CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 0CVE-2024-54534 – webkit: Processing maliciously crafted web content may lead to memory corruption
https://notcve.org/view.php?id=CVE-2024-54534
11 Dec 2024 — The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption. A flaw was found in WebKitGTK. Processing malicious web content can cause memory corruption due to improper memory handling. iPadOS 17.7.6 addresses buffer overflow, out of bounds read, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/121837 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 12EXPL: 0CVE-2024-54505 – webkit: Processing maliciously crafted web content may lead to memory corruption
https://notcve.org/view.php?id=CVE-2024-54505
11 Dec 2024 — A type confusion issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption. A flaw was found in WebKitGTK. Processing malicious web content can trigger a type confusion issue due to improper memory handling, causing memory corruption. • https://support.apple.com/en-us/121837 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-44246 – Apple Security Advisory 12-11-2024-3
https://notcve.org/view.php?id=CVE-2024-44246
11 Dec 2024 — The issue was addressed with improved routing of Safari-originated requests. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, Safari 18.2, iPadOS 17.7.3. On a device with Private Relay enabled, adding a website to the Safari Reading List may reveal the originating IP address to the website. macOS Sequoia 15.2 addresses bypass, code execution, and out of bounds access vulnerabilities. • https://support.apple.com/en-us/121837 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2024-54508 – webkit: Processing maliciously crafted web content may lead to an unexpected process crash
https://notcve.org/view.php?id=CVE-2024-54508
11 Dec 2024 — The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash. A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling, resulting in a denial of service. • https://support.apple.com/en-us/121837 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2024-54479 – WebKitGTK: Processing maliciously crafted web content may lead to an unexpected process crash
https://notcve.org/view.php?id=CVE-2024-54479
11 Dec 2024 — The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash. A flaw was found in webkitgtk. In affected versions of this package, processing maliciously crafted web content may lead to an unexpected process crash. • https://support.apple.com/en-us/121837 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2024-44212
https://notcve.org/view.php?id=CVE-2024-44212
11 Dec 2024 — A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1, visionOS 2.1, tvOS 18.1, iOS 18.1 and iPadOS 18.1, watchOS 11.1. Cookies belonging to one origin may be sent to another origin. • https://support.apple.com/en-us/121563 • CWE-346: Origin Validation Error •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2024-44308 – Apple Multiple Products Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-44308
19 Nov 2024 — The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. The following vulnerabilities have been discovered in the WebKitGTK web engine. • https://github.com/migopp/cve-2024-44308 •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-44155 – Apple Security Advisory 10-28-2024-2
https://notcve.org/view.php?id=CVE-2024-44155
28 Oct 2024 — A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 18, iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, watchOS 11, iOS 18 and iPadOS 18. Maliciously crafted web content may violate iframe sandboxing policy. iOS 17.7.1 and iPadOS 17.7.1 addresses buffer overflow, information leakage, and out of bounds read vulnerabilities. • https://support.apple.com/en-us/121238 •
CVSS: 5.0EPSS: 0%CPEs: 24EXPL: 0CVE-2024-44244 – webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash
https://notcve.org/view.php?id=CVE-2024-44244
28 Oct 2024 — A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1. Processing maliciously crafted web content may lead to an unexpected process crash. A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1, macOS Sequoia 15.1, Safari 18.1. • https://support.apple.com/en-us/121563 • CWE-787: Out-of-bounds Write CWE-788: Access of Memory Location After End of Buffer •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2024-44259 – Apple Security Advisory 10-28-2024-3
https://notcve.org/view.php?id=CVE-2024-44259
28 Oct 2024 — This issue was addressed through improved state management. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1. An attacker may be able to misuse a trust relationship to download malicious content. This issue was addressed through improved state management. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, Safari 18.1. • https://support.apple.com/en-us/121563 •