac.webkit.org/changeset/232618"
},
{
"name": "USN-3687-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3687-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/148200/WebKitGTK-Data-Leak-Code-Execution.html"
},
{
"name": "[oss-security] 20180614 WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2018/06/14/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-21T09:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.webkit.org/show_bug.cgi?id=186384"
},
{
"name": "GLSA-201808-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201808-04"
},
{
"name": "20180614 WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/542087/100/0/threaded"
},
{
"name": "45205",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45205/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trac.webkit.org/changeset/232618"
},
{
"name": "USN-3687-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3687-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/148200/WebKitGTK-Data-Leak-Code-Execution.html"
},
{
"name": "[oss-security] 20180614 WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2018/06/14/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.webkit.org/show_bug.cgi?id=186384",
"refsource": "MISC",
"url": "https://bugs.webkit.org/show_bug.cgi?id=186384"
},
{
"name": "GLSA-201808-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201808-04"
},
{
"name": "20180614 WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/542087/100/0/threaded"
},
{
"name": "45205",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45205/"
},
{
"name": "https://trac.webkit.org/changeset/232618",
"refsource": "MISC",
"url": "https://trac.webkit.org/changeset/232618"
},
{
"name": "USN-3687-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3687-1/"
},
{
"name": "http://packetstormsecurity.com/files/148200/WebKitGTK-Data-Leak-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/148200/WebKitGTK-Data-Leak-Code-Execution.html"
},
{
"name": "[oss-security] 20180614 WebKitGTK+ and WPE WebKit Security Advisory WSA-2018-0005",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/06/14/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12293",
"datePublished": "2018-06-19T21:00:00",
"dateReserved": "2018-06-13T00:00:00",
"dateUpdated": "2024-08-05T08:30:59.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-13753
Vulnerability from cvelistv5
Published
2020-07-14 13:07
Modified
2024-08-04 12:25
Severity ?
EPSS score ?
Summary
The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226.
References
| ▼ | URL | Tags |
|---|---|---|
| https://trac.webkit.org/changeset/262368/webkit | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2020/07/10/1 | x_refsource_CONFIRM | |
| https://www.debian.org/security/2020/dsa-4724 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GER2ATKZXDHM7FFYJH67ZPNZZX5VOUVM/ | vendor-advisory, x_refsource_FEDORA | |
| https://usn.ubuntu.com/4422-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00074.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/202007-11 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trac.webkit.org/changeset/262368/webkit"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/07/10/1"
},
{
"name": "DSA-4724",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4724"
},
{
"name": "FEDORA-2020-d2736ee493",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GER2ATKZXDHM7FFYJH67ZPNZZX5VOUVM/"
},
{
"name": "USN-4422-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4422-1/"
},
{
"name": "openSUSE-SU-2020:1064",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00074.html"
},
{
"name": "GLSA-202007-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal\u0027s input buffer, similar to CVE-2017-5226."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-27T01:07:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trac.webkit.org/changeset/262368/webkit"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openwall.com/lists/oss-security/2020/07/10/1"
},
{
"name": "DSA-4724",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4724"
},
{
"name": "FEDORA-2020-d2736ee493",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GER2ATKZXDHM7FFYJH67ZPNZZX5VOUVM/"
},
{
"name": "USN-4422-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4422-1/"
},
{
"name": "openSUSE-SU-2020:1064",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00074.html"
},
{
"name": "GLSA-202007-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal\u0027s input buffer, similar to CVE-2017-5226."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://trac.webkit.org/changeset/262368/webkit",
"refsource": "MISC",
"url": "https://trac.webkit.org/changeset/262368/webkit"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/07/10/1",
"refsource": "CONFIRM",
"url": "https://www.openwall.com/lists/oss-security/2020/07/10/1"
},
{
"name": "DSA-4724",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4724"
},
{
"name": "FEDORA-2020-d2736ee493",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GER2ATKZXDHM7FFYJH67ZPNZZX5VOUVM/"
},
{
"name": "USN-4422-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4422-1/"
},
{
"name": "openSUSE-SU-2020:1064",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00074.html"
},
{
"name": "GLSA-202007-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13753",
"datePublished": "2020-07-14T13:07:18",
"dateReserved": "2020-06-01T00:00:00",
"dateUpdated": "2024-08-04T12:25:16.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-11793
Vulnerability from cvelistv5
Published
2020-04-17 12:40
Modified
2024-08-04 11:42
Severity ?
EPSS score ?
Summary
A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash).
References
| ▼ | URL | Tags |
|---|---|---|
| https://webkitgtk.org/security/WSA-2020-0004.html | x_refsource_CONFIRM | |
| https://wpewebkit.org/security/WSA-2020-0004.html | x_refsource_CONFIRM | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3P4YISPE5QX4YD54GDRZIH2X5RCH3QGW/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTKY2MWP6PB6TE3ZKOOMKX7HZUCQNYF6/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3MQTRC6ITFTVS5R5Z24PMJS6FXJKGRD/ | vendor-advisory, x_refsource_FEDORA | |
| https://usn.ubuntu.com/4331-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00008.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/202006-08 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://webkitgtk.org/security/WSA-2020-0004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpewebkit.org/security/WSA-2020-0004.html"
},
{
"name": "FEDORA-2020-abd0e92eaa",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3P4YISPE5QX4YD54GDRZIH2X5RCH3QGW/"
},
{
"name": "FEDORA-2020-11b0f45883",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTKY2MWP6PB6TE3ZKOOMKX7HZUCQNYF6/"
},
{
"name": "FEDORA-2020-4832f2bd62",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3MQTRC6ITFTVS5R5Z24PMJS6FXJKGRD/"
},
{
"name": "USN-4331-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4331-1/"
},
{
"name": "openSUSE-SU-2020:0602",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00008.html"
},
{
"name": "GLSA-202006-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202006-08"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-13T03:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://webkitgtk.org/security/WSA-2020-0004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpewebkit.org/security/WSA-2020-0004.html"
},
{
"name": "FEDORA-2020-abd0e92eaa",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3P4YISPE5QX4YD54GDRZIH2X5RCH3QGW/"
},
{
"name": "FEDORA-2020-11b0f45883",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTKY2MWP6PB6TE3ZKOOMKX7HZUCQNYF6/"
},
{
"name": "FEDORA-2020-4832f2bd62",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3MQTRC6ITFTVS5R5Z24PMJS6FXJKGRD/"
},
{
"name": "USN-4331-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4331-1/"
},
{
"name": "openSUSE-SU-2020:0602",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00008.html"
},
{
"name": "GLSA-202006-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202006-08"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://webkitgtk.org/security/WSA-2020-0004.html",
"refsource": "CONFIRM",
"url": "https://webkitgtk.org/security/WSA-2020-0004.html"
},
{
"name": "https://wpewebkit.org/security/WSA-2020-0004.html",
"refsource": "CONFIRM",
"url": "https://wpewebkit.org/security/WSA-2020-0004.html"
},
{
"name": "FEDORA-2020-abd0e92eaa",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3P4YISPE5QX4YD54GDRZIH2X5RCH3QGW/"
},
{
"name": "FEDORA-2020-11b0f45883",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTKY2MWP6PB6TE3ZKOOMKX7HZUCQNYF6/"
},
{
"name": "FEDORA-2020-4832f2bd62",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3MQTRC6ITFTVS5R5Z24PMJS6FXJKGRD/"
},
{
"name": "USN-4331-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4331-1/"
},
{
"name": "openSUSE-SU-2020:0602",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00008.html"
},
{
"name": "GLSA-202006-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202006-08"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11793",
"datePublished": "2020-04-17T12:40:21",
"dateReserved": "2020-04-15T00:00:00",
"dateUpdated": "2024-08-04T11:42:00.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-2294
Vulnerability from cvelistv5
Published
2022-07-28 00:00
Modified
2024-08-03 00:32
Severity ?
EPSS score ?
Summary
Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:32:09.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://crbug.com/1341043"
},
{
"tags": [
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html"
},
{
"name": "FEDORA-2022-0102ccc2a2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/"
},
{
"name": "FEDORA-2022-1d3d5a0341",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7/"
},
{
"name": "[oss-security] 20220728 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0007",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/28/2"
},
{
"name": "GLSA-202208-35",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-35"
},
{
"name": "GLSA-202208-39",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-39"
},
{
"name": "GLSA-202311-11",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "103.0.5060.114",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap buffer overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-25T11:06:49.314989",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://crbug.com/1341043"
},
{
"url": "https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html"
},
{
"name": "FEDORA-2022-0102ccc2a2",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/"
},
{
"name": "FEDORA-2022-1d3d5a0341",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7/"
},
{
"name": "[oss-security] 20220728 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0007",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/28/2"
},
{
"name": "GLSA-202208-35",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-35"
},
{
"name": "GLSA-202208-39",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-39"
},
{
"name": "GLSA-202311-11",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-11"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2022-2294",
"datePublished": "2022-07-28T00:00:00",
"dateReserved": "2022-07-03T00:00:00",
"dateUpdated": "2024-08-03T00:32:09.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-42762
Vulnerability from cvelistv5
Published
2021-10-20 18:15
Modified
2024-08-04 03:38
Severity ?
EPSS score ?
Summary
BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.056Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.webkit.org/show_bug.cgi?id=231479"
},
{
"name": "[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"
},
{
"name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"
},
{
"name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"
},
{
"name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"
},
{
"name": "DSA-4995",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4995"
},
{
"name": "DSA-4996",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4996"
},
{
"name": "FEDORA-2021-db6ebb2d68",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5J2LZQTDX53DNSKSGU7TQYCO2HKSTY4/"
},
{
"name": "FEDORA-2021-131360fa9a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ON5SDVVPVPCAGFPW2GHYATZVZYLPW2L4/"
},
{
"name": "FEDORA-2021-483d896d1d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H6MGXCX7P5AHWOQ6IRT477UKT7IS4DAD/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-07T02:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.webkit.org/show_bug.cgi?id=231479"
},
{
"name": "[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"
},
{
"name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"
},
{
"name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"
},
{
"name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"
},
{
"name": "DSA-4995",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4995"
},
{
"name": "DSA-4996",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4996"
},
{
"name": "FEDORA-2021-db6ebb2d68",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5J2LZQTDX53DNSKSGU7TQYCO2HKSTY4/"
},
{
"name": "FEDORA-2021-131360fa9a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ON5SDVVPVPCAGFPW2GHYATZVZYLPW2L4/"
},
{
"name": "FEDORA-2021-483d896d1d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H6MGXCX7P5AHWOQ6IRT477UKT7IS4DAD/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-42762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q",
"refsource": "MISC",
"url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q"
},
{
"name": "https://bugs.webkit.org/show_bug.cgi?id=231479",
"refsource": "MISC",
"url": "https://bugs.webkit.org/show_bug.cgi?id=231479"
},
{
"name": "[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"
},
{
"name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"
},
{
"name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"
},
{
"name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"
},
{
"name": "DSA-4995",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4995"
},
{
"name": "DSA-4996",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4996"
},
{
"name": "FEDORA-2021-db6ebb2d68",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M5J2LZQTDX53DNSKSGU7TQYCO2HKSTY4/"
},
{
"name": "FEDORA-2021-131360fa9a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ON5SDVVPVPCAGFPW2GHYATZVZYLPW2L4/"
},
{
"name": "FEDORA-2021-483d896d1d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H6MGXCX7P5AHWOQ6IRT477UKT7IS4DAD/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42762",
"datePublished": "2021-10-20T18:15:59",
"dateReserved": "2021-10-20T00:00:00",
"dateUpdated": "2024-08-04T03:38:50.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-10-20 19:15
Modified
2024-11-21 06:28
Severity ?
Summary
BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webkitgtk | webkitgtk | * | |
| wpewebkit | wpe_webkit | * | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B7B5DC2-E890-4705-B7F2-8B3DA3835E94",
"versionEndExcluding": "2.34.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "263D8FF8-E260-4210-81B5-55104F5DC1C3",
"versionEndExcluding": "2.34.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133."
},
{
"lang": "es",
"value": "El archivo BubblewrapLauncher.cpp en WebKitGTK y WPE WebKit versiones anteriores a 2.34.1, permite una omisi\u00f3n limitada del sandbox que permite a un proceso con sandbox enga\u00f1ar a procesos anfitriones para que piensen que el proceso con sandbox no est\u00e1 confinado por la sandbox, al abusar de las llamadas al sistema VFS que manipulan su espacio de nombres del sistema de archivos. El impacto se limita a servicios de host que crean sockets UNIX que WebKit monta dentro de su sandbox, y el proceso con sandbox permanece confinado de otra manera. NOTA: esto es similar a CVE-2021-41133"
}
],
"id": "CVE-2021-42762",
"lastModified": "2024-11-21T06:28:07.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-20T19:15:07.637",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.webkit.org/show_bug.cgi?id=231479"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H6MGXCX7P5AHWOQ6IRT477UKT7IS4DAD/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5J2LZQTDX53DNSKSGU7TQYCO2HKSTY4/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ON5SDVVPVPCAGFPW2GHYATZVZYLPW2L4/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4995"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4996"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.webkit.org/show_bug.cgi?id=231479"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H6MGXCX7P5AHWOQ6IRT477UKT7IS4DAD/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5J2LZQTDX53DNSKSGU7TQYCO2HKSTY4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ON5SDVVPVPCAGFPW2GHYATZVZYLPW2L4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4995"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4996"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-24 20:15
Modified
2024-11-21 07:07
Severity ?
Summary
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | safari | * | |
| apple | ipados | * | |
| apple | iphone_os | * | |
| apple | macos | * | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| webkitgtk | webkitgtk | * | |
| wpewebkit | wpe_webkit | * |
{
"cisaActionDue": "2022-09-08",
"cisaExploitAdd": "2022-08-18",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Apple iOS and macOS Out-of-Bounds Write Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8840E34-BF87-4C09-B13E-7FEC5F908EFD",
"versionEndExcluding": "15.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51963FF0-9D05-49D9-B9DD-D9A2D47EC89E",
"versionEndExcluding": "15.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5AD4010-4607-4428-9E01-0AFEF95002EB",
"versionEndExcluding": "15.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7227696F-8862-4D88-B0B7-1098388791F3",
"versionEndExcluding": "12.5.1",
"versionStartIncluding": "12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA0CF181-BD0B-43B5-B5B6-9BB9B9D28BB9",
"versionEndExcluding": "2.36.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B24E9BF0-9726-4CED-A36F-3B1D72D14C31",
"versionEndExcluding": "2.36.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."
},
{
"lang": "es",
"value": "Se abord\u00f3 un problema de escritura fuera de l\u00edmites con una comprobaci\u00f3n de l\u00edmites mejorada. Este problema es corregido en iOS versi\u00f3n 15.6.1 y iPadOS versi\u00f3n 15.6.1, macOS Monterey versi\u00f3n 12.5.1 y Safari versi\u00f3n 15.6.1. El procesamiento de contenido web dise\u00f1ado de forma maliciosa puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitrario. Apple presenta conocimiento de un informe que indica que este problema puede haber sido explotado activamente."
}
],
"id": "CVE-2022-32893",
"lastModified": "2024-11-21T07:07:10.713",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-24T20:15:09.147",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Aug/16"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/49"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/25/5"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/26/2"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/29/1"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/29/2"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/10"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/13/1"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00019.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Broken Link"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SETAAXEPGNBMYKTUDFEZHS5LGSQ64QL/"
},
{
"source": "product-security@apple.com",
"tags": [
"Broken Link"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKJGV2EXVMYQW3OAJNI4WUTKKVMD2YYK/"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-39"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213412"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213413"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213414"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5219"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Aug/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/49"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/25/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/26/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/29/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/29/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/02/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/09/13/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00019.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SETAAXEPGNBMYKTUDFEZHS5LGSQ64QL/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YKJGV2EXVMYQW3OAJNI4WUTKKVMD2YYK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-39"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5220"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-08 02:15
Modified
2024-12-07 03:11
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7753BA-5DF8-4F98-8DA8-69DA473F8307",
"versionEndExcluding": "17.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE5413B9-A1A8-499F-B047-163908202E69",
"versionEndExcluding": "17.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCB4911E-7824-4C34-916D-88110CB415EB",
"versionEndExcluding": "17.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099",
"versionEndExcluding": "14.4",
"versionStartIncluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB6BA6CB-001B-4440-A9AE-473F5722F8E0",
"versionEndExcluding": "17.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5547F484-4E4B-4961-BAF8-F891D50BB4B6",
"versionEndExcluding": "10.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF5BDB2C-7F5F-41B4-87C4-C4B938C7D317",
"versionEndExcluding": "2.44.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "336F9990-F267-4013-8353-5AA10039C515",
"versionEndExcluding": "2.44.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de inyecci\u00f3n con una validaci\u00f3n mejorada. Este problema se solucion\u00f3 en Safari 17.4, macOS Sonoma 14.4, iOS 17.4 y iPadOS 17.4, watchOS 10.4, tvOS 17.4. Una p\u00e1gina web creada con fines malintencionados puede tomar huellas digitales del usuario."
}
],
"id": "CVE-2024-23280",
"lastModified": "2024-12-07T03:11:21.283",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-03-08T02:15:49.740",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/20"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/24"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/25"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214081"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214084"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214086"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214088"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214089"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-10 21:29
Modified
2024-11-21 04:20
Severity ?
Summary
WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webkitgtk | webkitgtk | * | |
| wpewebkit | wpe_webkit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08565239-2C80-4C9F-A270-6076E455DD91",
"versionEndExcluding": "2.24.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46E10007-E315-4E7B-99DC-44F7E4C8523C",
"versionEndExcluding": "2.24.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded."
},
{
"lang": "es",
"value": "WebKitGTK y WPE WebKit en las versiones anteriores a 2.24.1 no aplican correctamente la configuraci\u00f3n del proxy HTTP al descargar v\u00eddeo en directo (HLS, DASH o Smooth Streaming), lo que provoc\u00f3 un error de desanonimizaci\u00f3n. Este problema se corrigi\u00f3 cambiando la forma en que se descargan las transmisiones en directo."
}
],
"id": "CVE-2019-11070",
"lastModified": "2024-11-21T04:20:28.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-10T21:29:01.653",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00031.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/11/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.webkit.org/show_bug.cgi?id=193718"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YO5ZBUWOOXMVZPBYLZRDZF6ZQGBYJERQ/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://seclists.org/bugtraq/2019/Apr/21"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201909-05"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://trac.webkit.org/changeset/243197/webkit"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/3948-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/11/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.webkit.org/show_bug.cgi?id=193718"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YO5ZBUWOOXMVZPBYLZRDZF6ZQGBYJERQ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://seclists.org/bugtraq/2019/Apr/21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201909-05"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://trac.webkit.org/changeset/243197/webkit"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3948-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-19"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-06 23:15
Modified
2024-11-21 04:50
Severity ?
Summary
A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1876611 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://webkitgtk.org/security/WSA-2019-0005.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1876611 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://webkitgtk.org/security/WSA-2019-0005.html | Vendor Advisory |
Impacted products
{
"cisaActionDue": "2022-06-13",
"cisaExploitAdd": "2022-05-23",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "WebKitGTK Memory Corruption Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A074F91-F0EF-4427-B9AB-A2EE9C899272",
"versionEndExcluding": "2.26.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B5D0857-4DA0-41D2-A8F4-FE70E80B9F64",
"versionEndExcluding": "2.26.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93A089E2-D66E-455C-969A-3140D991BAF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B399239A-5211-4174-9A47-A71DBA786426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8BE16CC2-C6B4-4B73-98A1-F28475A92F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84BC50C8-5907-4BFF-BD0F-C20586F81DC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA48C33A-ECCA-41A8-8A32-CD4FAD6D963B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1DF28D-0D84-4E40-8E46-BA0EFD371111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1903C71D-08F1-4B84-AE75-62A84CB789E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "40A60CB0-824E-4D3B-B26F-28E1F5EDDE44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1A0CA2-2BBD-4A7A-B467-F456867D5EC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F1B4FA-2161-4BE6-93E9-745E543B326C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "58D2C068-2FF0-4FAB-8317-3ABC6EF8B988",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "845B853C-8F99-4987-AA8E-76078CE6A977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*",
"matchCriteriaId": "053C1B35-3869-41C2-9551-044182DE0A64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm64:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "40D24D63-0C1F-4470-8BB9-A2F0E54B9278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm64_eus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E41863-BE2C-4A31-B60D-EED8803187E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm64_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F76C4F35-2E16-40BF-AFF3-249316757798",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "566507B6-AC95-47F7-A3FB-C6F414E45F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87C21FE1-EA5C-498F-9C6C-D05F91A88217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8C9BD9AE-46FC-4609-8D99-A3CFE91D58D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF5C4AC-CA69-41E3-AD93-7AC21931374A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CDCFF34-6F1D-45A1-BE37-6A0E17B04801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A684C7-88FD-43C4-9BDB-AE337FCBD0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "47811209-5CE5-4375-8391-B0A7F6A0E420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "983533DD-3970-4A37-9A9C-582BD48AA1E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "729C515E-1DD3-466D-A50B-AFE058FFC94A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37CE1DC7-72C5-483C-8921-0B462C8284D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "22D095ED-9247-4133-A133-73B7668565E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "871A5C26-DB7B-4870-A5B2-5DD24C90B4A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC6DD887-9744-43EA-8B3C-44C6B6339590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7614E5D3-4643-4CAE-9578-9BB9D558211F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues."
}
],
"id": "CVE-2019-8720",
"lastModified": "2024-11-21T04:50:21.350",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-06T23:15:10.287",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1876611"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://webkitgtk.org/security/WSA-2019-0005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1876611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://webkitgtk.org/security/WSA-2019-0005.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-02 23:15
Modified
2024-11-21 04:54
Severity ?
Summary
WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webkitgtk | webkitgtk | * | |
| wpewebkit | wpe_webkit | * | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| debian | debian_linux | 10.0 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 | |
| opensuse | leap | 15.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46CCAA11-3CF3-4297-831B-0C11A0CD2713",
"versionEndExcluding": "2.28.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDD671DA-6D0E-4FD5-BFE1-B7F3CED4037C",
"versionEndExcluding": "2.28.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling."
},
{
"lang": "es",
"value": "WebKitGTK hasta la versi\u00f3n 2.26.4 y WPE WebKit hasta la versi\u00f3n 2.26.4 (que son las versiones anteriores a la versi\u00f3n 2.28.0) contiene un problema de corrupci\u00f3n de memoria (use-after-free) que puede conducir a la ejecuci\u00f3n de c\u00f3digo arbitrario. Este problema se ha solucionado en 2.28.0 con un manejo mejorado de la memoria."
}
],
"id": "CVE-2020-10018",
"lastModified": "2024-11-21T04:54:39.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-02T23:15:11.557",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00008.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://bugs.webkit.org/show_bug.cgi?id=204342#c21"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOR5LPL4UASVAR76EIHCL4O2KGDWGC6K/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLERWAS2LL7SX2GHA2DDZ2PL3QC5OHIF/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202006-08"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4310-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://webkitgtk.org/security/WSA-2020-0003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wpewebkit.org/security/WSA-2020-0003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://bugs.webkit.org/show_bug.cgi?id=204342#c21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOR5LPL4UASVAR76EIHCL4O2KGDWGC6K/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLERWAS2LL7SX2GHA2DDZ2PL3QC5OHIF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202006-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4310-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://webkitgtk.org/security/WSA-2020-0003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wpewebkit.org/security/WSA-2020-0003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4641"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-28 02:15
Modified
2024-11-21 07:00
Severity ?
Summary
Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chrome | * | ||
| fedoraproject | extra_packages_for_enterprise_linux | 8.0 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| webkitgtk | webkitgtk | * | |
| wpewebkit | wpe_webkit | * | |
| apple | ipados | * | |
| apple | iphone_os | * | |
| apple | mac_os_x | * | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | macos | * | |
| apple | macos | * | |
| apple | tvos | * | |
| apple | watchos | * | |
| webrtc_project | webrtc | - |
{
"cisaActionDue": "2022-09-15",
"cisaExploitAdd": "2022-08-25",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "WebRTC Heap Buffer Overflow Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5C5639-A741-4DB9-A5CB-A61D870AB8BC",
"versionEndExcluding": "103.0.5060.114",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB176AC3-3CDA-4DDA-9089-C67B2F73AA62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D47424-F907-4F9B-BA4D-B28362754C37",
"versionEndExcluding": "2.36.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "979A5C2A-8BD4-4ADF-9FE5-06019FF45B18",
"versionEndExcluding": "2.36.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5E4F87A-8003-43EB-99F7-35C82AEA4DC0",
"versionEndExcluding": "15.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FA9FE3-1891-405C-B191-04CAB84ADD46",
"versionEndExcluding": "15.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8C1CB5-DACB-449C-9E07-E477142C589F",
"versionEndExcluding": "10.15.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
"matchCriteriaId": "A654B8A2-FC30-4171-B0BB-366CD7ED4B6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*",
"matchCriteriaId": "F12CC8B5-C1EB-419E-8496-B9A3864656AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
"matchCriteriaId": "F1F4BF7F-90D4-4668-B4E6-B06F4070F448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*",
"matchCriteriaId": "7FD7176C-F4D1-43A7-9E49-BA92CA0D9980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*",
"matchCriteriaId": "2703DE0B-8A9E-4A9D-9AE8-028E22BF47CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*",
"matchCriteriaId": "0F441A43-1669-478D-9EC8-E96882DE4F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*",
"matchCriteriaId": "D425C653-37A2-448C-BF2F-B684ADB08A26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*",
"matchCriteriaId": "A54D63B7-B92B-47C3-B1C5-9892E5873A98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*",
"matchCriteriaId": "3456176F-9185-4EE2-A8CE-3D989D674AB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-005:*:*:*:*:*:*",
"matchCriteriaId": "D337EE21-2F00-484D-9285-F2B0248D7A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*",
"matchCriteriaId": "012052B5-9AA7-4FD3-9C80-5F615330039D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*",
"matchCriteriaId": "50F21A3C-0AC3-48C5-A4F8-5A7B478875B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*",
"matchCriteriaId": "8E974DC6-F7D9-4389-9AF9-863F6E419CE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*",
"matchCriteriaId": "156A6382-2BD3-4882-90B2-8E7CF6659E17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*",
"matchCriteriaId": "20A2FDB2-6712-406A-9896-C0B44508B07D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:*",
"matchCriteriaId": "49F537A0-DC42-4176-B22F-C80D179DD99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-004:*:*:*:*:*:*",
"matchCriteriaId": "1E463183-7E29-464F-B459-F3E1D62501FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98D9705D-81A6-421C-973C-A2E57D1EF51D",
"versionEndExcluding": "11.6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFABC0C7-944C-4B46-A985-8B4F8BF93F54",
"versionEndExcluding": "12.5",
"versionStartIncluding": "12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83FC1965-2381-49FF-9521-355D29B28B71",
"versionEndExcluding": "15.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB2AF3C-B2A0-41AD-9C3E-14B220620FF0",
"versionEndExcluding": "8.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webrtc_project:webrtc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A512F860-997E-44AC-9908-5F196BE2937A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
},
{
"lang": "es",
"value": "Un desbordamiento del b\u00fafer de la pila en WebRTC en Google Chrome versiones anteriores a 103.0.5060.114, permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n de la pila por medio de una p\u00e1gina HTML dise\u00f1ada"
}
],
"id": "CVE-2022-2294",
"lastModified": "2024-11-21T07:00:42.523",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-28T02:15:07.797",
"references": [
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/28/2"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
],
"url": "https://crbug.com/1341043"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Broken Link"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Broken Link"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7/"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-35"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-39"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202311-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/28/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://crbug.com/1341043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-35"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-39"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202311-11"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-17 13:15
Modified
2024-11-21 04:58
Severity ?
Summary
A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webkitgtk | webkitgtk | * | |
| wpewebkit | wpe_webkit | * | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| opensuse | leap | 15.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE6F4326-D0EC-4299-A6E7-DAB3AEA6F342",
"versionEndExcluding": "2.28.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8519AC7C-5C43-4F38-B59A-4FE3F0A2709F",
"versionEndExcluding": "2.28.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash)."
},
{
"lang": "es",
"value": "Hay un uso de la memoria previamente liberada en WebKitGTK versiones anteriores a la versi\u00f3n 2.28.1 y WPE WebKit versiones anteriores a la versi\u00f3n 2.28.1, por medio de un contenido web especialmente dise\u00f1ado que permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de la memoria y bloqueo de aplicaci\u00f3n)."
}
],
"id": "CVE-2020-11793",
"lastModified": "2024-11-21T04:58:38.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-17T13:15:12.563",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00008.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3P4YISPE5QX4YD54GDRZIH2X5RCH3QGW/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3MQTRC6ITFTVS5R5Z24PMJS6FXJKGRD/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTKY2MWP6PB6TE3ZKOOMKX7HZUCQNYF6/"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202006-08"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4331-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://webkitgtk.org/security/WSA-2020-0004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://wpewebkit.org/security/WSA-2020-0004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3P4YISPE5QX4YD54GDRZIH2X5RCH3QGW/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3MQTRC6ITFTVS5R5Z24PMJS6FXJKGRD/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTKY2MWP6PB6TE3ZKOOMKX7HZUCQNYF6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202006-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4331-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://webkitgtk.org/security/WSA-2020-0004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://wpewebkit.org/security/WSA-2020-0004.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-08 02:15
Modified
2024-12-09 14:51
Severity ?
Summary
A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7753BA-5DF8-4F98-8DA8-69DA473F8307",
"versionEndExcluding": "17.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9277B3E8-4519-4E07-A89A-A08C604AB78C",
"versionEndExcluding": "16.7.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB78D53-5EC0-45E5-871B-0C18F1E6D438",
"versionEndExcluding": "17.4",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AF8B925-3DE5-4CC8-A4C3-95D8F107D607",
"versionEndExcluding": "16.7.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2FE8515-300C-4B6F-92A0-7D1E6D93F907",
"versionEndExcluding": "17.4",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099",
"versionEndExcluding": "14.4",
"versionStartIncluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB6BA6CB-001B-4440-A9AE-473F5722F8E0",
"versionEndExcluding": "17.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB7F6CDA-FEC0-45D7-ACBE-8B5AD35F1AB5",
"versionEndExcluding": "1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5547F484-4E4B-4961-BAF8-F891D50BB4B6",
"versionEndExcluding": "10.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF5BDB2C-7F5F-41B4-87C4-C4B938C7D317",
"versionEndExcluding": "2.44.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "336F9990-F267-4013-8353-5AA10039C515",
"versionEndExcluding": "2.44.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced."
},
{
"lang": "es",
"value": "Se abord\u00f3 una cuesti\u00f3n de l\u00f3gica con una mejor gesti\u00f3n de estado. Este problema se solucion\u00f3 en tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 y iPadOS 17.4, watchOS 10.4, iOS 16.7.6 y iPadOS 16.7.6, Safari 17.4. El procesamiento de contenido web creado con fines malintencionados puede impedir que se aplique la Pol\u00edtica de seguridad de contenido."
}
],
"id": "CVE-2024-23284",
"lastModified": "2024-12-09T14:51:06.673",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-08T02:15:49.883",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/20"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/24"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/25"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/26"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214081"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214082"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214084"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214086"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214087"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214088"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214089"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-06 02:15
Modified
2024-11-21 08:03
Severity ?
Summary
A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. Content Security Policy to block domains with wildcards may fail.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | http://www.openwall.com/lists/oss-security/2023/09/11/1 | Mailing List, Third Party Advisory | |
| product-security@apple.com | https://security.gentoo.org/glsa/202401-04 | ||
| product-security@apple.com | https://support.apple.com/en-us/HT213670 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/09/11/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202401-04 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT213670 | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6D636F7-278A-491B-8960-91A4D5A86A96",
"versionEndExcluding": "13.3",
"versionStartIncluding": "13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A007F029-38D8-4D0D-8DF2-A2F6CB9ADE60",
"versionEndExcluding": "2.40.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1E75F9-1855-4668-8E78-2A6F0F4FCBA1",
"versionEndExcluding": "2.40.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. Content Security Policy to block domains with wildcards may fail."
},
{
"lang": "es",
"value": "Se abord\u00f3 un problema de l\u00f3gica con una comprobaci\u00f3n mejorada. Este problema es corregido en macOS Ventura 13.3. La pol\u00edtica de seguridad de contenido para bloquear dominios con wildcards podr\u00eda fallar."
}
],
"id": "CVE-2023-32370",
"lastModified": "2024-11-21T08:03:13.227",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-06T02:15:09.070",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
},
{
"source": "product-security@apple.com",
"url": "https://security.gentoo.org/glsa/202401-04"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202401-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213670"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-21 07:15
Modified
2024-12-09 17:31
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84250563-E42D-4F36-ACB0-081804E27FA4",
"versionEndExcluding": "17.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F544A7-7CEB-4A84-992F-58710B229579",
"versionEndExcluding": "16.7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6AF95A3-F462-498E-848D-C09D0E43ED52",
"versionEndExcluding": "17.1",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB9EAAE-441A-4844-BCB2-1716FD9ACE85",
"versionEndExcluding": "16.7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F53A32D0-DB67-40D7-B14E-3963E696A77E",
"versionEndExcluding": "17.1",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE27DF1-3AF9-4BE4-8541-565FE5BC16A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF5BDB2C-7F5F-41B4-87C4-C4B938C7D317",
"versionEndExcluding": "2.44.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "336F9990-F267-4013-8353-5AA10039C515",
"versionEndExcluding": "2.44.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de interfaz de usuario inconsistente con una gesti\u00f3n de estado mejorada. Este problema se solucion\u00f3 en iOS 16.7.2 y iPadOS 16.7.2, iOS 17.1 y iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visitar un sitio web malicioso puede provocar una suplantaci\u00f3n de la barra de direcciones."
}
],
"id": "CVE-2023-42843",
"lastModified": "2024-12-09T17:31:31.750",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-02-21T07:15:48.940",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213981"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213982"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213984"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213986"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-290"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-290"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-14 14:15
Modified
2024-11-21 05:01
Severity ?
Summary
The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webkitgtk | webkitgtk | * | |
| wpewebkit | wpe_webkit | * | |
| fedoraproject | fedora | 31 | |
| debian | debian_linux | 10.0 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 | |
| canonical | ubuntu_linux | 20.04 | |
| opensuse | leap | 15.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26B3DA74-5E32-405C-9B39-2D80733C2CD6",
"versionEndExcluding": "2.28.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98735714-C8DE-4191-87FD-4F5AF4647873",
"versionEndExcluding": "2.28.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal\u0027s input buffer, similar to CVE-2017-5226."
},
{
"lang": "es",
"value": "El sandbox bubblewrap de WebKitGTK y WPE WebKit, versiones anteriores a 2.28.3, no pudo bloquear apropiadamente el acceso a CLONE_NEWUSER y al ioctl TIOCSTI. CLONE_NEWUSER podr\u00eda ser usada potencialmente para confundir xdg-desktop-portal, que permite el acceso fuera del sandbox. TIOCSTI puede ser usado para ejecutar comandos directamente fuera del sandbox al escribir en el b\u00fafer de entrada del terminal de control, similar a CVE-2017-5226"
}
],
"id": "CVE-2020-13753",
"lastModified": "2024-11-21T05:01:46.903",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-14T14:15:17.603",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00074.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GER2ATKZXDHM7FFYJH67ZPNZZX5VOUVM/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-11"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://trac.webkit.org/changeset/262368/webkit"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4422-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4724"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2020/07/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00074.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GER2ATKZXDHM7FFYJH67ZPNZZX5VOUVM/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://trac.webkit.org/changeset/262368/webkit"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4422-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2020/07/10/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-08 02:15
Modified
2024-12-06 02:54
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7753BA-5DF8-4F98-8DA8-69DA473F8307",
"versionEndExcluding": "17.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE5413B9-A1A8-499F-B047-163908202E69",
"versionEndExcluding": "17.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCB4911E-7824-4C34-916D-88110CB415EB",
"versionEndExcluding": "17.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58227FD1-0619-45F6-AD19-25831899376A",
"versionEndExcluding": "14.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB6BA6CB-001B-4440-A9AE-473F5722F8E0",
"versionEndExcluding": "17.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB7F6CDA-FEC0-45D7-ACBE-8B5AD35F1AB5",
"versionEndExcluding": "1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5547F484-4E4B-4961-BAF8-F891D50BB4B6",
"versionEndExcluding": "10.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF5BDB2C-7F5F-41B4-87C4-C4B938C7D317",
"versionEndExcluding": "2.44.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "336F9990-F267-4013-8353-5AA10039C515",
"versionEndExcluding": "2.44.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 mejorando el manejo de la interfaz de usuario. Este problema se solucion\u00f3 en tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 y iPadOS 17.4, watchOS 10.4, Safari 17.4. Un sitio web malicioso puede filtrar datos de audio de origen cruzado."
}
],
"id": "CVE-2024-23254",
"lastModified": "2024-12-06T02:54:01.530",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-03-08T02:15:48.663",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/20"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/24"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/25"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/26"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214081"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214084"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214086"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214087"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214088"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214089"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-14 23:15
Modified
2024-11-21 07:54
Severity ?
Summary
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | http://www.openwall.com/lists/oss-security/2023/09/11/1 | Mailing List, Third Party Advisory | |
| product-security@apple.com | https://security.gentoo.org/glsa/202401-04 | ||
| product-security@apple.com | https://support.apple.com/en-us/HT213670 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/HT213676 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/09/11/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202401-04 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT213670 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT213676 | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE68C5EC-5829-481D-BFF7-0A501018A3CE",
"versionEndExcluding": "16.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F02C0CA5-8ABA-48C7-BCAE-5CF25435DF87",
"versionEndExcluding": "16.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6D636F7-278A-491B-8960-91A4D5A86A96",
"versionEndExcluding": "13.3",
"versionStartIncluding": "13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A007F029-38D8-4D0D-8DF2-A2F6CB9ADE60",
"versionEndExcluding": "2.40.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1E75F9-1855-4668-8E78-2A6F0F4FCBA1",
"versionEndExcluding": "2.40.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution."
},
{
"lang": "es",
"value": "Se ha solucionado un problema de use-after-free con una mejora en la gesti\u00f3n de memoria. Este problema se ha solucionado en iOS 16.4 y iPadOS 16.4, macOS Ventura 13.3. El procesamiento de contenido web puede dar lugar a la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"id": "CVE-2023-28198",
"lastModified": "2024-11-21T07:54:34.807",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-14T23:15:10.830",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
},
{
"source": "product-security@apple.com",
"url": "https://security.gentoo.org/glsa/202401-04"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213670"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202401-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213676"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-01-14 08:29
Modified
2024-11-21 04:46
Severity ?
Summary
WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnome | epiphany | * | |
| webkitgtk | webkitgtk | * | |
| wpewebkit | wpe_webkit | * | |
| fedoraproject | fedora | 28 | |
| fedoraproject | fedora | 29 | |
| fedoraproject | fedora | 30 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 42.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnome:epiphany:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F62B1562-9E8B-4E4D-811D-8D5064595923",
"versionEndIncluding": "3.31.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08565239-2C80-4C9F-A270-6076E455DD91",
"versionEndExcluding": "2.24.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46E10007-E315-4E7B-99DC-44F7E4C8523C",
"versionEndExcluding": "2.24.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge."
},
{
"lang": "es",
"value": "WebKitGTK y WPE WebKit versiones anteriores a 2.24.1 permite la suplantaci\u00f3n de la barra de direcciones en determinadas redirecciones de JavaScript. Un atacante puede hacer que el contenido web malicioso se muestre como si se tratara de una URL de confianza. Esto es similar a la edici\u00f3n CVE-2018-8383 en Microsoft Edge."
}
],
"id": "CVE-2019-6251",
"lastModified": "2024-11-21T04:46:18.887",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-14T08:29:00.223",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00031.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/11/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.webkit.org/show_bug.cgi?id=194208"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/epiphany/issues/532"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSCDI3635E37GL4BNJDRDT2KEUBDLGSO/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LACVFU4MYYRPJ3IEA4UCN5KUEAGCCJ72/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNPI3R6QWDJBA5KNGA6QSMKYLY5RRHBZ/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UO3DIA54X7FOUWFZW5YXC2MZ6KNHG6SW/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YO5ZBUWOOXMVZPBYLZRDZF6ZQGBYJERQ/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Apr/21"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201909-05"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://trac.webkit.org/changeset/243434"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3948-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00031.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/152485/WebKitGTK-WPE-WebKit-URI-Spoofing-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/11/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.webkit.org/show_bug.cgi?id=194208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.gnome.org/GNOME/epiphany/issues/532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSCDI3635E37GL4BNJDRDT2KEUBDLGSO/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LACVFU4MYYRPJ3IEA4UCN5KUEAGCCJ72/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNPI3R6QWDJBA5KNGA6QSMKYLY5RRHBZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UO3DIA54X7FOUWFZW5YXC2MZ6KNHG6SW/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YO5ZBUWOOXMVZPBYLZRDZF6ZQGBYJERQ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Apr/21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201909-05"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://trac.webkit.org/changeset/243434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3948-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-19 21:29
Modified
2024-11-21 03:44
Severity ?
Summary
The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 | |
| canonical | ubuntu_linux | 18.04 | |
| webkitgtk | webkitgtk\+ | * | |
| wpewebkit | wpe_webkit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webkitgtk:webkitgtk\\+:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D050DEE-D895-409A-898D-B98495F65849",
"versionEndExcluding": "2.20.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "734C2FDA-9BD1-4895-98BA-1815335E386E",
"versionEndExcluding": "2.20.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content."
},
{
"lang": "es",
"value": "La funci\u00f3n getImageData en la clase ImageBufferCairo en WebCore/platform/graphics/cairo/ImageBufferCairo.cpp en WebKit, tal y como se emplea en WebKitGTK+ en versiones anteriores a la 2.20.3 y WPE WebKit en versiones anteriores a la 2.20.1, es vulnerable a un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) desencadenado por un desbordamiento de enteros, que podr\u00eda ser empleado por contenido HTML manipulado."
}
],
"id": "CVE-2018-12293",
"lastModified": "2024-11-21T03:44:54.833",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-19T21:29:00.957",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/148200/WebKitGTK-Data-Leak-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Technical Description"
],
"url": "http://www.openwall.com/lists/oss-security/2018/06/14/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/542087/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://bugs.webkit.org/show_bug.cgi?id=186384"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201808-04"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://trac.webkit.org/changeset/232618"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3687-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/45205/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/148200/WebKitGTK-Data-Leak-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Technical Description"
],
"url": "http://www.openwall.com/lists/oss-security/2018/06/14/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/542087/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://bugs.webkit.org/show_bug.cgi?id=186384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201808-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://trac.webkit.org/changeset/232618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3687-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/45205/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-06 21:15
Modified
2024-11-21 08:19
Severity ?
Summary
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | http://www.openwall.com/lists/oss-security/2023/09/11/1 | Mailing List, Third Party Advisory | |
| product-security@apple.com | https://security.gentoo.org/glsa/202401-04 | ||
| product-security@apple.com | https://support.apple.com/en-us/HT213843 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/09/11/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202401-04 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT213843 | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB2CB0B-A635-4057-98B8-AF71F9CB0171",
"versionEndExcluding": "13.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8323D399-B803-4CE3-ABB4-DB6972FB22AC",
"versionEndExcluding": "2.40.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53249158-E300-4F0D-A16D-9C19701E2E05",
"versionEndExcluding": "2.40.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 mejorando las comprobaciones. Este problema se solucion\u00f3 en macOS Ventura 13.5. Un atacante remoto puede ser capaz de provocar la ejecuci\u00f3n arbitraria de c\u00f3digo javascript."
}
],
"id": "CVE-2023-40397",
"lastModified": "2024-11-21T08:19:22.123",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-06T21:15:13.850",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
},
{
"source": "product-security@apple.com",
"url": "https://security.gentoo.org/glsa/202401-04"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213843"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/11/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202401-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT213843"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-08 02:15
Modified
2024-12-09 14:55
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Summary
A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC7753BA-5DF8-4F98-8DA8-69DA473F8307",
"versionEndExcluding": "17.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9277B3E8-4519-4E07-A89A-A08C604AB78C",
"versionEndExcluding": "16.7.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB78D53-5EC0-45E5-871B-0C18F1E6D438",
"versionEndExcluding": "17.4",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AF8B925-3DE5-4CC8-A4C3-95D8F107D607",
"versionEndExcluding": "16.7.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2FE8515-300C-4B6F-92A0-7D1E6D93F907",
"versionEndExcluding": "17.4",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099",
"versionEndExcluding": "14.4",
"versionStartIncluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB6BA6CB-001B-4440-A9AE-473F5722F8E0",
"versionEndExcluding": "17.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB7F6CDA-FEC0-45D7-ACBE-8B5AD35F1AB5",
"versionEndExcluding": "1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5547F484-4E4B-4961-BAF8-F891D50BB4B6",
"versionEndExcluding": "10.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF5BDB2C-7F5F-41B4-87C4-C4B938C7D317",
"versionEndExcluding": "2.44.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "336F9990-F267-4013-8353-5AA10039C515",
"versionEndExcluding": "2.44.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced."
},
{
"lang": "es",
"value": "Se abord\u00f3 un problema de l\u00f3gica con una validaci\u00f3n mejorada. Este problema se solucion\u00f3 en tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 y iPadOS 17.4, watchOS 10.4, iOS 16.7.6 y iPadOS 16.7.6, Safari 17.4. El procesamiento de contenido web creado con fines malintencionados puede impedir que se aplique la Pol\u00edtica de seguridad de contenido."
}
],
"id": "CVE-2024-23263",
"lastModified": "2024-12-09T14:55:47.257",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-03-08T02:15:48.980",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/20"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/24"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/25"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/26"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214081"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214082"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214084"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214086"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214087"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214088"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/Mar/26"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXORDRCSQAQU436W4S2Z3X5B5PDXL3LI/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214089"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-14 15:13
Modified
2024-12-12 14:33
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
8.1 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D80D1AA1-D37A-4ABD-87A0-2C3B12EDA955",
"versionEndExcluding": "17.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F2E11C-4A7D-4E71-BFAA-396B0549F649",
"versionEndExcluding": "17.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C4B45E-AF58-4D7C-B73A-618B06AED56E",
"versionEndExcluding": "17.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AB18623-7D06-4946-99FC-808A4A913ED9",
"versionEndExcluding": "14.5",
"versionStartIncluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "003383BF-F06C-4300-908D-D1C8498C6BCD",
"versionEndExcluding": "17.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4B1E01-BE73-48F8-9BD5-32F7C57EB45A",
"versionEndExcluding": "10.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA94B870-B434-4F05-B149-71C7F45683D4",
"versionEndExcluding": "2.44.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F141E2F3-8281-4400-BE1E-D48F174EA615",
"versionEndExcluding": "2.44.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en iOS 17.5 y iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. Un atacante con capacidad de lectura y escritura arbitraria puede eludir la autenticaci\u00f3n de puntero."
}
],
"id": "CVE-2024-27834",
"lastModified": "2024-12-12T14:33:00.640",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 6.0,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-05-14T15:13:06.953",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/May/10"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/May/12"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/May/16"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/May/17"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/May/9"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/05/21/1"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADCLQW54XN37VJZNYD3UKCYATJFIMYXG/"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WKIXADCW3O4R2OOSDZGPU55XQFE6NA3M/"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214101"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214102"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214103"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214104"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/May/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/May/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/May/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/May/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://seclists.org/fulldisclosure/2024/May/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/05/21/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADCLQW54XN37VJZNYD3UKCYATJFIMYXG/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WKIXADCW3O4R2OOSDZGPU55XQFE6NA3M/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214106"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-277"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}