CVSS: 8.1EPSS: 1%CPEs: 30EXPL: 0CVE-2024-23263 – webkit: processing malicious web content prevents Content Security Policy from being enforced
https://notcve.org/view.php?id=CVE-2024-23263
08 Mar 2024 — A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Se abordó un problema de lógica con una validación mejorada. Este problema se solucionó en tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 y iPadOS 17.4, watchOS 10.4, iOS 16.7.6 y iPadOS 16.7.6, Safari ... • http://seclists.org/fulldisclosure/2024/Mar/20 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 2%CPEs: 34EXPL: 0CVE-2024-23280 – webkit: maliciously crafted webpage may be able to fingerprint the user
https://notcve.org/view.php?id=CVE-2024-23280
08 Mar 2024 — An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user. Se solucionó un problema de inyección con una validación mejorada. Este problema se solucionó en Safari 17.4, macOS Sonoma 14.4, iOS 17.4 y iPadOS 17.4, watchOS 10.4, tvOS 17.4. • http://seclists.org/fulldisclosure/2024/Mar/20 •
CVSS: 7.8EPSS: 1%CPEs: 32EXPL: 0CVE-2024-23254 – webkit: malicious website may exfiltrate audio data cross-origin
https://notcve.org/view.php?id=CVE-2024-23254
08 Mar 2024 — The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin. El problema se solucionó mejorando el manejo de la interfaz de usuario. Este problema se solucionó en tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 y iPadOS 17.4, watchOS 10.4, Safari 17.4. • http://seclists.org/fulldisclosure/2024/Mar/20 •
CVSS: 7.8EPSS: 1%CPEs: 29EXPL: 0CVE-2024-23284 – webkit: processing maliciously crafted web content prevents Content Security Policy from being enforced
https://notcve.org/view.php?id=CVE-2024-23284
08 Mar 2024 — A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Se abordó una cuestión de lógica con una mejor gestión de estado. Este problema se solucionó en tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 y iPadOS 17.4, watchOS 10.4, iOS 16.7.6 y iPadOS 16.7... • http://seclists.org/fulldisclosure/2024/Mar/20 • CWE-693: Protection Mechanism Failure •
CVSS: 8.6EPSS: 0%CPEs: 8EXPL: 0CVE-2024-23246 – Apple Security Advisory 03-07-2024-7
https://notcve.org/view.php?id=CVE-2024-23246
08 Mar 2024 — This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to break out of its sandbox. Este problema se solucionó eliminando el código vulnerable. Este problema se solucionó en macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 y iPadOS 17.4, watchOS 10.4, iOS 16.7.6 y iPadOS 16.7.6, tvOS 17.4. • http://seclists.org/fulldisclosure/2024/Mar/21 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 0CVE-2023-42843 – webkit: visiting a malicious website may lead to address bar spoofing
https://notcve.org/view.php?id=CVE-2023-42843
21 Feb 2024 — An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing. Se solucionó un problema de interfaz de usuario inconsistente con una gestión de estado mejorada. Este problema se solucionó en iOS 16.7.2 y iPadOS 16.7.2, iOS 17.1 y iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. • http://www.openwall.com/lists/oss-security/2024/03/26/1 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 10.0EPSS: 2%CPEs: 13EXPL: 0CVE-2023-42917 – Apple Multiple Products WebKit Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2023-42917
30 Nov 2023 — A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. Se solucionó una vulnerabilidad de corrupción de memoria con un bloqueo mejorado. • http://seclists.org/fulldisclosure/2023/Dec/12 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 1%CPEs: 13EXPL: 0CVE-2023-42916 – Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2023-42916
30 Nov 2023 — An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. Se solucionó una lectura fuera de los límites con una validación de entrada mejorada. • http://seclists.org/fulldisclosure/2023/Dec/12 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2023-39928 – webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports
https://notcve.org/view.php?id=CVE-2023-39928
06 Oct 2023 — A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability. Existe una vulnerabilidad de use-after-free en la API MediaRecorder de Webkit WebKitGTK 2.40.5. Una página web especialmente manipulada puede aprovechar esta vulnerabilidad para provocar daños en la memoria y ejec... • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL • CWE-416: Use After Free •
CVSS: 10.0EPSS: 4%CPEs: 3EXPL: 0CVE-2023-40397 – webkitgtk: arbitrary javascript code execution
https://notcve.org/view.php?id=CVE-2023-40397
06 Sep 2023 — The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution. El problema se solucionó mejorando las comprobaciones. Este problema se solucionó en macOS Ventura 13.5. • http://www.openwall.com/lists/oss-security/2023/09/11/1 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •