Vulnerability-Lookup

CVE-2024-44244 (GCVE-0-2024-44244)

Vulnerability from cvelistv5 – Published: 2024-10-28 21:08 – Updated: 2026-04-02 18:16

Summary

A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 18.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing maliciously crafted web content may lead to an unexpected process crash.

Severity

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE

Processing maliciously crafted web content may lead to an unexpected process crash

Assigner

apple

References

6 references

URL	Tags
https://support.apple.com/en-us/121563
https://support.apple.com/en-us/121564
https://support.apple.com/en-us/121565
https://support.apple.com/en-us/121566
https://support.apple.com/en-us/121569
https://support.apple.com/en-us/121571

Impacted products

6 products

Vendor	Product	Version
Apple	Safari	Affected: 0 , < 18.1 (custom)
Apple	iOS and iPadOS	Affected: 0 , < 18.1 (custom)
Apple	macOS	Affected: 0 , < 15.1 (custom)
Apple	tvOS	Affected: 0 , < 18.1 (custom)
Apple	visionOS	Affected: 0 , < 2.1 (custom)
Apple	watchOS	Affected: 0 , < 11.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 4.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-44244",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T19:39:31.901741Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-06T14:39:33.635Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:09:35.268Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00019.html"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Oct/19"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Oct/15"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Oct/11"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Oct/9"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "15.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "visionOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "2.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "11.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 18.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing maliciously crafted web content may lead to an unexpected process crash."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing maliciously crafted web content may lead to an unexpected process crash",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T18:16:55.139Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/121563"
        },
        {
          "url": "https://support.apple.com/en-us/121564"
        },
        {
          "url": "https://support.apple.com/en-us/121565"
        },
        {
          "url": "https://support.apple.com/en-us/121566"
        },
        {
          "url": "https://support.apple.com/en-us/121569"
        },
        {
          "url": "https://support.apple.com/en-us/121571"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2024-44244",
    "datePublished": "2024-10-28T21:08:08.850Z",
    "dateReserved": "2024-08-20T21:45:40.785Z",
    "dateUpdated": "2026-04-02T18:16:55.139Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-44244",
      "date": "2026-05-25",
      "epss": "0.00335",
      "percentile": "0.5642"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"18.1\", \"matchCriteriaId\": \"1F64554D-9F90-4871-9A0B-FB28BD52F4B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"18.1\", \"matchCriteriaId\": \"B9A26654-0DDB-4D4D-BB1E-C65C3339148E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"15.1\", \"matchCriteriaId\": \"1D298E1D-DD23-4D35-9DE4-E3F5999F97AA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:safari:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"18.1\", \"matchCriteriaId\": \"8B754D7C-3FF7-4275-9C5B-4DCECFACD491\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"18.1\", \"matchCriteriaId\": \"5D57FCAE-9B33-4532-BC69-BC3D35719EDB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.1\", \"matchCriteriaId\": \"15E4723D-CD2B-4486-A69C-27F843844A80\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.1\", \"matchCriteriaId\": \"5DB9A303-7D3D-4167-9F28-64AA4B1EC0E1\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may lead to an unexpected process crash.\"}, {\"lang\": \"es\", \"value\": \"Se solucion\\u00f3 un problema de corrupci\\u00f3n de memoria con una validaci\\u00f3n de entrada mejorada. Este problema se solucion\\u00f3 en iOS 18.1 y iPadOS 18.1, watchOS 11.1, visionOS 2.1 y tvOS 18.1. El procesamiento de contenido web manipulado con fines malintencionados puede provocar un bloqueo inesperado del proceso.\"}]",
      "id": "CVE-2024-44244",
      "lastModified": "2024-12-06T15:15:08.857",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}]}",
      "published": "2024-10-28T21:15:06.637",
      "references": "[{\"url\": \"https://support.apple.com/en-us/121563\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/121564\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/121565\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/121566\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/121569\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/121571\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-44244\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2024-10-28T21:15:06.637\",\"lastModified\":\"2026-04-02T19:18:27.410\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 18.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing maliciously crafted web content may lead to an unexpected process crash.\"},{\"lang\":\"es\",\"value\":\"Se solucion\u00f3 un problema de corrupci\u00f3n de memoria con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en iOS 18.1 y iPadOS 18.1, watchOS 11.1, visionOS 2.1 y tvOS 18.1. El procesamiento de contenido web manipulado con fines malintencionados puede provocar un bloqueo inesperado del proceso.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"18.1\",\"matchCriteriaId\":\"1F64554D-9F90-4871-9A0B-FB28BD52F4B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"18.1\",\"matchCriteriaId\":\"B9A26654-0DDB-4D4D-BB1E-C65C3339148E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.1\",\"matchCriteriaId\":\"1D298E1D-DD23-4D35-9DE4-E3F5999F97AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"18.1\",\"matchCriteriaId\":\"8B754D7C-3FF7-4275-9C5B-4DCECFACD491\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"18.1\",\"matchCriteriaId\":\"5D57FCAE-9B33-4532-BC69-BC3D35719EDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.1\",\"matchCriteriaId\":\"15E4723D-CD2B-4486-A69C-27F843844A80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.1\",\"matchCriteriaId\":\"5DB9A303-7D3D-4167-9F28-64AA4B1EC0E1\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/121563\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/121564\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/121565\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/121566\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/121569\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/121571\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2024/Oct/11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2024/Oct/15\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2024/Oct/19\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2024/Oct/9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/11/msg00019.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2024/11/msg00019.html\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Oct/19\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Oct/15\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Oct/11\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Oct/9\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T22:09:35.268Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-44244\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-30T19:39:31.901741Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-30T19:39:38.380Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apple\", \"product\": \"visionOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"2.1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"tvOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"18.1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"watchOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"11.1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"iOS and iPadOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"18.1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"15.1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"Safari\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"18.1\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://support.apple.com/en-us/121566\"}, {\"url\": \"https://support.apple.com/en-us/121569\"}, {\"url\": \"https://support.apple.com/en-us/121565\"}, {\"url\": \"https://support.apple.com/en-us/121563\"}, {\"url\": \"https://support.apple.com/en-us/121564\"}, {\"url\": \"https://support.apple.com/en-us/121571\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may lead to an unexpected process crash.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Processing maliciously crafted web content may lead to an unexpected process crash\"}]}], \"providerMetadata\": {\"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\", \"dateUpdated\": \"2024-10-29T22:50:37.232Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-44244\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T22:09:35.268Z\", \"dateReserved\": \"2024-08-20T21:45:40.785Z\", \"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"datePublished\": \"2024-10-28T21:08:08.850Z\", \"assignerShortName\": \"apple\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2024-AVI-0929

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Apple	N/A	tvOS 18.1 versions antérieures à 18.1
Apple	iOS	iOS et iPadOS versions antérieures à 18.1
Apple	iOS	iOS et iPadOS versions antérieures à 17.7.1
Apple	macOS	macOS Sequoia versions antérieures à 15.1
Apple	macOS	macOS Sonoma versions antérieures à 14.7.1
Apple	N/A	watchOS 11.1 versions antérieures à 11.1
Apple	macOS	macOS Ventura versions antérieures à 13.7.1
Apple	N/A	visionOS 2.1 versions antérieures à 2.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple 121566	2024-10-28	vendor-advisory
Bulletin de sécurité Apple 121568	2024-10-28	vendor-advisory
Bulletin de sécurité Apple 121565	2024-10-28	vendor-advisory
Bulletin de sécurité Apple 121564	2024-10-28	vendor-advisory
Bulletin de sécurité Apple 121563	2024-10-28	vendor-advisory
Bulletin de sécurité Apple 121569	2024-10-28	vendor-advisory
Bulletin de sécurité Apple 121567	2024-10-28	vendor-advisory
Bulletin de sécurité Apple 121570	2024-10-28	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "tvOS\u00a018.1 versions ant\u00e9rieures \u00e0 18.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS et iPadOS versions ant\u00e9rieures \u00e0 18.1",
      "product": {
        "name": "iOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS et iPadOS versions ant\u00e9rieures \u00e0 17.7.1",
      "product": {
        "name": "iOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15.1",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.7.1",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "watchOS\u00a011.1 versions ant\u00e9rieures \u00e0 11.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Ventura versions ant\u00e9rieures \u00e0 13.7.1",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "visionOS\u00a02.1 versions ant\u00e9rieures \u00e0 2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-44194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44194"
    },
    {
      "name": "CVE-2024-44296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44296"
    },
    {
      "name": "CVE-2024-44257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44257"
    },
    {
      "name": "CVE-2024-44289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44289"
    },
    {
      "name": "CVE-2024-44155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44155"
    },
    {
      "name": "CVE-2024-44280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44280"
    },
    {
      "name": "CVE-2024-44254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44254"
    },
    {
      "name": "CVE-2024-44256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44256"
    },
    {
      "name": "CVE-2024-44235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44235"
    },
    {
      "name": "CVE-2024-44195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44195"
    },
    {
      "name": "CVE-2024-44281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44281"
    },
    {
      "name": "CVE-2024-44251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44251"
    },
    {
      "name": "CVE-2024-44287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44287"
    },
    {
      "name": "CVE-2024-44284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44284"
    },
    {
      "name": "CVE-2024-44277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44277"
    },
    {
      "name": "CVE-2024-44237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44237"
    },
    {
      "name": "CVE-2024-44261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44261"
    },
    {
      "name": "CVE-2024-44213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44213"
    },
    {
      "name": "CVE-2024-44293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44293"
    },
    {
      "name": "CVE-2024-44223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44223"
    },
    {
      "name": "CVE-2024-44295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44295"
    },
    {
      "name": "CVE-2024-44270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44270"
    },
    {
      "name": "CVE-2024-44215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44215"
    },
    {
      "name": "CVE-2024-44244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44244"
    },
    {
      "name": "CVE-2024-44275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44275"
    },
    {
      "name": "CVE-2024-44156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44156"
    },
    {
      "name": "CVE-2024-44255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44255"
    },
    {
      "name": "CVE-2024-44247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44247"
    },
    {
      "name": "CVE-2024-44159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44159"
    },
    {
      "name": "CVE-2024-44175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44175"
    },
    {
      "name": "CVE-2024-44218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44218"
    },
    {
      "name": "CVE-2024-44252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44252"
    },
    {
      "name": "CVE-2024-44197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44197"
    },
    {
      "name": "CVE-2024-44264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44264"
    },
    {
      "name": "CVE-2024-44259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44259"
    },
    {
      "name": "CVE-2024-44216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44216"
    },
    {
      "name": "CVE-2024-40851",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40851"
    },
    {
      "name": "CVE-2024-44302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44302"
    },
    {
      "name": "CVE-2024-40855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40855"
    },
    {
      "name": "CVE-2024-38476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38476"
    },
    {
      "name": "CVE-2024-44267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44267"
    },
    {
      "name": "CVE-2024-44258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44258"
    },
    {
      "name": "CVE-2024-44196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44196"
    },
    {
      "name": "CVE-2024-44273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44273"
    },
    {
      "name": "CVE-2024-44122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44122"
    },
    {
      "name": "CVE-2024-44126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44126"
    },
    {
      "name": "CVE-2024-44278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44278"
    },
    {
      "name": "CVE-2024-38477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38477"
    },
    {
      "name": "CVE-2024-44292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44292"
    },
    {
      "name": "CVE-2024-44239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44239"
    },
    {
      "name": "CVE-2024-40867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40867"
    },
    {
      "name": "CVE-2024-44137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44137"
    },
    {
      "name": "CVE-2024-44279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44279"
    },
    {
      "name": "CVE-2024-44263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44263"
    },
    {
      "name": "CVE-2024-44231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44231"
    },
    {
      "name": "CVE-2024-40858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40858"
    },
    {
      "name": "CVE-2024-44269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44269"
    },
    {
      "name": "CVE-2024-44260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44260"
    },
    {
      "name": "CVE-2024-44298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44298"
    },
    {
      "name": "CVE-2024-44236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44236"
    },
    {
      "name": "CVE-2024-44274",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44274"
    },
    {
      "name": "CVE-2024-44283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44283"
    },
    {
      "name": "CVE-2024-44253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44253"
    },
    {
      "name": "CVE-2024-44285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44285"
    },
    {
      "name": "CVE-2024-44301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44301"
    },
    {
      "name": "CVE-2024-44265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44265"
    },
    {
      "name": "CVE-2024-44144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44144"
    },
    {
      "name": "CVE-2024-44297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44297"
    },
    {
      "name": "CVE-2024-44262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44262"
    },
    {
      "name": "CVE-2024-44222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44222"
    },
    {
      "name": "CVE-2024-44294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44294"
    },
    {
      "name": "CVE-2024-39573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39573"
    },
    {
      "name": "CVE-2024-44282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44282"
    },
    {
      "name": "CVE-2024-44240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44240"
    },
    {
      "name": "CVE-2024-44211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44211"
    },
    {
      "name": "CVE-2024-44229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44229"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0929",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-10-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": "2024-10-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 121566",
      "url": "https://support.apple.com/en-us/121566"
    },
    {
      "published_at": "2024-10-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 121568",
      "url": "https://support.apple.com/en-us/121568"
    },
    {
      "published_at": "2024-10-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 121565",
      "url": "https://support.apple.com/en-us/121565"
    },
    {
      "published_at": "2024-10-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 121564",
      "url": "https://support.apple.com/en-us/121564"
    },
    {
      "published_at": "2024-10-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 121563",
      "url": "https://support.apple.com/en-us/121563"
    },
    {
      "published_at": "2024-10-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 121569",
      "url": "https://support.apple.com/en-us/121569"
    },
    {
      "published_at": "2024-10-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 121567",
      "url": "https://support.apple.com/en-us/121567"
    },
    {
      "published_at": "2024-10-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 121570",
      "url": "https://support.apple.com/en-us/121570"
    }
  ]
}

CERTFR-2024-AVI-0932

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Apple	Safari	Safari versions antérieures à 18.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple 121571

2024-10-29

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Safari\u00a0versions ant\u00e9rieures \u00e0 18.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-44296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44296"
    },
    {
      "name": "CVE-2024-44244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44244"
    },
    {
      "name": "CVE-2024-44259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44259"
    },
    {
      "name": "CVE-2024-44229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44229"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0932",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-10-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": "2024-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 121571",
      "url": "https://support.apple.com/en-us/121571"
    }
  ]
}

CERTFR-2025-AVI-0319

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Oracle Java SE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Oracle	GraalVM Enterprise Edition	Oracle GraalVM Enterprise Edition version 20.3.17
Oracle	Java SE	Oracle Java SE version 21.0.6
Oracle	Java SE	Oracle Java SE version 8u441
Oracle	GraalVM Enterprise Edition	Oracle GraalVM for JDK version 21.0.6
Oracle	Java SE	Oracle Java SE version 17.0.14
Oracle	GraalVM Enterprise Edition	Oracle GraalVM for JDK version 24
Oracle	Java SE	Oracle Java SE version 11.0.26
Oracle	GraalVM Enterprise Edition	Oracle GraalVM for JDK version 17.0.14
Oracle	GraalVM Enterprise Edition	Oracle GraalVM Enterprise Edition version 21.3.13
Oracle	Java SE	Oracle Java SE version 24
Oracle	Java SE	Oracle Java SE version 8u441-perf

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle Java SE cpuapr2025

2025-04-15

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle GraalVM Enterprise Edition version 20.3.17",
      "product": {
        "name": "GraalVM Enterprise Edition",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE version 21.0.6",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE version 8u441",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle GraalVM for JDK version 21.0.6",
      "product": {
        "name": "GraalVM Enterprise Edition",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE version 17.0.14",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle GraalVM for JDK version 24",
      "product": {
        "name": "GraalVM Enterprise Edition",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE version 11.0.26",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle GraalVM for JDK version 17.0.14",
      "product": {
        "name": "GraalVM Enterprise Edition",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle GraalVM Enterprise Edition version 21.3.13",
      "product": {
        "name": "GraalVM Enterprise Edition",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE version 24",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE version 8u441-perf",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-54508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54508"
    },
    {
      "name": "CVE-2024-44296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44296"
    },
    {
      "name": "CVE-2024-54502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54502"
    },
    {
      "name": "CVE-2024-47544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47544"
    },
    {
      "name": "CVE-2024-54505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54505"
    },
    {
      "name": "CVE-2024-40866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40866"
    },
    {
      "name": "CVE-2024-47545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47545"
    },
    {
      "name": "CVE-2024-54479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54479"
    },
    {
      "name": "CVE-2024-47596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47596"
    },
    {
      "name": "CVE-2025-24150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24150"
    },
    {
      "name": "CVE-2024-27856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27856"
    },
    {
      "name": "CVE-2024-47606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47606"
    },
    {
      "name": "CVE-2024-44187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44187"
    },
    {
      "name": "CVE-2025-24162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24162"
    },
    {
      "name": "CVE-2025-30691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30691"
    },
    {
      "name": "CVE-2024-47546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47546"
    },
    {
      "name": "CVE-2024-44244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44244"
    },
    {
      "name": "CVE-2024-44309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44309"
    },
    {
      "name": "CVE-2024-47778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47778"
    },
    {
      "name": "CVE-2025-23085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
    },
    {
      "name": "CVE-2024-44308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44308"
    },
    {
      "name": "CVE-2024-47777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47777"
    },
    {
      "name": "CVE-2025-21587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
    },
    {
      "name": "CVE-2025-23083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
    },
    {
      "name": "CVE-2024-47597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47597"
    },
    {
      "name": "CVE-2025-30698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
    },
    {
      "name": "CVE-2024-44185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44185"
    },
    {
      "name": "CVE-2024-54543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54543"
    },
    {
      "name": "CVE-2025-23084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23084"
    },
    {
      "name": "CVE-2024-47776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47776"
    },
    {
      "name": "CVE-2024-47775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47775"
    },
    {
      "name": "CVE-2024-54534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54534"
    },
    {
      "name": "CVE-2025-24143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24143"
    },
    {
      "name": "CVE-2025-24158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24158"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0319",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-04-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Java SE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Java SE",
  "vendor_advisories": [
    {
      "published_at": "2025-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle Java SE cpuapr2025",
      "url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
    }
  ]
}

CERTFR-2024-AVI-0929

Vulnerability from certfr_avis - Published: - Updated:

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Apple	N/A	tvOS 18.1 versions antérieures à 18.1
Apple	iOS	iOS et iPadOS versions antérieures à 18.1
Apple	iOS	iOS et iPadOS versions antérieures à 17.7.1
Apple	macOS	macOS Sequoia versions antérieures à 15.1
Apple	macOS	macOS Sonoma versions antérieures à 14.7.1
Apple	N/A	watchOS 11.1 versions antérieures à 11.1
Apple	macOS	macOS Ventura versions antérieures à 13.7.1
Apple	N/A	visionOS 2.1 versions antérieures à 2.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple 121566	2024-10-28	vendor-advisory
Bulletin de sécurité Apple 121568	2024-10-28	vendor-advisory
Bulletin de sécurité Apple 121565	2024-10-28	vendor-advisory
Bulletin de sécurité Apple 121564	2024-10-28	vendor-advisory
Bulletin de sécurité Apple 121563	2024-10-28	vendor-advisory
Bulletin de sécurité Apple 121569	2024-10-28	vendor-advisory
Bulletin de sécurité Apple 121567	2024-10-28	vendor-advisory
Bulletin de sécurité Apple 121570	2024-10-28	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "tvOS\u00a018.1 versions ant\u00e9rieures \u00e0 18.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS et iPadOS versions ant\u00e9rieures \u00e0 18.1",
      "product": {
        "name": "iOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS et iPadOS versions ant\u00e9rieures \u00e0 17.7.1",
      "product": {
        "name": "iOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15.1",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.7.1",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "watchOS\u00a011.1 versions ant\u00e9rieures \u00e0 11.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Ventura versions ant\u00e9rieures \u00e0 13.7.1",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "visionOS\u00a02.1 versions ant\u00e9rieures \u00e0 2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-44194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44194"
    },
    {
      "name": "CVE-2024-44296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44296"
    },
    {
      "name": "CVE-2024-44257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44257"
    },
    {
      "name": "CVE-2024-44289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44289"
    },
    {
      "name": "CVE-2024-44155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44155"
    },
    {
      "name": "CVE-2024-44280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44280"
    },
    {
      "name": "CVE-2024-44254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44254"
    },
    {
      "name": "CVE-2024-44256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44256"
    },
    {
      "name": "CVE-2024-44235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44235"
    },
    {
      "name": "CVE-2024-44195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44195"
    },
    {
      "name": "CVE-2024-44281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44281"
    },
    {
      "name": "CVE-2024-44251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44251"
    },
    {
      "name": "CVE-2024-44287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44287"
    },
    {
      "name": "CVE-2024-44284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44284"
    },
    {
      "name": "CVE-2024-44277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44277"
    },
    {
      "name": "CVE-2024-44237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44237"
    },
    {
      "name": "CVE-2024-44261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44261"
    },
    {
      "name": "CVE-2024-44213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44213"
    },
    {
      "name": "CVE-2024-44293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44293"
    },
    {
      "name": "CVE-2024-44223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44223"
    },
    {
      "name": "CVE-2024-44295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44295"
    },
    {
      "name": "CVE-2024-44270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44270"
    },
    {
      "name": "CVE-2024-44215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44215"
    },
    {
      "name": "CVE-2024-44244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44244"
    },
    {
      "name": "CVE-2024-44275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44275"
    },
    {
      "name": "CVE-2024-44156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44156"
    },
    {
      "name": "CVE-2024-44255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44255"
    },
    {
      "name": "CVE-2024-44247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44247"
    },
    {
      "name": "CVE-2024-44159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44159"
    },
    {
      "name": "CVE-2024-44175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44175"
    },
    {
      "name": "CVE-2024-44218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44218"
    },
    {
      "name": "CVE-2024-44252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44252"
    },
    {
      "name": "CVE-2024-44197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44197"
    },
    {
      "name": "CVE-2024-44264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44264"
    },
    {
      "name": "CVE-2024-44259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44259"
    },
    {
      "name": "CVE-2024-44216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44216"
    },
    {
      "name": "CVE-2024-40851",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40851"
    },
    {
      "name": "CVE-2024-44302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44302"
    },
    {
      "name": "CVE-2024-40855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40855"
    },
    {
      "name": "CVE-2024-38476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38476"
    },
    {
      "name": "CVE-2024-44267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44267"
    },
    {
      "name": "CVE-2024-44258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44258"
    },
    {
      "name": "CVE-2024-44196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44196"
    },
    {
      "name": "CVE-2024-44273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44273"
    },
    {
      "name": "CVE-2024-44122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44122"
    },
    {
      "name": "CVE-2024-44126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44126"
    },
    {
      "name": "CVE-2024-44278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44278"
    },
    {
      "name": "CVE-2024-38477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38477"
    },
    {
      "name": "CVE-2024-44292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44292"
    },
    {
      "name": "CVE-2024-44239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44239"
    },
    {
      "name": "CVE-2024-40867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40867"
    },
    {
      "name": "CVE-2024-44137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44137"
    },
    {
      "name": "CVE-2024-44279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44279"
    },
    {
      "name": "CVE-2024-44263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44263"
    },
    {
      "name": "CVE-2024-44231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44231"
    },
    {
      "name": "CVE-2024-40858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40858"
    },
    {
      "name": "CVE-2024-44269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44269"
    },
    {
      "name": "CVE-2024-44260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44260"
    },
    {
      "name": "CVE-2024-44298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44298"
    },
    {
      "name": "CVE-2024-44236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44236"
    },
    {
      "name": "CVE-2024-44274",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44274"
    },
    {
      "name": "CVE-2024-44283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44283"
    },
    {
      "name": "CVE-2024-44253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44253"
    },
    {
      "name": "CVE-2024-44285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44285"
    },
    {
      "name": "CVE-2024-44301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44301"
    },
    {
      "name": "CVE-2024-44265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44265"
    },
    {
      "name": "CVE-2024-44144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44144"
    },
    {
      "name": "CVE-2024-44297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44297"
    },
    {
      "name": "CVE-2024-44262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44262"
    },
    {
      "name": "CVE-2024-44222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44222"
    },
    {
      "name": "CVE-2024-44294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44294"
    },
    {
      "name": "CVE-2024-39573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39573"
    },
    {
      "name": "CVE-2024-44282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44282"
    },
    {
      "name": "CVE-2024-44240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44240"
    },
    {
      "name": "CVE-2024-44211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44211"
    },
    {
      "name": "CVE-2024-44229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44229"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0929",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-10-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": "2024-10-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 121566",
      "url": "https://support.apple.com/en-us/121566"
    },
    {
      "published_at": "2024-10-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 121568",
      "url": "https://support.apple.com/en-us/121568"
    },
    {
      "published_at": "2024-10-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 121565",
      "url": "https://support.apple.com/en-us/121565"
    },
    {
      "published_at": "2024-10-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 121564",
      "url": "https://support.apple.com/en-us/121564"
    },
    {
      "published_at": "2024-10-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 121563",
      "url": "https://support.apple.com/en-us/121563"
    },
    {
      "published_at": "2024-10-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 121569",
      "url": "https://support.apple.com/en-us/121569"
    },
    {
      "published_at": "2024-10-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 121567",
      "url": "https://support.apple.com/en-us/121567"
    },
    {
      "published_at": "2024-10-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 121570",
      "url": "https://support.apple.com/en-us/121570"
    }
  ]
}

CERTFR-2024-AVI-0932

Vulnerability from certfr_avis - Published: - Updated:

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Apple	Safari	Safari versions antérieures à 18.1

References

Title

Publication Time

Tags

Bulletin de sécurité Apple 121571

2024-10-29

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Safari\u00a0versions ant\u00e9rieures \u00e0 18.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-44296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44296"
    },
    {
      "name": "CVE-2024-44244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44244"
    },
    {
      "name": "CVE-2024-44259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44259"
    },
    {
      "name": "CVE-2024-44229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44229"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0932",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-10-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": "2024-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 121571",
      "url": "https://support.apple.com/en-us/121571"
    }
  ]
}

CERTFR-2025-AVI-0319

Vulnerability from certfr_avis - Published: - Updated:

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Oracle	GraalVM Enterprise Edition	Oracle GraalVM Enterprise Edition version 20.3.17
Oracle	Java SE	Oracle Java SE version 21.0.6
Oracle	Java SE	Oracle Java SE version 8u441
Oracle	GraalVM Enterprise Edition	Oracle GraalVM for JDK version 21.0.6
Oracle	Java SE	Oracle Java SE version 17.0.14
Oracle	GraalVM Enterprise Edition	Oracle GraalVM for JDK version 24
Oracle	Java SE	Oracle Java SE version 11.0.26
Oracle	GraalVM Enterprise Edition	Oracle GraalVM for JDK version 17.0.14
Oracle	GraalVM Enterprise Edition	Oracle GraalVM Enterprise Edition version 21.3.13
Oracle	Java SE	Oracle Java SE version 24
Oracle	Java SE	Oracle Java SE version 8u441-perf

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle Java SE cpuapr2025

2025-04-15

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle GraalVM Enterprise Edition version 20.3.17",
      "product": {
        "name": "GraalVM Enterprise Edition",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE version 21.0.6",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE version 8u441",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle GraalVM for JDK version 21.0.6",
      "product": {
        "name": "GraalVM Enterprise Edition",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE version 17.0.14",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle GraalVM for JDK version 24",
      "product": {
        "name": "GraalVM Enterprise Edition",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE version 11.0.26",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle GraalVM for JDK version 17.0.14",
      "product": {
        "name": "GraalVM Enterprise Edition",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle GraalVM Enterprise Edition version 21.3.13",
      "product": {
        "name": "GraalVM Enterprise Edition",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE version 24",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE version 8u441-perf",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-54508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54508"
    },
    {
      "name": "CVE-2024-44296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44296"
    },
    {
      "name": "CVE-2024-54502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54502"
    },
    {
      "name": "CVE-2024-47544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47544"
    },
    {
      "name": "CVE-2024-54505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54505"
    },
    {
      "name": "CVE-2024-40866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40866"
    },
    {
      "name": "CVE-2024-47545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47545"
    },
    {
      "name": "CVE-2024-54479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54479"
    },
    {
      "name": "CVE-2024-47596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47596"
    },
    {
      "name": "CVE-2025-24150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24150"
    },
    {
      "name": "CVE-2024-27856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27856"
    },
    {
      "name": "CVE-2024-47606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47606"
    },
    {
      "name": "CVE-2024-44187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44187"
    },
    {
      "name": "CVE-2025-24162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24162"
    },
    {
      "name": "CVE-2025-30691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30691"
    },
    {
      "name": "CVE-2024-47546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47546"
    },
    {
      "name": "CVE-2024-44244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44244"
    },
    {
      "name": "CVE-2024-44309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44309"
    },
    {
      "name": "CVE-2024-47778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47778"
    },
    {
      "name": "CVE-2025-23085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
    },
    {
      "name": "CVE-2024-44308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44308"
    },
    {
      "name": "CVE-2024-47777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47777"
    },
    {
      "name": "CVE-2025-21587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
    },
    {
      "name": "CVE-2025-23083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
    },
    {
      "name": "CVE-2024-47597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47597"
    },
    {
      "name": "CVE-2025-30698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
    },
    {
      "name": "CVE-2024-44185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44185"
    },
    {
      "name": "CVE-2024-54543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54543"
    },
    {
      "name": "CVE-2025-23084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23084"
    },
    {
      "name": "CVE-2024-47776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47776"
    },
    {
      "name": "CVE-2024-47775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47775"
    },
    {
      "name": "CVE-2024-54534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54534"
    },
    {
      "name": "CVE-2025-24143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24143"
    },
    {
      "name": "CVE-2025-24158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24158"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0319",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-04-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Java SE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Java SE",
  "vendor_advisories": [
    {
      "published_at": "2025-04-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle Java SE cpuapr2025",
      "url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
    }
  ]
}

alsa-2024:9553

Vulnerability from osv_almalinux

Published

2024-11-13 00:00

Modified

2024-11-18 11:52

Summary

Important: webkit2gtk3 security update

Details

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

webkitgtk: Visiting a malicious website may lead to address bar spoofing (CVE-2024-40866)
webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2024-44187)
webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44185)
webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44244)
webkitgtk: webkit2gtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2024-44296)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:9553	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-40866	REPORT
	https://access.redhat.com/security/cve/CVE-2024-44185	REPORT
	https://access.redhat.com/security/cve/CVE-2024-44187	REPORT
	https://access.redhat.com/security/cve/CVE-2024-44244	REPORT
	https://access.redhat.com/security/cve/CVE-2024-44296	REPORT
	https://bugzilla.redhat.com/2312724	REPORT
	https://bugzilla.redhat.com/2314706	REPORT
	https://bugzilla.redhat.com/2323263	REPORT
	https://bugzilla.redhat.com/2323278	REPORT
	https://bugzilla.redhat.com/2323289	REPORT
	https://errata.almalinux.org/9/ALSA-2024-9553.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "webkit2gtk3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.46.3-1.el9_5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "webkit2gtk3-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.46.3-1.el9_5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "webkit2gtk3-jsc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.46.3-1.el9_5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "webkit2gtk3-jsc-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.46.3-1.el9_5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.  \n\nSecurity Fix(es):  \n\n  * webkitgtk: Visiting a malicious website may lead to address bar spoofing (CVE-2024-40866)\n  * webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2024-44187)\n  * webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44185)\n  * webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44244)\n  * webkitgtk: webkit2gtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2024-44296)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2024:9553",
  "modified": "2024-11-18T11:52:36Z",
  "published": "2024-11-13T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:9553"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-40866"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-44185"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-44187"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-44244"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-44296"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2312724"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2314706"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2323263"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2323278"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2323289"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2024-9553.html"
    }
  ],
  "related": [
    "CVE-2024-40866",
    "CVE-2024-44187",
    "CVE-2024-44185",
    "CVE-2024-44244",
    "CVE-2024-44296"
  ],
  "summary": "Important: webkit2gtk3 security update"
}

alsa-2024:9636

Vulnerability from osv_almalinux

Published

2024-11-14 00:00

Modified

2024-11-15 12:47

Summary

Important: webkit2gtk3 security update

Details

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

chromium-browser: Use after free in ANGLE (CVE-2024-4558)
webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)
webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)
webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)
webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)
webkitgtk: Visiting a malicious website may lead to address bar spoofing (CVE-2024-40866)
webkitgtk: A malicious website may cause unexpected cross-origin behavior (CVE-2024-23271)
webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)
webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2024-27838)
webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)
webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2024-44187)
webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44185)
webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44244)
webkitgtk: webkit2gtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2024-44296)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:9636	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-23271	REPORT
	https://access.redhat.com/security/cve/CVE-2024-27820	REPORT
	https://access.redhat.com/security/cve/CVE-2024-27838	REPORT
	https://access.redhat.com/security/cve/CVE-2024-27851	REPORT
	https://access.redhat.com/security/cve/CVE-2024-40779	REPORT
	https://access.redhat.com/security/cve/CVE-2024-40780	REPORT
	https://access.redhat.com/security/cve/CVE-2024-40782	REPORT
	https://access.redhat.com/security/cve/CVE-2024-40789	REPORT
	https://access.redhat.com/security/cve/CVE-2024-40866	REPORT
	https://access.redhat.com/security/cve/CVE-2024-44185	REPORT
	https://access.redhat.com/security/cve/CVE-2024-44187	REPORT
	https://access.redhat.com/security/cve/CVE-2024-44244	REPORT
	https://access.redhat.com/security/cve/CVE-2024-44296	REPORT
	https://access.redhat.com/security/cve/CVE-2024-4558	REPORT
	https://bugzilla.redhat.com/2279689	REPORT
	https://bugzilla.redhat.com/2302067	REPORT
	https://bugzilla.redhat.com/2302069	REPORT
	https://bugzilla.redhat.com/2302070	REPORT
	https://bugzilla.redhat.com/2302071	REPORT
	https://bugzilla.redhat.com/2312724	REPORT
	https://bugzilla.redhat.com/2314696	REPORT
	https://bugzilla.redhat.com/2314698	REPORT
	https://bugzilla.redhat.com/2314702	REPORT
	https://bugzilla.redhat.com/2314704	REPORT
	https://bugzilla.redhat.com/2314706	REPORT
	https://bugzilla.redhat.com/2323263	REPORT
	https://bugzilla.redhat.com/2323278	REPORT
	https://bugzilla.redhat.com/2323289	REPORT
	https://errata.almalinux.org/8/ALSA-2024-9636.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.46.3-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.46.3-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3-jsc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.46.3-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3-jsc-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.46.3-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.  \n\nSecurity Fix(es):  \n\n  * chromium-browser: Use after free in ANGLE (CVE-2024-4558)\n  * webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)\n  * webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)\n  * webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)\n  * webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)\n  * webkitgtk: Visiting a malicious website may lead to address bar spoofing (CVE-2024-40866)\n  * webkitgtk: A malicious website may cause unexpected cross-origin behavior (CVE-2024-23271)\n  * webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)\n  * webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2024-27838)\n  * webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)\n  * webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2024-44187)\n  * webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44185)\n  * webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44244)\n  * webkitgtk: webkit2gtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2024-44296)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2024:9636",
  "modified": "2024-11-15T12:47:22Z",
  "published": "2024-11-14T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:9636"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-23271"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-27820"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-27838"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-27851"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-40779"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-40780"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-40782"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-40789"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-40866"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-44185"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-44187"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-44244"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-44296"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-4558"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2279689"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2302067"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2302069"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2302070"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2302071"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2312724"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2314696"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2314698"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2314702"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2314704"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2314706"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2323263"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2323278"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2323289"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2024-9636.html"
    }
  ],
  "related": [
    "CVE-2024-4558",
    "CVE-2024-40789",
    "CVE-2024-40780",
    "CVE-2024-40779",
    "CVE-2024-40782",
    "CVE-2024-40866",
    "CVE-2024-23271",
    "CVE-2024-27820",
    "CVE-2024-27838",
    "CVE-2024-27851",
    "CVE-2024-44187",
    "CVE-2024-44185",
    "CVE-2024-44244",
    "CVE-2024-44296"
  ],
  "summary": "Important: webkit2gtk3 security update"
}

BDU:2025-04166

Vulnerability from fstec - Published: 28.10.2024

Title

Уязвимость модулей отображения веб-страниц WPE WebKit и WebKitGTK, связанная с записью за границами буфера, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость модулей отображения веб-страниц WPE WebKit и WebKitGTK связана с записью за границами буфера. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании

Severity


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Vendor

Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра»

Software Name

Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), WPE WebKit, WebKitGTK

Software Version

10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 1.8 (Astra Linux Special Edition), до 2.46.3 (WPE WebKit), до 2.46.3 (WebKitGTK)

Possible Mitigations

В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года. Использование рекомендаций: Для WPE WebKit: использование рекомендаций производителя: https://webkitgtk.org/security/WSA-2024-0006.html Для WebKitGTK: использование рекомендаций производителя: https://webkitgtk.org/security/WSA-2024-0006.html Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2024-44244 Для ОС Astra Linux: обновить пакет webkit2gtk до 2.46.4-1~deb11u1.astra1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17 Для ОС Astra Linux: обновить пакет webkit2gtk до 2.48.0-1~deb12u1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0411SE18 Для ОС Astra Linux: обновить пакет webkit2gtk до 2.46.6-1~deb11u1.astra2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-0422SE47

Reference

https://nvd.nist.gov/vuln/detail/CVE-2024-44244 https://security-tracker.debian.org/tracker/CVE-2024-44244 https://support.apple.com/en-us/121563 https://support.apple.com/en-us/121564 https://support.apple.com/en-us/121565 https://support.apple.com/en-us/121566 https://support.apple.com/en-us/121569 https://support.apple.com/en-us/121571 https://webkitgtk.org/security/WSA-2024-0006.html https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17 https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0411SE18 https://webkitgtk.org/security/WSA-2024-0006.html https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-0422SE47

CWE

CWE-787

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 1.8 (Astra Linux Special Edition), \u0434\u043e 2.46.3 (WPE WebKit), \u0434\u043e 2.46.3 (WebKitGTK)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f WPE WebKit:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://webkitgtk.org/security/WSA-2024-0006.html\n\n\u0414\u043b\u044f WebKitGTK:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://webkitgtk.org/security/WSA-2024-0006.html\n\n\u0414\u043b\u044f Debian GNU/Linux:\n https://security-tracker.debian.org/tracker/CVE-2024-44244\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 webkit2gtk \u0434\u043e 2.46.4-1~deb11u1.astra1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 webkit2gtk \u0434\u043e 2.48.0-1~deb12u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0411SE18\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 webkit2gtk \u0434\u043e 2.46.6-1~deb11u1.astra2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-0422SE47",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "28.10.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "06.05.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "10.04.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-04166",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-44244",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), WPE WebKit, WebKitGTK",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.8  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u0435\u0439 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446 WPE WebKit \u0438 WebKitGTK, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u0435\u0439 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446 WPE WebKit \u0438 WebKitGTK \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2024-44244\nhttps://security-tracker.debian.org/tracker/CVE-2024-44244\nhttps://support.apple.com/en-us/121563\nhttps://support.apple.com/en-us/121564\nhttps://support.apple.com/en-us/121565\nhttps://support.apple.com/en-us/121566\nhttps://support.apple.com/en-us/121569\nhttps://support.apple.com/en-us/121571\nhttps://webkitgtk.org/security/WSA-2024-0006.html\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17\nhttps://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0411SE18\nhttps://webkitgtk.org/security/WSA-2024-0006.html\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-0422SE47",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-787",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)"
}

FKIE_CVE-2024-44244

Vulnerability from fkie_nvd - Published: 2024-10-28 21:15 - Updated: 2026-04-02 19:18

Severity

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Summary

References

URL	Tags
product-security@apple.com	https://support.apple.com/en-us/121563	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/121564	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/121565	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/121566	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/121569	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/121571	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2024/Oct/11
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2024/Oct/15
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2024/Oct/19
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2024/Oct/9
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2024/11/msg00019.html

Impacted products

Vendor	Product	Version
apple	ipados	*
apple	iphone_os	*
apple	macos	*
apple	safari	*
apple	tvos	*
apple	visionos	*
apple	watchos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F64554D-9F90-4871-9A0B-FB28BD52F4B3",
              "versionEndExcluding": "18.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9A26654-0DDB-4D4D-BB1E-C65C3339148E",
              "versionEndExcluding": "18.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D298E1D-DD23-4D35-9DE4-E3F5999F97AA",
              "versionEndExcluding": "15.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:safari:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B754D7C-3FF7-4275-9C5B-4DCECFACD491",
              "versionEndExcluding": "18.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D57FCAE-9B33-4532-BC69-BC3D35719EDB",
              "versionEndExcluding": "18.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "15E4723D-CD2B-4486-A69C-27F843844A80",
              "versionEndExcluding": "2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DB9A303-7D3D-4167-9F28-64AA4B1EC0E1",
              "versionEndExcluding": "11.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 18.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing maliciously crafted web content may lead to an unexpected process crash."
    },
    {
      "lang": "es",
      "value": "Se solucion\u00f3 un problema de corrupci\u00f3n de memoria con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en iOS 18.1 y iPadOS 18.1, watchOS 11.1, visionOS 2.1 y tvOS 18.1. El procesamiento de contenido web manipulado con fines malintencionados puede provocar un bloqueo inesperado del proceso."
    }
  ],
  "id": "CVE-2024-44244",
  "lastModified": "2026-04-02T19:18:27.410",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-10-28T21:15:06.637",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/121563"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/121564"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/121565"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/121566"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/121569"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/121571"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2024/Oct/11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2024/Oct/15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2024/Oct/19"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2024/Oct/9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00019.html"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-44244 (GCVE-0-2024-44244)

Solutions

Solutions

Solutions

Solutions

Solutions

Solutions

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Tags

Sightings

Nomenclature