Debian Webkit2Gtk vulnerabilities

CVE-2024-54502 [MEDIUM] CVE-2024-54502: webkit2gtk - The issue was addressed with improved checks. This issue is fixed in Safari 18.2... The issue was addressed with improved checks. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.46.5-1~deb12u1) bullseye: resolved (fixed in 2.46.5-1

CVE-2024-40780 [MEDIUM] CVE-2024-40780: webkit2gtk - An out-of-bounds read was addressed with improved bounds checking. This issue is... An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.44.3-1~deb12u1) bu

CVE-2024-23280 [MEDIUM] CVE-2024-23280: webkit2gtk - An injection issue was addressed with improved validation. This issue is fixed i... An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A maliciously crafted webpage may be able to fingerprint the user. Scope: local bookworm: resolved (fixed in 2.44.1-1~deb12u1) bullseye: resolved (fixed in 2.44.1-1~deb11u1) forky: resolved (fixed i

CVE-2024-23206 [MEDIUM] CVE-2024-23206: webkit2gtk - An access issue was addressed with improved access restrictions. This issue is f... An access issue was addressed with improved access restrictions. This issue is fixed in Safari 17.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. A maliciously crafted webpage may be able to fingerprint the user. Scope: local bookworm: resolved (fixed in 2.42.5-1~deb12u1) bullseye: resolved (fixed in 2.42.5

CVE-2024-40789 [MEDIUM] CVE-2024-40789: webkit2gtk - An out-of-bounds access issue was addressed with improved bounds checking. This ... An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.44.3-1~deb

CVE-2024-40866 [MEDIUM] CVE-2024-40866: webkit2gtk - The issue was addressed with improved UI. This issue is fixed in Safari 18, macO... The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar spoofing. Scope: local bookworm: resolved (fixed in 2.46.0-2~deb12u1) bullseye: resolved (fixed in 2.46.3-1~deb11u2) forky: resolved (fixed in 2.46.0-1) sid: resolved (fixed in 2.46.0-1) trixie: resolved (fixed in 2.

CVE-2024-44309 [MEDIUM] CVE-2024-44309: webkit2gtk - A cookie management issue was addressed with improved state management. This iss... A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, iOS 18.1.1 and iPadOS 18.1.1, macOS Sequoia 15.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exp

CVE-2024-23284 [MEDIUM] CVE-2024-23284: webkit2gtk - A logic issue was addressed with improved state management. This issue is fixed ... A logic issue was addressed with improved state management. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Scope: local bookworm: resolved (fixed in 2.44.1-1~de

CVE-2024-40785 [MEDIUM] CVE-2024-40785: webkit2gtk - This issue was addressed with improved checks. This issue is fixed in Safari 17.... This issue was addressed with improved checks. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to a cross site scripting attack. Scope: local bookworm: resolved (fixed in 2.44.3-1~deb12u1) bullseye: resolved (

CVE-2024-23254 [MEDIUM] CVE-2024-23254: webkit2gtk - The issue was addressed with improved UI handling. This issue is fixed in Safari... The issue was addressed with improved UI handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. A malicious website may exfiltrate audio data cross-origin. Scope: local bookworm: resolved (fixed in 2.44.1-1~deb12u1) bullseye: resolved (fixed in 2.44.1-1~deb11u1) forky: resolved (fixed in

CVE-2024-44296 [MEDIUM] CVE-2024-44296: webkit2gtk - The issue was addressed with improved checks. This issue is fixed in Safari 18.1... The issue was addressed with improved checks. This issue is fixed in Safari 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Scope: local bookworm: resolved (fixed in 2.46.3-1~deb12u1) bullse

CVE-2024-54658 [MEDIUM] CVE-2024-54658: webkit2gtk - The issue was addressed with improved memory handling. This issue is fixed in Sa... The issue was addressed with improved memory handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing web content may lead to a denial-of-service. Scope: local bookworm: resolved (fixed in 2.44.1-1~deb12u1) bullseye: resolved (fixed in 2.44.1-1~deb11u1) forky: resolved (fixed in

CVE-2024-40776 [MEDIUM] CVE-2024-40776: webkit2gtk - A use-after-free issue was addressed with improved memory management. This issue... A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.44.3-1~deb12u1)

CVE-2024-40779 [MEDIUM] CVE-2024-40779: webkit2gtk - An out-of-bounds read was addressed with improved bounds checking. This issue is... An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.44.3-1~deb12u1) bu

CVE-2024-54467 [MEDIUM] CVE-2024-54467: webkit2gtk - A cookie management issue was addressed with improved state management. This iss... A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin. Scope: local bookworm: resolved (fixed in 2.48.0-1~deb12u1) bullseye: resolved (fixed in 2.48.3-1~deb11u1) forky: resolved (fixed

CVE-2024-23271 [MEDIUM] CVE-2024-23271: webkit2gtk - A logic issue was addressed with improved checks. This issue is fixed in Safari ... A logic issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. A malicious website may cause unexpected cross-origin behavior. Scope: local bookworm: resolved (fixed in 2.42.5-1~deb12u1) bullseye: resolved (fixed in 2.42.5-1~deb11u1) forky: resolved (fixed in 2.42.5-1)

CVE-2024-44244 [MEDIUM] CVE-2024-44244: webkit2gtk - A memory corruption issue was addressed with improved input validation. This iss... A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 18.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.46.3-1~deb12u1) bullseye: resolved (fixed

CVE-2024-44187 [MEDIUM] CVE-2024-44187: webkit2gtk - A cross-origin issue existed with "iframe" elements. This was addressed with imp... A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin. Scope: local bookworm: resolved (fixed in 2.46.0-2~deb12u1) bullseye: resolved (fixed

CVE-2024-44185 [MEDIUM] CVE-2024-44185: webkit2gtk - The issue was addressed with improved checks. This issue is fixed in Safari 17.6... The issue was addressed with improved checks. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted web content may lead to an unexpected process crash. Scope: local bookworm: resolved (fixed in 2.46.0-2~deb12u1) bullseye: resolved (fixed in 2.46.3-1~deb11u2) forky:

CVE-2024-27834 [MEDIUM] CVE-2024-27834: webkit2gtk - The issue was addressed with improved checks. This issue is fixed in Safari 17.5... The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, watchOS 10.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Scope: local bookworm: resolved (fixed in 2.44.2-1~deb12u1) bullseye: resolved (fi