Vulnerability-Lookup

alsa-2024:9636

Vulnerability from osv_almalinux

Published

2024-11-14 00:00

Modified

2024-11-15 12:47

Summary

Important: webkit2gtk3 security update

Details

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

chromium-browser: Use after free in ANGLE (CVE-2024-4558)
webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)
webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)
webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)
webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)
webkitgtk: Visiting a malicious website may lead to address bar spoofing (CVE-2024-40866)
webkitgtk: A malicious website may cause unexpected cross-origin behavior (CVE-2024-23271)
webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)
webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2024-27838)
webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)
webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2024-44187)
webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44185)
webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44244)
webkitgtk: webkit2gtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2024-44296)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:9636	ADVISORY
	https://access.redhat.com/security/cve/CVE-2024-23271	REPORT
	https://access.redhat.com/security/cve/CVE-2024-27820	REPORT
	https://access.redhat.com/security/cve/CVE-2024-27838	REPORT
	https://access.redhat.com/security/cve/CVE-2024-27851	REPORT
	https://access.redhat.com/security/cve/CVE-2024-40779	REPORT
	https://access.redhat.com/security/cve/CVE-2024-40780	REPORT
	https://access.redhat.com/security/cve/CVE-2024-40782	REPORT
	https://access.redhat.com/security/cve/CVE-2024-40789	REPORT
	https://access.redhat.com/security/cve/CVE-2024-40866	REPORT
	https://access.redhat.com/security/cve/CVE-2024-44185	REPORT
	https://access.redhat.com/security/cve/CVE-2024-44187	REPORT
	https://access.redhat.com/security/cve/CVE-2024-44244	REPORT
	https://access.redhat.com/security/cve/CVE-2024-44296	REPORT
	https://access.redhat.com/security/cve/CVE-2024-4558	REPORT
	https://bugzilla.redhat.com/2279689	REPORT
	https://bugzilla.redhat.com/2302067	REPORT
	https://bugzilla.redhat.com/2302069	REPORT
	https://bugzilla.redhat.com/2302070	REPORT
	https://bugzilla.redhat.com/2302071	REPORT
	https://bugzilla.redhat.com/2312724	REPORT
	https://bugzilla.redhat.com/2314696	REPORT
	https://bugzilla.redhat.com/2314698	REPORT
	https://bugzilla.redhat.com/2314702	REPORT
	https://bugzilla.redhat.com/2314704	REPORT
	https://bugzilla.redhat.com/2314706	REPORT
	https://bugzilla.redhat.com/2323263	REPORT
	https://bugzilla.redhat.com/2323278	REPORT
	https://bugzilla.redhat.com/2323289	REPORT
	https://errata.almalinux.org/8/ALSA-2024-9636.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.46.3-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.46.3-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3-jsc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.46.3-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3-jsc-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.46.3-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.  \n\nSecurity Fix(es):  \n\n  * chromium-browser: Use after free in ANGLE (CVE-2024-4558)\n  * webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)\n  * webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)\n  * webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)\n  * webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)\n  * webkitgtk: Visiting a malicious website may lead to address bar spoofing (CVE-2024-40866)\n  * webkitgtk: A malicious website may cause unexpected cross-origin behavior (CVE-2024-23271)\n  * webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)\n  * webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2024-27838)\n  * webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)\n  * webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2024-44187)\n  * webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44185)\n  * webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44244)\n  * webkitgtk: webkit2gtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2024-44296)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2024:9636",
  "modified": "2024-11-15T12:47:22Z",
  "published": "2024-11-14T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:9636"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-23271"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-27820"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-27838"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-27851"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-40779"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-40780"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-40782"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-40789"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-40866"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-44185"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-44187"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-44244"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-44296"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-4558"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2279689"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2302067"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2302069"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2302070"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2302071"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2312724"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2314696"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2314698"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2314702"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2314704"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2314706"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2323263"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2323278"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2323289"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2024-9636.html"
    }
  ],
  "related": [
    "CVE-2024-4558",
    "CVE-2024-40789",
    "CVE-2024-40780",
    "CVE-2024-40779",
    "CVE-2024-40782",
    "CVE-2024-40866",
    "CVE-2024-23271",
    "CVE-2024-27820",
    "CVE-2024-27838",
    "CVE-2024-27851",
    "CVE-2024-44187",
    "CVE-2024-44185",
    "CVE-2024-44244",
    "CVE-2024-44296"
  ],
  "summary": "Important: webkit2gtk3 security update"
}

CVE-2024-44187 (GCVE-0-2024-44187)

Vulnerability from cvelistv5 – Published: 2024-09-16 23:23 – Updated: 2026-04-02 18:24

Summary

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE

A malicious website may exfiltrate data cross-origin

Assigner

apple

References

6 references

URL	Tags
https://support.apple.com/en-us/121238
https://support.apple.com/en-us/121240
https://support.apple.com/en-us/121241
https://support.apple.com/en-us/121248
https://support.apple.com/en-us/121249
https://support.apple.com/en-us/121250

Impacted products

6 products

Vendor	Product	Version
Apple	Safari	Affected: 0 , < 18 (custom)
Apple	iOS and iPadOS	Affected: 0 , < 18 (custom)
Apple	macOS	Affected: 0 , < 15 (custom)
Apple	tvOS	Affected: 0 , < 18 (custom)
Apple	visionOS	Affected: 0 , < 2 (custom)
Apple	watchOS	Affected: 0 , < 11 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-44187",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-17T13:44:18.458972Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-346",
                "description": "CWE-346 Origin Validation Error",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-14T15:25:26.428Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T16:15:32.974Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00019.html"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Sep/37"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Sep/36"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Sep/33"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Sep/32"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "15",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "visionOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "11",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A cross-origin issue existed with \"iframe\" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "A malicious website may exfiltrate data cross-origin",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T18:24:29.919Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/121238"
        },
        {
          "url": "https://support.apple.com/en-us/121240"
        },
        {
          "url": "https://support.apple.com/en-us/121241"
        },
        {
          "url": "https://support.apple.com/en-us/121248"
        },
        {
          "url": "https://support.apple.com/en-us/121249"
        },
        {
          "url": "https://support.apple.com/en-us/121250"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2024-44187",
    "datePublished": "2024-09-16T23:23:16.230Z",
    "dateReserved": "2024-08-20T21:42:05.933Z",
    "dateUpdated": "2026-04-02T18:24:29.919Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-44244 (GCVE-0-2024-44244)

Vulnerability from cvelistv5 – Published: 2024-10-28 21:08 – Updated: 2026-04-02 18:16

Summary

A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 18.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing maliciously crafted web content may lead to an unexpected process crash.

Severity

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE

Processing maliciously crafted web content may lead to an unexpected process crash

Assigner

apple

References

6 references

URL	Tags
https://support.apple.com/en-us/121563
https://support.apple.com/en-us/121564
https://support.apple.com/en-us/121565
https://support.apple.com/en-us/121566
https://support.apple.com/en-us/121569
https://support.apple.com/en-us/121571

Impacted products

6 products

Vendor	Product	Version
Apple	Safari	Affected: 0 , < 18.1 (custom)
Apple	iOS and iPadOS	Affected: 0 , < 18.1 (custom)
Apple	macOS	Affected: 0 , < 15.1 (custom)
Apple	tvOS	Affected: 0 , < 18.1 (custom)
Apple	visionOS	Affected: 0 , < 2.1 (custom)
Apple	watchOS	Affected: 0 , < 11.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 4.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-44244",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T19:39:31.901741Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-06T14:39:33.635Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:09:35.268Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00019.html"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Oct/19"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Oct/15"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Oct/11"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Oct/9"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "15.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "visionOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "2.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "11.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 18.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing maliciously crafted web content may lead to an unexpected process crash."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing maliciously crafted web content may lead to an unexpected process crash",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T18:16:55.139Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/121563"
        },
        {
          "url": "https://support.apple.com/en-us/121564"
        },
        {
          "url": "https://support.apple.com/en-us/121565"
        },
        {
          "url": "https://support.apple.com/en-us/121566"
        },
        {
          "url": "https://support.apple.com/en-us/121569"
        },
        {
          "url": "https://support.apple.com/en-us/121571"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2024-44244",
    "datePublished": "2024-10-28T21:08:08.850Z",
    "dateReserved": "2024-08-20T21:45:40.785Z",
    "dateUpdated": "2026-04-02T18:16:55.139Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-44296 (GCVE-0-2024-44296)

Vulnerability from cvelistv5 – Published: 2024-10-28 21:07 – Updated: 2026-04-02 18:09

Summary

The issue was addressed with improved checks. This issue is fixed in Safari 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

Severity

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CWE

Processing maliciously crafted web content may prevent Content Security Policy from being enforced

Assigner

apple

References

7 references

URL	Tags
https://support.apple.com/en-us/121563
https://support.apple.com/en-us/121564
https://support.apple.com/en-us/121565
https://support.apple.com/en-us/121566
https://support.apple.com/en-us/121567
https://support.apple.com/en-us/121569
https://support.apple.com/en-us/121571

Impacted products

6 products

Vendor	Product	Version
Apple	Safari	Affected: 0 , < 18.1 (custom)
Apple	iOS and iPadOS	Affected: 0 , < 17.7.1 (custom) Affected: 0 , < 18.1 (custom)
Apple	macOS	Affected: 0 , < 15.1 (custom)
Apple	tvOS	Affected: 0 , < 18.1 (custom)
Apple	visionOS	Affected: 0 , < 2.1 (custom)
Apple	watchOS	Affected: 0 , < 11.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-44296",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T14:21:50.331169Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T14:28:44.955Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:13:04.385Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00019.html"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Oct/19"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Oct/16"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Oct/11"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Oct/9"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.7.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "18.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "15.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "visionOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "2.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "11.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The issue was addressed with improved checks. This issue is fixed in Safari 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing maliciously crafted web content may prevent Content Security Policy from being enforced."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing maliciously crafted web content may prevent Content Security Policy from being enforced",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T18:09:19.823Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/121563"
        },
        {
          "url": "https://support.apple.com/en-us/121564"
        },
        {
          "url": "https://support.apple.com/en-us/121565"
        },
        {
          "url": "https://support.apple.com/en-us/121566"
        },
        {
          "url": "https://support.apple.com/en-us/121567"
        },
        {
          "url": "https://support.apple.com/en-us/121569"
        },
        {
          "url": "https://support.apple.com/en-us/121571"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2024-44296",
    "datePublished": "2024-10-28T21:07:47.126Z",
    "dateReserved": "2024-08-20T21:45:40.798Z",
    "dateUpdated": "2026-04-02T18:09:19.823Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-4558 (GCVE-0-2024-4558)

Vulnerability from cvelistv5 – Published: 2024-05-07 19:02 – Updated: 2025-11-04 17:26

Summary

Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Use after free

Assigner

Chrome

References

10 references

URL	Tags
https://chromereleases.googleblog.com/2024/05/sta…
https://issues.chromium.org/issues/337766133
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
http://seclists.org/fulldisclosure/2024/Jul/16
http://seclists.org/fulldisclosure/2024/Jul/15
http://seclists.org/fulldisclosure/2024/Jul/18

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: 124.0.6367.155 , < 124.0.6367.155 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "chrome",
            "vendor": "google",
            "versions": [
              {
                "lessThan": "124.0.6367.155",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-4558",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-09T04:00:46.590652Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:56:02.234Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:26:57.915Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_7.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://issues.chromium.org/issues/337766133"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FAWEKDQTHPN7NFEMLIWP7YMIZ2DHF36N/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BWFSZNNWSQYDRYKNLBDGEXXKMBXDYQ3F/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jul/16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jul/15"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Jul/18"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00006.html"
          },
          {
            "url": "https://support.apple.com/kb/HT214121"
          },
          {
            "url": "https://support.apple.com/kb/HT214119"
          },
          {
            "url": "https://support.apple.com/kb/HT214117"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "124.0.6367.155",
              "status": "affected",
              "version": "124.0.6367.155",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use after free",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-30T00:06:13.867Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_7.html"
        },
        {
          "url": "https://issues.chromium.org/issues/337766133"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FAWEKDQTHPN7NFEMLIWP7YMIZ2DHF36N/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BWFSZNNWSQYDRYKNLBDGEXXKMBXDYQ3F/"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jul/16"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jul/15"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/Jul/18"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2024-4558",
    "datePublished": "2024-05-07T19:02:22.673Z",
    "dateReserved": "2024-05-06T18:32:23.603Z",
    "dateUpdated": "2025-11-04T17:26:57.915Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

alsa-2024:9636

Vulnerability from osv_almalinux

CVE-2024-44187 (GCVE-0-2024-44187)

CVE-2024-44244 (GCVE-0-2024-44244)

CVE-2024-44296 (GCVE-0-2024-44296)

CVE-2024-4558 (GCVE-0-2024-4558)

Tags

Sightings

Nomenclature