CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-54658 – webkitgtk: Processing web content may lead to a denial-of-service
https://notcve.org/view.php?id=CVE-2024-54658
10 Feb 2025 — The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, Safari 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service. A flaw was found in WebKitGTK. Processing malicious web content can cause a denial of service due to improper memory handling. • https://support.apple.com/en-us/120881 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-24126 – Apple Security Advisory 01-27-2025-8
https://notcve.org/view.php?id=CVE-2025-24126
27 Jan 2025 — An input validation issue was addressed. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An attacker on the local network may be able to cause unexpected system termination or corrupt process memory. macOS Sequoia 15.3 addresses buffer overflow, bypass, code execution, information leakage, integer overflow, null pointer, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122066 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-54523
https://notcve.org/view.php?id=CVE-2024-54523
27 Jan 2025 — The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, tvOS 18.2, iOS 18.2 and iPadOS 18.2. An app may be able to corrupt coprocessor memory. • https://support.apple.com/en-us/121837 • CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-54542
https://notcve.org/view.php?id=CVE-2024-54542
27 Jan 2025 — An authentication issue was addressed with improved state management. This issue is fixed in Safari 18.2, macOS Sequoia 15.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2. Private Browsing tabs may be accessed without authentication. • https://support.apple.com/en-us/121837 • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2025-24150 – webkitgtk: Copying a URL from Web Inspector may lead to command injection
https://notcve.org/view.php?id=CVE-2025-24150
27 Jan 2025 — A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3. Copying a URL from Web Inspector may lead to command injection. A flaw was found in WebKitGTK. Copying a URL from Web Inspector may lead to command injection due to improper file handling. • https://support.apple.com/en-us/122066 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-24107 – Apple Security Advisory 01-27-2025-8
https://notcve.org/view.php?id=CVE-2025-24107
27 Jan 2025 — A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.3, tvOS 18.3, watchOS 11.3, iOS 18.3 and iPadOS 18.3. A malicious app may be able to gain root privileges. macOS Sequoia 15.3 addresses buffer overflow, bypass, code execution, information leakage, integer overflow, null pointer, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122066 • CWE-276: Incorrect Default Permissions •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 0CVE-2024-54543 – webkitgtk: Processing maliciously crafted web content may lead to memory corruption
https://notcve.org/view.php?id=CVE-2024-54543
27 Jan 2025 — The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.2, tvOS 18.2, Safari 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing maliciously crafted web content may lead to memory corruption. A flaw was found in WebKitGTK. Processing malicious web content can cause memory corruption due to improper memory handling. • https://support.apple.com/en-us/121837 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-54522
https://notcve.org/view.php?id=CVE-2024-54522
27 Jan 2025 — The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, tvOS 18.2, iOS 18.2 and iPadOS 18.2. An app may be able to corrupt coprocessor memory. • https://support.apple.com/en-us/121837 • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2024-54488
https://notcve.org/view.php?id=CVE-2024-54488
27 Jan 2025 — A logic issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.7.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sonoma 14.7.2, macOS Sequoia 15.2. Photos in the Hidden Photos Album may be viewed without authentication. • https://support.apple.com/en-us/121837 • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2025-24127 – Apple Security Advisory 01-27-2025-8
https://notcve.org/view.php?id=CVE-2025-24127
27 Jan 2025 — The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination. macOS Sequoia 15.3 addresses buffer overflow, bypass, code execution, information leakage, integer overflow, null pointer, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122066 • CWE-770: Allocation of Resources Without Limits or Throttling •