Search for packages
| purl | pkg:deb/debian/wpewebkit@2.38.6-1~deb11u1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1xyg-spum-4baf
Aliases: CVE-2023-42956 |
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2. Processing web content may lead to a denial-of-service. |
Affected by 10 other vulnerabilities. |
|
VCID-23wt-7xjw-vuc2
Aliases: CVE-2023-42875 |
Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. The issue was addressed with improved memory handling. |
Affected by 10 other vulnerabilities. |
|
VCID-2pfx-b8x4-5bbd
Aliases: CVE-2024-44244 |
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may lead to an unexpected process crash. |
Affected by 10 other vulnerabilities. |
|
VCID-2zmm-ts7g-auhs
Aliases: CVE-2025-43211 |
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iPadOS 17.7.9, iOS 18.6 and iPadOS 18.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing web content may lead to a denial-of-service. |
Affected by 0 other vulnerabilities. |
|
VCID-4pyf-eyb2-yfcq
Aliases: CVE-2025-24158 |
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing web content may lead to a denial-of-service. |
Affected by 10 other vulnerabilities. |
|
VCID-4svd-p9v6-sbby
Aliases: CVE-2024-27820 |
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution. |
Affected by 10 other vulnerabilities. |
|
VCID-4t2u-54h2-2bes
Aliases: CVE-2025-24209 |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Processing maliciously crafted web content may lead to an unexpected process crash. |
Affected by 10 other vulnerabilities. |
|
VCID-4trd-avn1-k3gb
Aliases: CVE-2023-41993 |
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. |
Affected by 10 other vulnerabilities. |
|
VCID-53eh-h9e9-n3c2
Aliases: CVE-2025-24223 |
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption. |
Affected by 10 other vulnerabilities. |
|
VCID-5atm-grhu-9bf1
Aliases: CVE-2024-23254 |
The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin. |
Affected by 10 other vulnerabilities. |
|
VCID-5t19-r8ae-x3bs
Aliases: CVE-2024-27851 |
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing maliciously crafted web content may lead to arbitrary code execution. |
Affected by 10 other vulnerabilities. |
|
VCID-65rp-83sj-v3dz
Aliases: CVE-2023-40397 |
webkitgtk: arbitrary javascript code execution |
Affected by 10 other vulnerabilities. |
|
VCID-6h6t-82n5-eycb
Aliases: CVE-2024-40779 |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash. |
Affected by 10 other vulnerabilities. |
|
VCID-6vtn-1pj7-s3f3
Aliases: CVE-2025-24208 |
A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4. Loading a malicious iframe may lead to a cross-site scripting attack. |
Affected by 10 other vulnerabilities. |
|
VCID-6zm4-vrfe-d3ee
Aliases: CVE-2025-31278 |
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iPadOS 17.7.9, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. Processing maliciously crafted web content may lead to memory corruption. |
Affected by 0 other vulnerabilities. |
|
VCID-7hb1-augy-3yaw
Aliases: CVE-2024-44309 |
A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. |
Affected by 10 other vulnerabilities. |
|
VCID-7szj-rrup-qfgb
Aliases: CVE-2014-1745 |
Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object, related to core/svg/SVGFontFaceElement.cpp. |
Affected by 10 other vulnerabilities. |
|
VCID-82sr-v2b9-ckg5
Aliases: CVE-2024-27833 |
An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5. Processing maliciously crafted web content may lead to arbitrary code execution. |
Affected by 10 other vulnerabilities. |
|
VCID-8sa4-ms9x-qbbj
Aliases: CVE-2024-40789 |
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash. |
Affected by 10 other vulnerabilities. |
|
VCID-9b4e-vqe6-53ay
Aliases: CVE-2023-40414 |
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 10, iOS 17 and iPadOS 17, tvOS 17, macOS Sonoma 14, Safari 17. Processing web content may lead to arbitrary code execution. |
Affected by 10 other vulnerabilities. |
|
VCID-9qdk-3u7x-zbg6
Aliases: CVE-2024-44185 |
The issue was addressed with improved checks. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash. |
Affected by 10 other vulnerabilities. |
|
VCID-a6zn-rm2t-hkfy
Aliases: CVE-2023-28204 |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited. |
Affected by 10 other vulnerabilities. |
|
VCID-am5t-557y-fbca
Aliases: CVE-2023-38572 |
The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. A website may be able to bypass Same Origin Policy. |
Affected by 10 other vulnerabilities. |
|
VCID-aqaj-nuga-ayep
Aliases: CVE-2024-54534 |
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption. |
Affected by 10 other vulnerabilities. |
|
VCID-aqxj-d8qm-zffv
Aliases: CVE-2023-42883 |
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service. |
Affected by 10 other vulnerabilities. |
|
VCID-b4af-ehyw-3kcp
Aliases: CVE-2025-24189 |
The issue was addressed with improved checks. This issue is fixed in Safari 18.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to memory corruption. |
Affected by 10 other vulnerabilities. |
|
VCID-bcnp-p9jd-bqb6
Aliases: CVE-2023-41074 |
The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. |
Affected by 10 other vulnerabilities. |
|
VCID-bdmp-qmfz-k3c9
Aliases: CVE-2023-42843 |
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing. |
Affected by 10 other vulnerabilities. |
|
VCID-bn5v-9jn4-w7ag
Aliases: CVE-2023-42852 |
A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution. |
Affected by 10 other vulnerabilities. |
|
VCID-bqqq-jbnz-gufx
Aliases: CVE-2025-43212 |
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash. |
Affected by 0 other vulnerabilities. |
|
VCID-c3ku-wm5m-nucq
Aliases: CVE-2024-54658 |
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, Safari 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service. |
Affected by 10 other vulnerabilities. |
|
VCID-c7j8-9stv-vybz
Aliases: CVE-2025-43228 |
The issue was addressed with improved UI. This issue is fixed in iOS 18.6 and iPadOS 18.6, Safari 18. 6. Visiting a malicious website may lead to address bar spoofing. |
Affected by 0 other vulnerabilities. |
|
VCID-cazs-jjwq-3uh4
Aliases: CVE-2025-24216 |
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash. |
Affected by 10 other vulnerabilities. |
|
VCID-d821-dpzh-tub1
Aliases: CVE-2023-38600 |
The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution. |
Affected by 10 other vulnerabilities. |
|
VCID-e3mt-ugqx-rudw
Aliases: CVE-2024-40782 |
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash. |
Affected by 10 other vulnerabilities. |
|
VCID-een8-44f2-ybhf
Aliases: CVE-2025-24201 |
An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1, watchOS 11.4, iPadOS 17.7.6, iOS 16.7.11 and iPadOS 16.7.11, iOS 15.8.4 and iPadOS 15.8.4. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.). |
Affected by 10 other vulnerabilities. |
|
VCID-f1j1-6rf1-hyd7
Aliases: CVE-2024-44192 |
The issue was addressed with improved checks. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash. |
Affected by 10 other vulnerabilities. |
|
VCID-f37y-e6dq-duc2
Aliases: CVE-2025-24150 |
A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3. Copying a URL from Web Inspector may lead to command injection. |
Affected by 10 other vulnerabilities. |
|
VCID-fmsm-thfz-gkfk
Aliases: CVE-2024-23222 |
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited. |
Affected by 10 other vulnerabilities. |
|
VCID-g32t-hyzv-23fh
Aliases: CVE-2025-24162 |
This issue was addressed through improved state management. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to an unexpected process crash. |
Affected by 10 other vulnerabilities. |
|
VCID-ggp7-3m8t-zqbq
Aliases: CVE-2025-31206 |
A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash. |
Affected by 10 other vulnerabilities. |
|
VCID-gj97-4uhm-aydw
Aliases: CVE-2024-54505 |
A type confusion issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption. |
Affected by 10 other vulnerabilities. |
|
VCID-gxbb-yx6r-y3fs
Aliases: CVE-2023-32393 |
The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing web content may lead to arbitrary code execution. |
Affected by 10 other vulnerabilities. |
|
VCID-gyft-58f3-4udg
Aliases: CVE-2024-23271 |
A logic issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, Safari 17.3, tvOS 17.3, macOS Sonoma 14.3, watchOS 10.3. A malicious website may cause unexpected cross-origin behavior. |
Affected by 10 other vulnerabilities. |
|
VCID-h2ns-8hfj-pyeg
Aliases: CVE-2023-38599 |
A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information. |
Affected by 10 other vulnerabilities. |
|
VCID-hcpq-m5t8-bfga
Aliases: CVE-2025-31215 |
The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected process crash. |
Affected by 10 other vulnerabilities. |
|
VCID-heb9-9d3e-a7cn
Aliases: CVE-2025-43265 |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in Safari 18.6, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. Processing maliciously crafted web content may disclose internal states of the app. |
Affected by 0 other vulnerabilities. |
|
VCID-hh14-ef4f-dqet
Aliases: CVE-2023-32439 |
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Ventura 13.4.1, Safari 16.5.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. |
Affected by 10 other vulnerabilities. |
|
VCID-hwuz-cae8-kuc3
Aliases: CVE-2023-32370 |
A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. Content Security Policy to block domains with wildcards may fail. |
Affected by 10 other vulnerabilities. |
|
VCID-j72p-jrp9-8yew
Aliases: CVE-2024-23206 |
An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A maliciously crafted webpage may be able to fingerprint the user. |
Affected by 10 other vulnerabilities. |
|
VCID-j9e6-45q8-wqbp
Aliases: CVE-2023-32373 |
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. |
Affected by 10 other vulnerabilities. |
|
VCID-jttw-36z1-h3g9
Aliases: CVE-2023-38592 |
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6, tvOS 16.6, macOS Ventura 13.5. Processing web content may lead to arbitrary code execution. |
Affected by 10 other vulnerabilities. |
|
VCID-k1w3-r2w4-2ybc
Aliases: CVE-2024-40780 |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash. |
Affected by 10 other vulnerabilities. |
|
VCID-k5ax-dz9v-q3f3
Aliases: CVE-2024-54551 |
The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.6, tvOS 17.6, Safari 17.6, macOS Sonoma 14.6, visionOS 1.3, iOS 17.6 and iPadOS 17.6. Processing web content may lead to a denial-of-service. |
Affected by 10 other vulnerabilities. |
|
VCID-k734-sd62-fbeg
Aliases: CVE-2023-32359 |
webkitgtk: User password may be read aloud by a text-to-speech accessibility feature |
Affected by 10 other vulnerabilities. |
|
VCID-kch5-8swx-qub6
Aliases: CVE-2023-39928 |
A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability. |
Affected by 10 other vulnerabilities. |
|
VCID-kfn2-9yvt-k7av
Aliases: CVE-2024-54543 |
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.2, tvOS 18.2, Safari 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing maliciously crafted web content may lead to memory corruption. |
Affected by 10 other vulnerabilities. |
|
VCID-kh8b-a2kd-5yhm
Aliases: CVE-2024-40785 |
This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to a cross site scripting attack. |
Affected by 10 other vulnerabilities. |
|
VCID-khkx-343s-bfb5
Aliases: CVE-2024-54479 |
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash. |
Affected by 10 other vulnerabilities. |
|
VCID-khnc-r7cn-13d6
Aliases: CVE-2024-23284 |
A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. |
Affected by 10 other vulnerabilities. |
|
VCID-ksgy-zrvt-13hq
Aliases: CVE-2025-43240 |
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, Safari 18. 6. A download's origin may be incorrectly associated. |
Affected by 0 other vulnerabilities. |
|
VCID-kvdf-hbzd-5fat
Aliases: CVE-2025-24143 |
The issue was addressed with improved access restrictions to the file system. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. A maliciously crafted webpage may be able to fingerprint the user. |
Affected by 10 other vulnerabilities. |
|
VCID-kw77-vx9x-yubs
Aliases: CVE-2024-27856 |
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, tvOS 17.5, visionOS 1.2. Processing a file may lead to unexpected app termination or arbitrary code execution. |
Affected by 10 other vulnerabilities. |
|
VCID-mksj-1m6k-2yfh
Aliases: CVE-2023-42917 |
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. |
Affected by 10 other vulnerabilities. |
|
VCID-n2cd-aq8b-nudw
Aliases: CVE-2023-42890 |
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution. |
Affected by 10 other vulnerabilities. |
|
VCID-n9uz-k6fk-7fdj
Aliases: CVE-2023-38597 |
The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution. |
Affected by 10 other vulnerabilities. |
|
VCID-ntuf-rkzm-ekam
Aliases: CVE-2024-54502 |
The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash. |
Affected by 10 other vulnerabilities. |
|
VCID-nwzv-5yc9-abdr
Aliases: CVE-2025-6558 |
Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
Affected by 0 other vulnerabilities. |
|
VCID-p59v-db45-hqae
Aliases: CVE-2023-38594 |
The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution. |
Affected by 10 other vulnerabilities. |
|
VCID-p9x9-898h-qbfw
Aliases: CVE-2024-54467 |
A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin. |
Affected by 10 other vulnerabilities. |
|
VCID-pdxk-rjfx-xfct
Aliases: CVE-2025-30427 |
A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash. |
Affected by 10 other vulnerabilities. |
|
VCID-peh7-z9u8-3qgy
Aliases: CVE-2023-41983 |
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web content may lead to a denial-of-service. |
Affected by 10 other vulnerabilities. |
|
VCID-phgg-akm7-eyac
Aliases: CVE-2025-24264 |
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash. |
Affected by 10 other vulnerabilities. |
|
VCID-pr7k-su8x-73a9
Aliases: CVE-2024-44308 |
The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. |
Affected by 10 other vulnerabilities. |
|
VCID-ptwk-zkwr-tfbf
Aliases: CVE-2023-38611 |
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution. |
Affected by 10 other vulnerabilities. |
|
VCID-pys4-dhns-rkfv
Aliases: CVE-2023-35074 |
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. |
Affected by 10 other vulnerabilities. |
|
VCID-pzcq-2xr9-n7ec
Aliases: CVE-2024-27838 |
The issue was addressed by adding additional logic. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user. |
Affected by 10 other vulnerabilities. |
|
VCID-qur8-hdkj-tuhy
Aliases: CVE-2024-27834 |
The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. |
Affected by 10 other vulnerabilities. |
|
VCID-r323-w2qc-3bdh
Aliases: CVE-2025-31205 |
The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. A malicious website may exfiltrate data cross-origin. |
Affected by 10 other vulnerabilities. |
|
VCID-s2ng-5vb3-s3bf
Aliases: CVE-2023-37450 |
The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. |
Affected by 10 other vulnerabilities. |
|
VCID-s58u-h61h-yqes
Aliases: CVE-2023-38133 |
The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may disclose sensitive information. |
Affected by 10 other vulnerabilities. |
|
VCID-spqs-yxz2-hqc5
Aliases: CVE-2024-40794 |
This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, Safari 17.6. Private Browsing tabs may be accessed without authentication. |
Affected by 10 other vulnerabilities. |
|
VCID-srwt-sx8p-s7bg
Aliases: CVE-2023-40451 |
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code. |
Affected by 10 other vulnerabilities. |
|
VCID-svw8-cgjr-r7by
Aliases: CVE-2023-39434 |
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. |
Affected by 10 other vulnerabilities. |
|
VCID-t3vb-qhya-6ybx
Aliases: CVE-2025-31273 |
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may lead to memory corruption. |
Affected by 0 other vulnerabilities. |
|
VCID-tm7v-m1d3-tuap
Aliases: CVE-2024-27808 |
The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution. |
Affected by 10 other vulnerabilities. |
|
VCID-uj9u-3qrx-vkcu
Aliases: CVE-2023-38595 |
The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution. |
Affected by 10 other vulnerabilities. |
|
VCID-ukah-bp2y-bkd6
Aliases: CVE-2024-44187 |
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin. |
Affected by 10 other vulnerabilities. |
|
VCID-ukfv-y47s-j3cz
Aliases: CVE-2025-43227 |
This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may disclose sensitive user information. |
Affected by 0 other vulnerabilities. |
|
VCID-un99-mchg-effd
Aliases: CVE-2024-40866 |
The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar spoofing. |
Affected by 10 other vulnerabilities. |
|
VCID-urzh-a5j6-53hn
Aliases: CVE-2023-42950 |
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution. |
Affected by 10 other vulnerabilities. |
|
VCID-v9pt-xsk5-aybr
Aliases: CVE-2023-28198 |
webkitgtk: use after free vulnerability |
Affected by 10 other vulnerabilities. |
|
VCID-w4xs-ygm6-b7gu
Aliases: CVE-2023-32435 |
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7. |
Affected by 10 other vulnerabilities. |
|
VCID-wbu7-jgfp-6fd3
Aliases: CVE-2025-24213 |
This issue was addressed with improved handling of floats. This issue is fixed in tvOS 18.5, Safari 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, watchOS 11.5, visionOS 2.5. A type confusion issue could lead to memory corruption. |
Affected by 10 other vulnerabilities. |
|
VCID-x4ww-ehfv-63cq
Aliases: CVE-2024-4558 |
Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
Affected by 10 other vulnerabilities. |
|
VCID-x6ef-mn8c-fbdc
Aliases: CVE-2023-42916 |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. |
Affected by 10 other vulnerabilities. |
|
VCID-xt7n-vwqs-6kf5
Aliases: CVE-2025-31204 |
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption. |
Affected by 10 other vulnerabilities. |
|
VCID-xwp9-yhvn-qyh7
Aliases: CVE-2025-43216 |
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 18.6, watchOS 11.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, tvOS 18.6, macOS Sequoia 15.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash. |
Affected by 0 other vulnerabilities. |
|
VCID-xx48-ju7v-4ydx
Aliases: CVE-2024-44296 |
The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, watchOS 11.1, visionOS 2.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. |
Affected by 10 other vulnerabilities. |
|
VCID-y1nq-qtc2-3ybc
Aliases: CVE-2023-32409 |
The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited. |
Affected by 10 other vulnerabilities. |
|
VCID-y2zq-yuds-dbdd
Aliases: CVE-2024-54508 |
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash. |
Affected by 10 other vulnerabilities. |
|
VCID-yqn2-6tdd-pfce
Aliases: CVE-2024-40776 |
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash. |
Affected by 10 other vulnerabilities. |
|
VCID-z43y-5b52-yuey
Aliases: CVE-2025-31257 |
This issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash. |
Affected by 10 other vulnerabilities. |
|
VCID-z4n8-xquq-xkaz
Aliases: CVE-2023-42970 |
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. Processing web content may lead to arbitrary code execution. |
Affected by 10 other vulnerabilities. |
|
VCID-zeew-y1p9-3kf5
Aliases: CVE-2024-23263 |
A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. |
Affected by 10 other vulnerabilities. |
|
VCID-zshv-184r-gyay
Aliases: CVE-2024-23213 |
The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. Processing web content may lead to arbitrary code execution. |
Affected by 10 other vulnerabilities. |
|
VCID-zwpx-cc9e-h7cn
Aliases: CVE-2024-23280 |
An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user. |
Affected by 10 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||