434 matches found
CVE-2024-27804
CVE-2024-27804 affects Apple platforms (iOS 17.5/iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5). The issue is described as improved memory handling that may allow an app to execute arbitrary code with kernel privileges. Affected component/behavior: memory handling in the kernel space. I...
CVE-2025-6965
CVE-2025-6965 affects SQLite prior to 3.50.2, where the number of aggregate terms could exceed available columns, causing a memory corruption issue. The description in the Initial document notes upgrading to 3.50.2 or newer as the recommended fix. Connected documents corroborate the vulnerability...
CVE-2025-14174
CVE-2025-14174 = Out-of-bounds memory access in ANGLE within Google Chrome on macOS prior to 143.0.7499.110. A remote attacker could trigger memory access errors via a crafted HTML page. Affected software: Google Chrome on macOS; vulnerable component: ANGLE. Impact: high enough to potentially ena...
CVE-2024-23222
Summary (CVE-2024-23222) : A type confusion vulnerability in Apple WebKit leads to arbitrary code execution when processing malicious web content. The issue affects multiple Apple platforms and is fixed in versions listed by the sources: iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, and...
CVE-2025-24201
CVE-2025-24201 is a WebKit/WebKitGTK issue described in connected advisories as an out-of-bounds write that allowed breaking out of the Web Content sandbox. Root cause: out-of-bounds write in WebKit. Impact: potential sandbox breakout affecting Apple WebKit-based products (Safari, iOS/iPadOS 18.x...
CVE-2025-24158
CVE-2025-24158 is a memory-handling issue in WebKitGTK/WebKit2GTK that may allow processing web content to cause a denial-of-service. Remediations are versioned updates: for WebKitGTK/WebKit2GTK we see fixes in Debian (webkit2gtk 2.46.6-1~deb12u1 / 2.46.6-1~deb11u1) and in AL2/AL8 advisories (web...
CVE-2025-24159
Summary: CVE-2025-24159 is a kernel-level validation issue that may allow an app to execute arbitrary code with kernel privileges. Affected platforms (per provided docs): iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Impac...
CVE-2025-43413
CVE-2025-43413 describes an access issue whereby a sandboxed app could observe system-wide network connections. Apple fixed this by applying additional sandbox restrictions in multiple platforms and versions: tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7....
CVE-2025-24154
CVE-2025-24154 is an out-of-bounds write that Apple fixed by improving input validation. Affected OS versions include macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3, iPadOS 18.3, and macOS Sequoia 15.3. The issue could allow an attacker to cause an unexpected system termination...
CVE-2025-24149
CVE-2025-24149 is an out-of-bounds read resolved by Apple through improved bounds checking. Affected products/versions include iPadOS 17.7.4, iOS 18.3; macOS Ventura 13.7.3, macOS Sonoma 14.7.3, macOS Sequoia 15.3; visionOS 2.3; watchOS 11.3; and tvOS 18.3. The issue could lead to disclosure of u...
CVE-2025-24085
CVE-2025-24085 is a use-after-free in CoreMedia that could allow privilege escalation. It affects Apple platforms (visionOS, iOS, iPadOS, macOS, watchOS, tvOS) and is fixed in the following releases: visionOS 2.3; iOS 18.3; iPadOS 18.3; macOS Sequoia 15.3; watchOS 11.3; tvOS 18.3. The associated ...
CVE-2025-24123
CVE-2025-24123 affects multiple Apple OSes where parsing a file could cause an unexpected app termination. According to the document, the issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, and tvOS ...
CVE-2024-23225
CVE-2024-23225 is a memory-corruption vulnerability in Apple’s kernel that could allow an attacker with local access and kernel read/write capabilities to bypass kernel memory protections. The issue is addressed by patches in iOS 16.7.6 / iPadOS 16.7.6 and iOS 17.4 / iPadOS 17.4. Apple’s advisory...
CVE-2024-44308
CVE-2024-44308 affects WebKit-derived components (Apple WebKit in Safari and WebKitGTK/WebKit2GTK for Linux). The issue, caused by improper handling of maliciously crafted web content, can lead to arbitrary code execution. Public details in the Apple advisory cite a fix in Safari 18.1.1, iOS 18.1...
CVE-2025-31200
CVE-2025-31200 affects Apple’s CoreAudio, specifically the AudioConverterService AAC decoder, where a memory corruption issue can lead to code execution when processing a malicious audio stream. Affected products include iOS, iPadOS, macOS, and related OSes prior to the patch, with fixes implemen...
CVE-2024-54478
CVE-2024-54478 is an out-of-bounds access vulnerability in Apple’s ICU component that affects multiple Apple platforms. The issue arises when processing malicious web content, potentially causing an unexpected process crash. Affected products include iPadOS, iPadOS 18.2, iOS 18.2, visionOS, tvOS,...
CVE-2025-24252
CVE-2025-24252 is a use-after-free vulnerability in Apple’s AirPlay ecosystem that has multiple PoCs and public PoCs outlining crash/RCe and sandbox-escape chains. Public materials describe a local-network attacker potentially exploiting mDNS/AirPlay services to trigger remote code execution or s...
CVE-2025-24124
CVE-2025-24124 affects several Apple platforms. The vulnerability involves a parsing issue that may cause an unexpected app termination. Mitigation is available via updates: iPadOS 17.7.4, iOS 18.3, iPadOS 18.3, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, macOS Sequoia 15.3, visionOS 2.3, watchOS ...
CVE-2025-6558
CVE-2025-6558 involves insufficient validation of untrusted input in ANGLE and GPU within Google Chrome, enabling a remote attacker to potentially escape the sandbox via a crafted HTML page. Connected sources specify Chrome components ANGLE and GPU as affected, with the patch previously shipped i...
CVE-2024-44309
CVE-2024-44309 concerns a cookie management issue in Apple environments. The root cause is improper state management that can enable cross-site scripting when processing malicious web content. Affected products/versions include Safari 18.1.1, iOS 17.7.2, iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 1...
CVE-2024-23296
CVE-2024-23296 is associated with RTKit in Apple platforms (notably macOS Monterey lineage in the Apple security content). The vulnerability is described as a memory corruption issue that could allow an attacker with kernel read/write capability to bypass kernel memory protections. Apple’s note i...
CVE-2025-43200
Apple CVE-2025-43200 is a logic issue in processing a maliciously crafted photo or video shared via an iCloud Link that affects iOS, iPadOS, macOS, watchOS, and visionOS. The issue has been fixed in a broad set of updates (watchOS 11.3.1; macOS Ventura 13.7.4; iOS 15.8.4, 16.7.11, 17.7.5, 18.3.1;...
CVE-2024-54551
CVE-2024-54551 is a denial-of-service vulnerability in web content processing within WebKit-based components. The connected documents indicate the issue is addressed by memory-handling improvements and fixes in specific Apple platforms: watchOS 10.6, tvOS 17.6, Safari 17.6, macOS Sonoma 14.6, vis...
CVE-2024-54658
CVE-2024-54658 is a memory-handling issue in processing web content that can lead to a denial-of-service. The primary public description states the fix is in Apple software: iOS 17.4 and iPadOS 17.4, Safari 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, and macOS Sonoma 14.4. The vulnerability is m...
CVE-2025-31201
CVE-2025-31201 is an Apple vulnerability that enables an attacker with arbitrary read/write capability to bypass Pointer Authentication. The issue is tied to the RPAC path and is fixed in iOS/iPadOS 18.4.1, tvOS 18.4.1, visionOS 2.4.1, and macOS Sequoia 15.4.1. Public records note high severity (...
CVE-2025-31205
CVE-2025-31205 targets WebKitGTK/WebKit components across multiple platforms. Affected: WebKitGTK/WebKit-based browsers using the GTK toolkit; vulnerability allows a malicious website to exfiltrate data cross-origin. Root cause: cross-origin data leakage via processing/execution paths in web cont...
CVE-2025-24126
CVE-2025-24126 describes an input validation issue in AirPlay across Apple platforms. The vulnerability allows a local-network actor to cause an unexpected termination or memory corruption. Patches are provided in visionOS 2.3, iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, and tvOS 18....
CVE-2024-54534
CVE-2024-54534 is an Apple memory-corruption issue triggered by processing malicious web content. Public details in connected documents show the vulnerability affects multiple Apple platforms (watchOS, visionOS, tvOS, macOS, Safari, iOS, iPadOS) and is mitigated by memory-management fixes. Fixed ...
CVE-2025-30427
CVE-2025-30427 is a use-after-free vulnerability in processing maliciously crafted web content that may lead to an unexpected Safari crash. Affected in multiple Apple platforms; fixes are implemented in visionOS 2.4, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, and Safari 18.4. Debian...
CVE-2025-43529
CVE-2025-43529 is a WebKitGTK use-after-free vulnerability. The connected advisories show WebKitGTK/WebKit issues (CVE-2025-43529) causing memory corruption or DoS via processing crafted web content, with the AL2 advisories listing affected package webkitgtk4 and a fix in webkitgtk4-2.50.4-1.amzn...
CVE-2024-23286
CVE-2024-23286 concerns a buffer overflow fix tied to memory handling in Apple platforms. Affected components/versions (as stated): macOS Monterey 12.7.4; macOS Ventura 13.6.5; macOS Sonoma 14.4; visionOS 1.1; iOS 17.4 and iPadOS 17.4; watchOS 10.4; iOS 16.7.6 and iPadOS 16.7.6; tvOS 17.4. Underl...
CVE-2025-31257
CVE-2025-31257 affects WebKit/WebKitGTK components used by Safari across Apple platforms. The issue is described as a memory handling problem that may cause a crash when processing maliciously crafted web content. Concrete fixes exist in watchOS 11.5, tvOS 18.5, iOS 18.5, iPadOS 18.5, macOS Sequo...
CVE-2024-44192
CVE-2024-44192 affects WebKitGTK/WebKitGTK4 (webkitgtk and webkitgtk4). The issue is described as processing maliciously crafted web content may lead to an unexpected process crash. Public reports in connected docs confirm Debian LTS (DLA-4218-1) fix WebKitGTK 2.48.3-1~deb11u1, and Amazon Linux/A...
CVE-2025-24162
CVE-2025-24162 is linked to WebKitGTK/WebKit-derived components in multiple platforms. Connected sources indicate the root cause is improved state management, addressing processing maliciously crafted web content that previously could cause an unexpected process crash. Affected products include v...
CVE-2025-24216
CVE-2025-24216 is an Apple WebKit vulnerability: processing malicious web content may cause an unexpected Safari crash. Public records indicate fixes in visionOS 2.4, tvOS 18.4, iPadOS 18.4, iOS 18.4, macOS Sequoia 15.4, and Safari 18.4. The connected documents confirm this CVE within the WebKit/...
CVE-2025-24264
CVE-2025-24264 affects WebKitGTK/WebKitGTK4: processing malicious web content may cause an unexpected crash in Safari; fixed in Apple platforms (visionOS 2.4, Safari 18.4, etc.) and in WebKitGTK packages across distros (Debian: webkit2gtk 2.48.x; Fedora/Amazon Linux advisories) by upgrading to pa...
CVE-2025-24163
CVE-2025-24163 affects Apple platforms and has been fixed in multiple OS updates (iOS/iPadOS 18.3, macOS Sonoma 14.7.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3, iPadOS 17.7.4, visionOS 2.3). The issue is described as: Parsing a file may lead to an unexpected app termination in CoreAudio. Conn...
CVE-2024-23284
CVE-2024-23284 concerns a logic issue in WebKitGTK/WebKit rendering where processing maliciously crafted web content may prevent Content Security Policy (CSP) from being enforced. The connected sources show the same vulnerability across multiple distributions (e.g., Debian webkit2gtk advisories a...
CVE-2024-23263
CVE-2024-23263 is a WebKitGTK/WebKitGTK4 vulnerability observed in multiple Linux package advisories (webkit2gtk, webkitgtk4) and Debian Fedora Amazon Linux updates. The issue arises from processing maliciously crafted web content that may prevent Content Security Policy from being enforced. Conn...
CVE-2024-44187
Summary of CVE-2024-44187 (Cross-origin iframe data exfiltration) A cross-origin issue existed involving iframe elements in WebKitGTK/WebKit2GTK, allowing a malicious site to exfiltrate data across origins. The root cause is stated as inadequate tracking of security origins for iframes. Affected ...
CVE-2024-54543
CVE-2024-54543 is a memory corruption flaw in WebKit when processing maliciously crafted web content. Apple’s advisories enumerate fixed products/versions: visionOS 2.2, tvOS 18.2, Safari 18.2, watchOS 11.2, iOS 18.2, iPadOS 18.2, macOS Sequoia 15.2. Connected sources (e.g., WebKit GTK deployment...
CVE-2024-27856
CVE-2024-27856 affects the WebKitGTK/ WebKit component used by Apple platforms in the provided set (macOS, iOS, iPadOS, watchOS, tvOS, visionOS). The description across connected advisories states the issue can cause an unexpected app termination or arbitrary code execution when processing a file...
CVE-2024-23226
CVE-2024-23226 affects Apple OS stack and is about improper memory handling during processing of web content, leading to arbitrary code execution. Connected advisories corroborate the issue and note fixes in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4, iPadOS 17.4, watchOS 10.4, and tvOS 17.4. The ...
CVE-2024-54479
CVE-2024-54479 is documented in Debian security advisories as affecting WebKitGTK/webkit2gtk, where processing maliciously crafted web content may lead to an unexpected process crash. Debian reports this under webkit2gtk in both Debian 11 (bookworm) and LTS context, fixed in webkit2gtk version 2....
CVE-2024-54505
CVE-2024-54505 is a memory corruption vulnerability in WebKitGTK (WebKit2GTK) caused by a type confusion when processing malicious web content. Public advisories confirm fixes in WebKitGTK/WebKit packages: Debian 11 bullseye 2.46.5-1~deb11u1 and Debian 12 bookworm 2.46.5-1~deb12u1; AlmaLinux 8/9 ...
CVE-2025-24189
CVE-2025-24189 is a memory corruption vulnerability in processing malicious web content that is fixed in Safari 18.3, visionOS 2.3, iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3 and tvOS 18.3. Affected WebKit components are the WebKitGTK/WebKitGTK4 family in Linux distributions (per SUS...
CVE-2025-24143
CVE-2025-24143 is a fingerprinting vulnerability involving WebKit-derived components. The core issue appears to be insufficient access restrictions to the local file system, allowing a malicious webpage to fingerprint the user. Apple patched this in macOS Sequoia 15.3, Safari 18.3, iOS 18.3, iPad...
CVE-2024-23254
CVE-2024-23254 concerns WebKit/WebKitGTK components where a malicious website could exfiltrate audio data cross-origin. The initial entry notes the issue is fixed in Apple platforms: tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4, iPadOS 17.4, watchOS 10.4, and Safari 17.4. Public disclosur...
CVE-2024-54502
CVE-2024-54502 is a WebKitGTK/WebKit-based issue where processing maliciously crafted web content could cause an unexpected process crash. Publicly provided connected documents confirm this CVE is discussed across multiple advisories and platforms, with fixes released in various vendor updates. A...
CVE-2024-54508
CVE-2024-54508 affects WebKitGTK (webkit2gtk). The issue arises from processing maliciously crafted web content and can lead to an unexpected process crash; memory-related impact is also indicated in related entries. Public advisories confirm fixes in WebKitGTK/WebKit2GTK packages across distribu...