CVSS: 9.8EPSS: 0%CPEs: 42EXPL: 0CVE-2024-40782 – webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management
https://notcve.org/view.php?id=CVE-2024-40782
29 Jul 2024 — A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash. A flaw was found in WebKitGTK. Processing malicious web content can trigger a use-after-free issue due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service. • https://support.apple.com/en-us/HT214121 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-40829
https://notcve.org/view.php?id=CVE-2024-40829
29 Jul 2024 — The issue was addressed with improved checks. This issue is fixed in watchOS 10.6, iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8. An attacker may be able to view restricted content from the lock screen. • https://support.apple.com/en-us/HT214117 •
CVSS: 6.2EPSS: 0%CPEs: 10EXPL: 0CVE-2024-40788
https://notcve.org/view.php?id=CVE-2024-40788
29 Jul 2024 — A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. A local attacker may be able to cause unexpected system shutdown. • https://support.apple.com/en-us/HT214117 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.5EPSS: 0%CPEs: 36EXPL: 0CVE-2024-40780 – webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking
https://notcve.org/view.php?id=CVE-2024-40780
29 Jul 2024 — An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash. A flaw was found in WebKitGTK. Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service. • https://support.apple.com/en-us/HT214121 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-40396
https://notcve.org/view.php?id=CVE-2023-40396
29 Jul 2024 — The issue was addressed with improved memory handling. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17. An app may be able to execute arbitrary code with kernel privileges. • https://support.apple.com/en-us/HT213936 •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-27810
https://notcve.org/view.php?id=CVE-2024-27810
13 May 2024 — A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to read sensitive location information. Se solucionó un problema de manejo de rutas con una validación mejorada. Este problema se solucionó en iOS 17.5 y iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. • http://seclists.org/fulldisclosure/2024/May/10 • CWE-28: Path Traversal: '..\filedir' •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-27816
https://notcve.org/view.php?id=CVE-2024-27816
13 May 2024 — A logic issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker may be able to access user data. Se solucionó un problema de lógica con controles mejorados. Este problema se solucionó en iOS 17.5 y iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. • http://seclists.org/fulldisclosure/2024/May/10 •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2024-27821
https://notcve.org/view.php?id=CVE-2024-27821
13 May 2024 — A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A shortcut may output sensitive user data without consent. Se solucionó un problema de manejo de rutas con una validación mejorada. Este problema se solucionó en iOS 17.5 y iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. • https://github.com/0xilis/CVE-2024-27821 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27818
https://notcve.org/view.php?id=CVE-2024-27818
13 May 2024 — The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An attacker may be able to cause unexpected app termination or arbitrary code execution. El problema se solucionó mejorando el manejo de la memoria. Este problema se solucionó en iOS 17.5 y iPadOS 17.5, macOS Sonoma 14.5. • http://seclists.org/fulldisclosure/2024/May/10 •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-23228
https://notcve.org/view.php?id=CVE-2024-23228
24 Apr 2024 — This issue was addressed through improved state management. This issue is fixed in iOS 17.3 and iPadOS 17.3. Locked Notes content may have been unexpectedly unlocked. Esta cuestión se abordó mediante una mejor gestión de estado. Este problema se solucionó en iOS 17.3 y iPadOS 17.3. • https://support.apple.com/en-us/HT214059 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •