Action not permitted
Modal body text goes here.
Modal Title
Modal Body
alsa-2023:2834
Vulnerability from osv_almalinux
Published
2023-05-16 00:00
Modified
2023-05-19 22:03
Summary
Important: webkit2gtk3 security and bug fix update
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
- webkitgtk: use-after-free issue leading to arbitrary code execution (CVE-2022-42826)
- webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2023-23517)
- webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2023-23518)
- webkitgtk: buffer overflow issue was addressed with improved memory handling (CVE-2022-32886)
- webkitgtk: out-of-bounds write issue was addressed with improved bounds checking (CVE-2022-32888)
- webkitgtk: correctness issue in the JIT was addressed with improved checks (CVE-2022-32923)
- webkitgtk: issue was addressed with improved UI handling (CVE-2022-42799)
- webkitgtk: type confusion issue leading to arbitrary code execution (CVE-2022-42823)
- webkitgtk: sensitive information disclosure issue (CVE-2022-42824)
- webkitgtk: memory disclosure issue was addressed with improved memory handling (CVE-2022-42852)
- webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-42863)
- webkitgtk: use-after-free issue leading to arbitrary code execution (CVE-2022-42867)
- webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46691)
- webkitgtk: Same Origin Policy bypass issue (CVE-2022-46692)
- webkitgtk: logic issue leading to user information disclosure (CVE-2022-46698)
- webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46699)
- webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46700)
- webkitgtk: heap-use-after-free in WebCore::RenderLayer::addChild() (CVE-2023-25358)
- webkitgtk: heap-use-after-free in WebCore::RenderLayer::renderer() (CVE-2023-25360)
- webkitgtk: heap-use-after-free in WebCore::RenderLayer::setNextSibling() (CVE-2023-25361)
- webkitgtk: heap-use-after-free in WebCore::RenderLayer::repaintBlockSelectionGaps() (CVE-2023-25362)
- webkitgtk: heap-use-after-free in WebCore::RenderLayer::updateDescendantDependentFlags() (CVE-2023-25363)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "webkit2gtk3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.38.5-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "webkit2gtk3-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.38.5-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "webkit2gtk3-jsc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.38.5-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "webkit2gtk3-jsc-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.38.5-1.el8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: use-after-free issue leading to arbitrary code execution (CVE-2022-42826)\n* webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2023-23517)\n* webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2023-23518)\n* webkitgtk: buffer overflow issue was addressed with improved memory handling (CVE-2022-32886)\n* webkitgtk: out-of-bounds write issue was addressed with improved bounds checking (CVE-2022-32888)\n* webkitgtk: correctness issue in the JIT was addressed with improved checks (CVE-2022-32923)\n* webkitgtk: issue was addressed with improved UI handling (CVE-2022-42799)\n* webkitgtk: type confusion issue leading to arbitrary code execution (CVE-2022-42823)\n* webkitgtk: sensitive information disclosure issue (CVE-2022-42824)\n* webkitgtk: memory disclosure issue was addressed with improved memory handling (CVE-2022-42852)\n* webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-42863)\n* webkitgtk: use-after-free issue leading to arbitrary code execution (CVE-2022-42867)\n* webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46691)\n* webkitgtk: Same Origin Policy bypass issue (CVE-2022-46692)\n* webkitgtk: logic issue leading to user information disclosure (CVE-2022-46698)\n* webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46699)\n* webkitgtk: memory corruption issue leading to arbitrary code execution (CVE-2022-46700)\n* webkitgtk: heap-use-after-free in WebCore::RenderLayer::addChild() (CVE-2023-25358)\n* webkitgtk: heap-use-after-free in WebCore::RenderLayer::renderer() (CVE-2023-25360)\n* webkitgtk: heap-use-after-free in WebCore::RenderLayer::setNextSibling() (CVE-2023-25361)\n* webkitgtk: heap-use-after-free in WebCore::RenderLayer::repaintBlockSelectionGaps() (CVE-2023-25362)\n* webkitgtk: heap-use-after-free in WebCore::RenderLayer::updateDescendantDependentFlags() (CVE-2023-25363)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2023:2834",
"modified": "2023-05-19T22:03:35Z",
"published": "2023-05-16T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:2834"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-32886"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-32888"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-32923"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-42799"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-42823"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-42824"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-42826"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-42852"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-42863"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-42867"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-46691"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-46692"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-46698"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-46699"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-46700"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-23517"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-23518"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25358"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25360"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25361"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25362"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25363"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2128643"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2140501"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2140502"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2140503"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2140504"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2140505"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2156986"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2156987"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2156989"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2156990"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2156991"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2156992"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2156993"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2156994"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2167715"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2167716"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2167717"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2175099"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2175101"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2175103"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2175105"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2175107"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2023-2834.html"
}
],
"related": [
"CVE-2022-42826",
"CVE-2023-23517",
"CVE-2023-23518",
"CVE-2022-32886",
"CVE-2022-32888",
"CVE-2022-32923",
"CVE-2022-42799",
"CVE-2022-42823",
"CVE-2022-42824",
"CVE-2022-42852",
"CVE-2022-42863",
"CVE-2022-42867",
"CVE-2022-46691",
"CVE-2022-46692",
"CVE-2022-46698",
"CVE-2022-46699",
"CVE-2022-46700",
"CVE-2023-25358",
"CVE-2023-25360",
"CVE-2023-25361",
"CVE-2023-25362",
"CVE-2023-25363"
],
"summary": "Important: webkit2gtk3 security and bug fix update"
}
CVE-2022-46691 (GCVE-0-2022-46691)
Vulnerability from cvelistv5 – Published: 2022-12-15 00:00 – Updated: 2025-04-21 14:29
VLAI
EPSS
Summary
A memory consumption issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
Severity
8.8 (High)
CWE
- Processing maliciously crafted web content may lead to arbitrary code execution
Assigner
References
13 references
| URL | Tags |
|---|---|
| https://support.apple.com/en-us/HT213535 | |
| https://support.apple.com/en-us/HT213532 | |
| https://support.apple.com/en-us/HT213530 | |
| https://support.apple.com/en-us/HT213531 | |
| https://support.apple.com/en-us/HT213536 | |
| https://support.apple.com/en-us/HT213537 | |
| http://seclists.org/fulldisclosure/2022/Dec/20 | mailing-list |
| http://seclists.org/fulldisclosure/2022/Dec/21 | mailing-list |
| http://seclists.org/fulldisclosure/2022/Dec/23 | mailing-list |
| http://seclists.org/fulldisclosure/2022/Dec/26 | mailing-list |
| http://seclists.org/fulldisclosure/2022/Dec/28 | mailing-list |
| http://seclists.org/fulldisclosure/2022/Dec/27 | mailing-list |
| https://security.gentoo.org/glsa/202305-32 |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | tvOS |
Affected:
unspecified , < 16.2
(custom)
|
|
| Apple | tvOS |
Affected:
unspecified , < 13.1
(custom)
|
|
| Apple | tvOS |
Affected:
unspecified , < 16.2
(custom)
|
|
| Apple | tvOS |
Affected:
unspecified , < 15.7
(custom)
|
|
| Apple | watchOS |
Affected:
unspecified , < 9.2
(custom)
|
|
| Apple | watchOS |
Affected:
unspecified , < 16.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:39:38.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213535"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213532"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213530"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213531"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213536"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213537"
},
{
"name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/20"
},
{
"name": "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/21"
},
{
"name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/23"
},
{
"name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/26"
},
{
"name": "20221220 APPLE-SA-2022-12-13-9 Safari 16.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/28"
},
{
"name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/27"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-32"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-46691",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-21T14:28:40.983800Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T14:29:07.611Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "9.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory consumption issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-30T05:10:41.971Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213535"
},
{
"url": "https://support.apple.com/en-us/HT213532"
},
{
"url": "https://support.apple.com/en-us/HT213530"
},
{
"url": "https://support.apple.com/en-us/HT213531"
},
{
"url": "https://support.apple.com/en-us/HT213536"
},
{
"url": "https://support.apple.com/en-us/HT213537"
},
{
"name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/20"
},
{
"name": "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/21"
},
{
"name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/23"
},
{
"name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/26"
},
{
"name": "20221220 APPLE-SA-2022-12-13-9 Safari 16.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/28"
},
{
"name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/27"
},
{
"url": "https://security.gentoo.org/glsa/202305-32"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2022-46691",
"datePublished": "2022-12-15T00:00:00.000Z",
"dateReserved": "2022-12-07T00:00:00.000Z",
"dateUpdated": "2025-04-21T14:29:07.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46692 (GCVE-0-2022-46692)
Vulnerability from cvelistv5 – Published: 2022-12-15 00:00 – Updated: 2025-04-21 14:27
VLAI
EPSS
Summary
A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy.
Severity
5.5 (Medium)
CWE
- Processing maliciously crafted web content may bypass Same Origin Policy
Assigner
References
13 references
| URL | Tags |
|---|---|
| https://support.apple.com/en-us/HT213535 | |
| https://support.apple.com/en-us/HT213532 | |
| https://support.apple.com/en-us/HT213538 | |
| https://support.apple.com/en-us/HT213530 | |
| https://support.apple.com/en-us/HT213531 | |
| https://support.apple.com/en-us/HT213536 | |
| https://support.apple.com/en-us/HT213537 | |
| http://seclists.org/fulldisclosure/2022/Dec/20 | mailing-list |
| http://seclists.org/fulldisclosure/2022/Dec/21 | mailing-list |
| http://seclists.org/fulldisclosure/2022/Dec/23 | mailing-list |
| http://seclists.org/fulldisclosure/2022/Dec/26 | mailing-list |
| http://seclists.org/fulldisclosure/2022/Dec/28 | mailing-list |
| https://security.gentoo.org/glsa/202305-32 |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | iCloud for Windows |
Affected:
unspecified , < 14.1
(custom)
|
|
| Apple | tvOS |
Affected:
unspecified , < 16.2
(custom)
|
|
| Apple | tvOS |
Affected:
unspecified , < 13.1
(custom)
|
|
| Apple | tvOS |
Affected:
unspecified , < 16.2
(custom)
|
|
| Apple | tvOS |
Affected:
unspecified , < 15.7
(custom)
|
|
| Apple | watchOS |
Affected:
unspecified , < 9.2
(custom)
|
|
| Apple | watchOS |
Affected:
unspecified , < 16.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:39:38.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213535"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213532"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213538"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213530"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213531"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213536"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213537"
},
{
"name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/20"
},
{
"name": "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/21"
},
{
"name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/23"
},
{
"name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/26"
},
{
"name": "20221220 APPLE-SA-2022-12-13-9 Safari 16.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/28"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-32"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-46692",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-21T14:27:01.532535Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345 Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T14:27:34.750Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iCloud for Windows",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "9.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may bypass Same Origin Policy",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-30T05:09:55.806Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213535"
},
{
"url": "https://support.apple.com/en-us/HT213532"
},
{
"url": "https://support.apple.com/en-us/HT213538"
},
{
"url": "https://support.apple.com/en-us/HT213530"
},
{
"url": "https://support.apple.com/en-us/HT213531"
},
{
"url": "https://support.apple.com/en-us/HT213536"
},
{
"url": "https://support.apple.com/en-us/HT213537"
},
{
"name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/20"
},
{
"name": "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/21"
},
{
"name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/23"
},
{
"name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/26"
},
{
"name": "20221220 APPLE-SA-2022-12-13-9 Safari 16.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/28"
},
{
"url": "https://security.gentoo.org/glsa/202305-32"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2022-46692",
"datePublished": "2022-12-15T00:00:00.000Z",
"dateReserved": "2022-12-07T00:00:00.000Z",
"dateUpdated": "2025-04-21T14:27:34.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46698 (GCVE-0-2022-46698)
Vulnerability from cvelistv5 – Published: 2022-12-15 00:00 – Updated: 2025-04-21 13:47
VLAI
EPSS
Summary
A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may disclose sensitive user information.
Severity
6.5 (Medium)
CWE
- Processing maliciously crafted web content may disclose sensitive user information
Assigner
References
12 references
| URL | Tags |
|---|---|
| https://support.apple.com/en-us/HT213535 | |
| https://support.apple.com/en-us/HT213532 | |
| https://support.apple.com/en-us/HT213538 | |
| https://support.apple.com/en-us/HT213530 | |
| https://support.apple.com/en-us/HT213536 | |
| https://support.apple.com/en-us/HT213537 | |
| http://seclists.org/fulldisclosure/2022/Dec/20 | mailing-list |
| http://seclists.org/fulldisclosure/2022/Dec/23 | mailing-list |
| http://seclists.org/fulldisclosure/2022/Dec/26 | mailing-list |
| http://seclists.org/fulldisclosure/2022/Dec/28 | mailing-list |
| http://seclists.org/fulldisclosure/2022/Dec/27 | mailing-list |
| https://security.gentoo.org/glsa/202305-32 |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | iCloud for Windows |
Affected:
unspecified , < 14.1
(custom)
|
|
| Apple | tvOS |
Affected:
unspecified , < 16.2
(custom)
|
|
| Apple | tvOS |
Affected:
unspecified , < 13.1
(custom)
|
|
| Apple | tvOS |
Affected:
unspecified , < 16.2
(custom)
|
|
| Apple | watchOS |
Affected:
unspecified , < 9.2
(custom)
|
|
| Apple | watchOS |
Affected:
unspecified , < 16.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:39:38.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213535"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213532"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213538"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213530"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213536"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213537"
},
{
"name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/20"
},
{
"name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/23"
},
{
"name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/26"
},
{
"name": "20221220 APPLE-SA-2022-12-13-9 Safari 16.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/28"
},
{
"name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/27"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-32"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-46698",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-21T13:47:18.595342Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T13:47:23.617Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iCloud for Windows",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "9.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved checks. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may disclose sensitive user information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may disclose sensitive user information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-30T05:10:14.768Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213535"
},
{
"url": "https://support.apple.com/en-us/HT213532"
},
{
"url": "https://support.apple.com/en-us/HT213538"
},
{
"url": "https://support.apple.com/en-us/HT213530"
},
{
"url": "https://support.apple.com/en-us/HT213536"
},
{
"url": "https://support.apple.com/en-us/HT213537"
},
{
"name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/20"
},
{
"name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/23"
},
{
"name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/26"
},
{
"name": "20221220 APPLE-SA-2022-12-13-9 Safari 16.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/28"
},
{
"name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/27"
},
{
"url": "https://security.gentoo.org/glsa/202305-32"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2022-46698",
"datePublished": "2022-12-15T00:00:00.000Z",
"dateReserved": "2022-12-07T00:00:00.000Z",
"dateUpdated": "2025-04-21T13:47:23.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46699 (GCVE-0-2022-46699)
Vulnerability from cvelistv5 – Published: 2022-12-15 00:00 – Updated: 2025-04-21 13:45
VLAI
EPSS
Summary
A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
Severity
8.8 (High)
CWE
- Processing maliciously crafted web content may lead to arbitrary code execution
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://support.apple.com/en-us/HT213535 | |
| https://support.apple.com/en-us/HT213532 | |
| https://support.apple.com/en-us/HT213530 | |
| https://support.apple.com/en-us/HT213536 | |
| https://support.apple.com/en-us/HT213537 | |
| http://seclists.org/fulldisclosure/2022/Dec/20 | mailing-list |
| http://seclists.org/fulldisclosure/2022/Dec/23 | mailing-list |
| http://seclists.org/fulldisclosure/2022/Dec/26 | mailing-list |
| http://seclists.org/fulldisclosure/2022/Dec/28 | mailing-list |
| http://seclists.org/fulldisclosure/2022/Dec/27 | mailing-list |
| https://security.gentoo.org/glsa/202305-32 |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:39:38.530Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213535"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213532"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213530"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213536"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213537"
},
{
"name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/20"
},
{
"name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/23"
},
{
"name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/26"
},
{
"name": "20221220 APPLE-SA-2022-12-13-9 Safari 16.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/28"
},
{
"name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/27"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-32"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-46699",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-21T13:45:37.952643Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T13:45:45.752Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "9.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-30T05:09:53.896Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213535"
},
{
"url": "https://support.apple.com/en-us/HT213532"
},
{
"url": "https://support.apple.com/en-us/HT213530"
},
{
"url": "https://support.apple.com/en-us/HT213536"
},
{
"url": "https://support.apple.com/en-us/HT213537"
},
{
"name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/20"
},
{
"name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/23"
},
{
"name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/26"
},
{
"name": "20221220 APPLE-SA-2022-12-13-9 Safari 16.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/28"
},
{
"name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/27"
},
{
"url": "https://security.gentoo.org/glsa/202305-32"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2022-46699",
"datePublished": "2022-12-15T00:00:00.000Z",
"dateReserved": "2022-12-07T00:00:00.000Z",
"dateUpdated": "2025-04-21T13:45:45.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46700 (GCVE-0-2022-46700)
Vulnerability from cvelistv5 – Published: 2022-12-15 00:00 – Updated: 2025-04-21 13:44
VLAI
EPSS
Summary
A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution.
Severity
8.8 (High)
CWE
- Processing maliciously crafted web content may lead to arbitrary code execution
Assigner
References
13 references
| URL | Tags |
|---|---|
| https://support.apple.com/en-us/HT213535 | |
| https://support.apple.com/en-us/HT213532 | |
| https://support.apple.com/en-us/HT213530 | |
| https://support.apple.com/en-us/HT213531 | |
| https://support.apple.com/en-us/HT213536 | |
| https://support.apple.com/en-us/HT213537 | |
| http://seclists.org/fulldisclosure/2022/Dec/20 | mailing-list |
| http://seclists.org/fulldisclosure/2022/Dec/21 | mailing-list |
| http://seclists.org/fulldisclosure/2022/Dec/23 | mailing-list |
| http://seclists.org/fulldisclosure/2022/Dec/26 | mailing-list |
| http://seclists.org/fulldisclosure/2022/Dec/28 | mailing-list |
| http://seclists.org/fulldisclosure/2022/Dec/27 | mailing-list |
| https://security.gentoo.org/glsa/202305-32 |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | tvOS |
Affected:
unspecified , < 16.2
(custom)
|
|
| Apple | tvOS |
Affected:
unspecified , < 13.1
(custom)
|
|
| Apple | tvOS |
Affected:
unspecified , < 16.2
(custom)
|
|
| Apple | tvOS |
Affected:
unspecified , < 15.7
(custom)
|
|
| Apple | watchOS |
Affected:
unspecified , < 9.2
(custom)
|
|
| Apple | watchOS |
Affected:
unspecified , < 16.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:39:38.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213535"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213532"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213530"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213531"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213536"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213537"
},
{
"name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/20"
},
{
"name": "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/21"
},
{
"name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/23"
},
{
"name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/26"
},
{
"name": "20221220 APPLE-SA-2022-12-13-9 Safari 16.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/28"
},
{
"name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/27"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-32"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-46700",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-21T13:44:07.500802Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T13:44:37.601Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "9.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-30T05:10:04.366Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213535"
},
{
"url": "https://support.apple.com/en-us/HT213532"
},
{
"url": "https://support.apple.com/en-us/HT213530"
},
{
"url": "https://support.apple.com/en-us/HT213531"
},
{
"url": "https://support.apple.com/en-us/HT213536"
},
{
"url": "https://support.apple.com/en-us/HT213537"
},
{
"name": "20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/20"
},
{
"name": "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/21"
},
{
"name": "20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/23"
},
{
"name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/26"
},
{
"name": "20221220 APPLE-SA-2022-12-13-9 Safari 16.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/28"
},
{
"name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Dec/27"
},
{
"url": "https://security.gentoo.org/glsa/202305-32"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2022-46700",
"datePublished": "2022-12-15T00:00:00.000Z",
"dateReserved": "2022-12-07T00:00:00.000Z",
"dateUpdated": "2025-04-21T13:44:37.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23517 (GCVE-0-2023-23517)
Vulnerability from cvelistv5 – Published: 2023-02-27 00:00 – Updated: 2025-03-11 15:34
VLAI
EPSS
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution.
Severity
8.8 (High)
CWE
- Processing maliciously crafted web content may lead to arbitrary code execution
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://support.apple.com/en-us/HT213606 | |
| https://support.apple.com/en-us/HT213601 | |
| https://support.apple.com/en-us/HT213600 | |
| https://support.apple.com/en-us/HT213603 | |
| https://support.apple.com/en-us/HT213638 | |
| https://support.apple.com/en-us/HT213605 | |
| https://support.apple.com/en-us/HT213604 | |
| https://support.apple.com/en-us/HT213599 |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | iOS and iPadOS |
Affected:
unspecified , < 16.3
(custom)
|
|
| Apple | tvOS |
Affected:
unspecified , < 16.3
(custom)
|
|
| Apple | Safari |
Affected:
unspecified , < 16.3
(custom)
|
|
| Apple | macOS |
Affected:
unspecified , < 11.7
(custom)
|
|
| Apple | macOS |
Affected:
unspecified , < 13.2
(custom)
|
|
| Apple | macOS |
Affected:
unspecified , < 12.6
(custom)
|
|
| Apple | watchOS |
Affected:
unspecified , < 9.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:32.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213606"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213601"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213600"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213603"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213638"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213605"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213604"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213599"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-23517",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T15:34:25.623781Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T15:34:55.726Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "12.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "9.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to arbitrary code execution",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-27T03:46:19.142Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213606"
},
{
"url": "https://support.apple.com/en-us/HT213601"
},
{
"url": "https://support.apple.com/en-us/HT213600"
},
{
"url": "https://support.apple.com/en-us/HT213603"
},
{
"url": "https://support.apple.com/en-us/HT213638"
},
{
"url": "https://support.apple.com/en-us/HT213605"
},
{
"url": "https://support.apple.com/en-us/HT213604"
},
{
"url": "https://support.apple.com/en-us/HT213599"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2023-23517",
"datePublished": "2023-02-27T00:00:00.000Z",
"dateReserved": "2023-01-12T00:00:00.000Z",
"dateUpdated": "2025-03-11T15:34:55.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23518 (GCVE-0-2023-23518)
Vulnerability from cvelistv5 – Published: 2023-02-27 00:00 – Updated: 2025-03-11 15:33
VLAI
EPSS
Summary
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution.
Severity
8.8 (High)
CWE
- Processing maliciously crafted web content may lead to arbitrary code execution
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://support.apple.com/en-us/HT213606 | |
| https://support.apple.com/en-us/HT213601 | |
| https://support.apple.com/en-us/HT213600 | |
| https://support.apple.com/en-us/HT213603 | |
| https://support.apple.com/en-us/HT213638 | |
| https://support.apple.com/en-us/HT213605 | |
| https://support.apple.com/en-us/HT213604 | |
| https://support.apple.com/en-us/HT213599 |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | iOS and iPadOS |
Affected:
unspecified , < 16.3
(custom)
|
|
| Apple | tvOS |
Affected:
unspecified , < 16.3
(custom)
|
|
| Apple | Safari |
Affected:
unspecified , < 16.3
(custom)
|
|
| Apple | macOS |
Affected:
unspecified , < 11.7
(custom)
|
|
| Apple | macOS |
Affected:
unspecified , < 13.2
(custom)
|
|
| Apple | macOS |
Affected:
unspecified , < 12.6
(custom)
|
|
| Apple | watchOS |
Affected:
unspecified , < 9.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213606"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213601"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213600"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213603"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213638"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213605"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213604"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213599"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-23518",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T15:32:37.671148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T15:33:01.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "16.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "12.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "9.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to arbitrary code execution",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-27T03:45:42.051Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213606"
},
{
"url": "https://support.apple.com/en-us/HT213601"
},
{
"url": "https://support.apple.com/en-us/HT213600"
},
{
"url": "https://support.apple.com/en-us/HT213603"
},
{
"url": "https://support.apple.com/en-us/HT213638"
},
{
"url": "https://support.apple.com/en-us/HT213605"
},
{
"url": "https://support.apple.com/en-us/HT213604"
},
{
"url": "https://support.apple.com/en-us/HT213599"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2023-23518",
"datePublished": "2023-02-27T00:00:00.000Z",
"dateReserved": "2023-01-12T00:00:00.000Z",
"dateUpdated": "2025-03-11T15:33:01.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25358 (GCVE-0-2023-25358)
Vulnerability from cvelistv5 – Published: 2023-03-02 00:00 – Updated: 2025-03-07 15:58
VLAI
EPSS
Summary
A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely.
Severity
8.8 (High)
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://bugs.webkit.org/show_bug.cgi?id=242683 | |
| http://www.openwall.com/lists/oss-security/2023/04/21/3 | mailing-list |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://security.gentoo.org/glsa/202305-32 | vendor-advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:18:36.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.webkit.org/show_bug.cgi?id=242683"
},
{
"name": "[oss-security] 20230421 WebKitGTK and WPE WebKit Security Advisory WSA-2023-0003",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/21/3"
},
{
"name": "FEDORA-2023-5b61346bbe",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QL5OGMSHRQ26FTYWZUXVNWB2VHOSVXK/"
},
{
"name": "FEDORA-2023-a4bbf02a57",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OKKVEUQAAGH3NHMX3WHWKRPYU4QFKTQ/"
},
{
"name": "FEDORA-2023-8900b35c6f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KC7DMUX37BRCLAI4VPQYHDUVEGTNYN5A/"
},
{
"name": "GLSA-202305-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-32"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-25358",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T15:57:29.648084Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T15:58:48.730Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-30T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.webkit.org/show_bug.cgi?id=242683"
},
{
"name": "[oss-security] 20230421 WebKitGTK and WPE WebKit Security Advisory WSA-2023-0003",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/21/3"
},
{
"name": "FEDORA-2023-5b61346bbe",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QL5OGMSHRQ26FTYWZUXVNWB2VHOSVXK/"
},
{
"name": "FEDORA-2023-a4bbf02a57",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OKKVEUQAAGH3NHMX3WHWKRPYU4QFKTQ/"
},
{
"name": "FEDORA-2023-8900b35c6f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KC7DMUX37BRCLAI4VPQYHDUVEGTNYN5A/"
},
{
"name": "GLSA-202305-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-32"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-25358",
"datePublished": "2023-03-02T00:00:00.000Z",
"dateReserved": "2023-02-06T00:00:00.000Z",
"dateUpdated": "2025-03-07T15:58:48.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25360 (GCVE-0-2023-25360)
Vulnerability from cvelistv5 – Published: 2023-03-02 00:00 – Updated: 2025-03-07 16:12
VLAI
EPSS
Summary
A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows attackers to execute code remotely.
Severity
8.8 (High)
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://bugs.webkit.org/show_bug.cgi?id=242686 | |
| http://www.openwall.com/lists/oss-security/2023/04/21/3 | mailing-list |
| https://security.gentoo.org/glsa/202305-32 | vendor-advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:18:36.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.webkit.org/show_bug.cgi?id=242686"
},
{
"name": "[oss-security] 20230421 WebKitGTK and WPE WebKit Security Advisory WSA-2023-0003",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/21/3"
},
{
"name": "GLSA-202305-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-32"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-25360",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T16:11:53.679424Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T16:12:28.496Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows attackers to execute code remotely."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-30T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.webkit.org/show_bug.cgi?id=242686"
},
{
"name": "[oss-security] 20230421 WebKitGTK and WPE WebKit Security Advisory WSA-2023-0003",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/21/3"
},
{
"name": "GLSA-202305-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-32"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-25360",
"datePublished": "2023-03-02T00:00:00.000Z",
"dateReserved": "2023-02-06T00:00:00.000Z",
"dateUpdated": "2025-03-07T16:12:28.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25361 (GCVE-0-2023-25361)
Vulnerability from cvelistv5 – Published: 2023-03-02 00:00 – Updated: 2025-03-07 16:19
VLAI
EPSS
Summary
A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows attackers to execute code remotely.
Severity
8.8 (High)
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://bugs.webkit.org/show_bug.cgi?id=244249 | |
| http://www.openwall.com/lists/oss-security/2023/04/21/3 | mailing-list |
| https://security.gentoo.org/glsa/202305-32 | vendor-advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:18:36.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.webkit.org/show_bug.cgi?id=244249"
},
{
"name": "[oss-security] 20230421 WebKitGTK and WPE WebKit Security Advisory WSA-2023-0003",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/21/3"
},
{
"name": "GLSA-202305-32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-32"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-25361",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-07T16:19:05.964063Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T16:19:37.118Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows attackers to execute code remotely."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-30T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.webkit.org/show_bug.cgi?id=244249"
},
{
"name": "[oss-security] 20230421 WebKitGTK and WPE WebKit Security Advisory WSA-2023-0003",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/21/3"
},
{
"name": "GLSA-202305-32",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-32"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-25361",
"datePublished": "2023-03-02T00:00:00.000Z",
"dateReserved": "2023-02-06T00:00:00.000Z",
"dateUpdated": "2025-03-07T16:19:37.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…