csaf_redhat - rhsa-2025:7998

rhsa-2025:7998

Vulnerability from csaf_redhat

Published

2025-05-19 16:24

Modified

2025-07-29 10:01

Summary

Red Hat Security Advisory: Updated Red Hat OpenShift Dev Spaces 3 container images

Notes

Topic

Updated Red Hat OpenShift Dev Spaces 3.20 container images are now available

Details

The Red Hat OpenShift Dev Spaces 3 container images have been updated to address the following security advisory: RHSA-2025:3713 (see References) Users of Red Hat OpenShift Dev Spaces 3 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images. You can find images updated by this advisory in Red Hat Container Catalog (see References).

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated Red Hat OpenShift Dev Spaces 3.20 container images are now available",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The Red Hat OpenShift Dev Spaces 3 container images have been updated to address the following security advisory: RHSA-2025:3713 (see References)\n\nUsers of Red Hat OpenShift Dev Spaces 3 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.\n\nYou can find images updated by this advisory in Red Hat Container Catalog (see References).",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:7998",
        "url": "https://access.redhat.com/errata/RHSA-2025:7998"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/errata/RHSA-2025:3713",
        "url": "https://access.redhat.com/errata/RHSA-2025:3713"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/containers",
        "url": "https://access.redhat.com/containers"
      },
      {
        "category": "external",
        "summary": "2353871",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353871"
      },
      {
        "category": "external",
        "summary": "2357911",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357911"
      },
      {
        "category": "external",
        "summary": "2357917",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357917"
      },
      {
        "category": "external",
        "summary": "2357919",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357919"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_7998.json"
      }
    ],
    "title": "Red Hat Security Advisory: Updated Red Hat OpenShift Dev Spaces 3 container images",
    "tracking": {
      "current_release_date": "2025-07-29T10:01:35+00:00",
      "generator": {
        "date": "2025-07-29T10:01:35+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.5"
        }
      },
      "id": "RHSA-2025:7998",
      "initial_release_date": "2025-05-19T16:24:24+00:00",
      "revision_history": [
        {
          "date": "2025-05-19T16:24:24+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-05-19T16:24:24+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-07-29T10:01:35+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Dev Spaces 3",
                "product": {
                  "name": "Red Hat OpenShift Dev Spaces 3",
                  "product_id": "9Base-RHOSDS-3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift_devspaces:3::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Dev Spaces"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "devspaces/pluginregistry-rhel9@sha256:e932cdd89984a74879127f6af0f6c14ef0cda80beb7782b590eca653d4d34b1e_s390x",
                "product": {
                  "name": "devspaces/pluginregistry-rhel9@sha256:e932cdd89984a74879127f6af0f6c14ef0cda80beb7782b590eca653d4d34b1e_s390x",
                  "product_id": "devspaces/pluginregistry-rhel9@sha256:e932cdd89984a74879127f6af0f6c14ef0cda80beb7782b590eca653d4d34b1e_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/pluginregistry-rhel9@sha256:e932cdd89984a74879127f6af0f6c14ef0cda80beb7782b590eca653d4d34b1e?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel9\u0026tag=3.20-8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/udi-base-rhel9@sha256:384f0ed8cd2c69b51b4b881fae31130353d84321cfb894c7c8ef20a21b65db49_s390x",
                "product": {
                  "name": "devspaces/udi-base-rhel9@sha256:384f0ed8cd2c69b51b4b881fae31130353d84321cfb894c7c8ef20a21b65db49_s390x",
                  "product_id": "devspaces/udi-base-rhel9@sha256:384f0ed8cd2c69b51b4b881fae31130353d84321cfb894c7c8ef20a21b65db49_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/udi-base-rhel9@sha256:384f0ed8cd2c69b51b4b881fae31130353d84321cfb894c7c8ef20a21b65db49?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel9\u0026tag=3.20-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/udi-rhel9@sha256:08534bf299826c9b5572373b4418a3607ba722c1bcee2c9b208da4fc2082010b_s390x",
                "product": {
                  "name": "devspaces/udi-rhel9@sha256:08534bf299826c9b5572373b4418a3607ba722c1bcee2c9b208da4fc2082010b_s390x",
                  "product_id": "devspaces/udi-rhel9@sha256:08534bf299826c9b5572373b4418a3607ba722c1bcee2c9b208da4fc2082010b_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/udi-rhel9@sha256:08534bf299826c9b5572373b4418a3607ba722c1bcee2c9b208da4fc2082010b?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/udi-rhel9\u0026tag=3.20-11"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "devspaces/pluginregistry-rhel9@sha256:0490a4d2b6d27d513047e7425efd22227b8971ebab2c89a39ba2c26ecccada12_amd64",
                "product": {
                  "name": "devspaces/pluginregistry-rhel9@sha256:0490a4d2b6d27d513047e7425efd22227b8971ebab2c89a39ba2c26ecccada12_amd64",
                  "product_id": "devspaces/pluginregistry-rhel9@sha256:0490a4d2b6d27d513047e7425efd22227b8971ebab2c89a39ba2c26ecccada12_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/pluginregistry-rhel9@sha256:0490a4d2b6d27d513047e7425efd22227b8971ebab2c89a39ba2c26ecccada12?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel9\u0026tag=3.20-8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/udi-base-rhel9@sha256:0d7ddae5a233822061f01d08649403f1bbe1e78179f337e8820bfc10dc83895e_amd64",
                "product": {
                  "name": "devspaces/udi-base-rhel9@sha256:0d7ddae5a233822061f01d08649403f1bbe1e78179f337e8820bfc10dc83895e_amd64",
                  "product_id": "devspaces/udi-base-rhel9@sha256:0d7ddae5a233822061f01d08649403f1bbe1e78179f337e8820bfc10dc83895e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/udi-base-rhel9@sha256:0d7ddae5a233822061f01d08649403f1bbe1e78179f337e8820bfc10dc83895e?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel9\u0026tag=3.20-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/udi-rhel9@sha256:bf863f4a19a1757641c4cd3a93bed3d2fcc821a975282bbb1c96b962546c25cb_amd64",
                "product": {
                  "name": "devspaces/udi-rhel9@sha256:bf863f4a19a1757641c4cd3a93bed3d2fcc821a975282bbb1c96b962546c25cb_amd64",
                  "product_id": "devspaces/udi-rhel9@sha256:bf863f4a19a1757641c4cd3a93bed3d2fcc821a975282bbb1c96b962546c25cb_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/udi-rhel9@sha256:bf863f4a19a1757641c4cd3a93bed3d2fcc821a975282bbb1c96b962546c25cb?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/udi-rhel9\u0026tag=3.20-11"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "devspaces/pluginregistry-rhel9@sha256:26982c23aeae1ec80516c5e837c157c1cbe8327420d0b05140dbca7b39112bc5_ppc64le",
                "product": {
                  "name": "devspaces/pluginregistry-rhel9@sha256:26982c23aeae1ec80516c5e837c157c1cbe8327420d0b05140dbca7b39112bc5_ppc64le",
                  "product_id": "devspaces/pluginregistry-rhel9@sha256:26982c23aeae1ec80516c5e837c157c1cbe8327420d0b05140dbca7b39112bc5_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/pluginregistry-rhel9@sha256:26982c23aeae1ec80516c5e837c157c1cbe8327420d0b05140dbca7b39112bc5?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel9\u0026tag=3.20-8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/udi-base-rhel9@sha256:b794ad0c9273c941eac5314cd886036c7fb5c5c46736dee498811c30671ac490_ppc64le",
                "product": {
                  "name": "devspaces/udi-base-rhel9@sha256:b794ad0c9273c941eac5314cd886036c7fb5c5c46736dee498811c30671ac490_ppc64le",
                  "product_id": "devspaces/udi-base-rhel9@sha256:b794ad0c9273c941eac5314cd886036c7fb5c5c46736dee498811c30671ac490_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/udi-base-rhel9@sha256:b794ad0c9273c941eac5314cd886036c7fb5c5c46736dee498811c30671ac490?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel9\u0026tag=3.20-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/udi-rhel9@sha256:cc3ea50e54e2c957276934876d20d0be25d7fef4d41c8693b9ca0c0a70d4ab92_ppc64le",
                "product": {
                  "name": "devspaces/udi-rhel9@sha256:cc3ea50e54e2c957276934876d20d0be25d7fef4d41c8693b9ca0c0a70d4ab92_ppc64le",
                  "product_id": "devspaces/udi-rhel9@sha256:cc3ea50e54e2c957276934876d20d0be25d7fef4d41c8693b9ca0c0a70d4ab92_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/udi-rhel9@sha256:cc3ea50e54e2c957276934876d20d0be25d7fef4d41c8693b9ca0c0a70d4ab92?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/udi-rhel9\u0026tag=3.20-11"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/pluginregistry-rhel9@sha256:0490a4d2b6d27d513047e7425efd22227b8971ebab2c89a39ba2c26ecccada12_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:0490a4d2b6d27d513047e7425efd22227b8971ebab2c89a39ba2c26ecccada12_amd64"
        },
        "product_reference": "devspaces/pluginregistry-rhel9@sha256:0490a4d2b6d27d513047e7425efd22227b8971ebab2c89a39ba2c26ecccada12_amd64",
        "relates_to_product_reference": "9Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/pluginregistry-rhel9@sha256:26982c23aeae1ec80516c5e837c157c1cbe8327420d0b05140dbca7b39112bc5_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:26982c23aeae1ec80516c5e837c157c1cbe8327420d0b05140dbca7b39112bc5_ppc64le"
        },
        "product_reference": "devspaces/pluginregistry-rhel9@sha256:26982c23aeae1ec80516c5e837c157c1cbe8327420d0b05140dbca7b39112bc5_ppc64le",
        "relates_to_product_reference": "9Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/pluginregistry-rhel9@sha256:e932cdd89984a74879127f6af0f6c14ef0cda80beb7782b590eca653d4d34b1e_s390x as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:e932cdd89984a74879127f6af0f6c14ef0cda80beb7782b590eca653d4d34b1e_s390x"
        },
        "product_reference": "devspaces/pluginregistry-rhel9@sha256:e932cdd89984a74879127f6af0f6c14ef0cda80beb7782b590eca653d4d34b1e_s390x",
        "relates_to_product_reference": "9Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/udi-base-rhel9@sha256:0d7ddae5a233822061f01d08649403f1bbe1e78179f337e8820bfc10dc83895e_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:0d7ddae5a233822061f01d08649403f1bbe1e78179f337e8820bfc10dc83895e_amd64"
        },
        "product_reference": "devspaces/udi-base-rhel9@sha256:0d7ddae5a233822061f01d08649403f1bbe1e78179f337e8820bfc10dc83895e_amd64",
        "relates_to_product_reference": "9Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/udi-base-rhel9@sha256:384f0ed8cd2c69b51b4b881fae31130353d84321cfb894c7c8ef20a21b65db49_s390x as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:384f0ed8cd2c69b51b4b881fae31130353d84321cfb894c7c8ef20a21b65db49_s390x"
        },
        "product_reference": "devspaces/udi-base-rhel9@sha256:384f0ed8cd2c69b51b4b881fae31130353d84321cfb894c7c8ef20a21b65db49_s390x",
        "relates_to_product_reference": "9Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/udi-base-rhel9@sha256:b794ad0c9273c941eac5314cd886036c7fb5c5c46736dee498811c30671ac490_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:b794ad0c9273c941eac5314cd886036c7fb5c5c46736dee498811c30671ac490_ppc64le"
        },
        "product_reference": "devspaces/udi-base-rhel9@sha256:b794ad0c9273c941eac5314cd886036c7fb5c5c46736dee498811c30671ac490_ppc64le",
        "relates_to_product_reference": "9Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/udi-rhel9@sha256:08534bf299826c9b5572373b4418a3607ba722c1bcee2c9b208da4fc2082010b_s390x as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:08534bf299826c9b5572373b4418a3607ba722c1bcee2c9b208da4fc2082010b_s390x"
        },
        "product_reference": "devspaces/udi-rhel9@sha256:08534bf299826c9b5572373b4418a3607ba722c1bcee2c9b208da4fc2082010b_s390x",
        "relates_to_product_reference": "9Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/udi-rhel9@sha256:bf863f4a19a1757641c4cd3a93bed3d2fcc821a975282bbb1c96b962546c25cb_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:bf863f4a19a1757641c4cd3a93bed3d2fcc821a975282bbb1c96b962546c25cb_amd64"
        },
        "product_reference": "devspaces/udi-rhel9@sha256:bf863f4a19a1757641c4cd3a93bed3d2fcc821a975282bbb1c96b962546c25cb_amd64",
        "relates_to_product_reference": "9Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/udi-rhel9@sha256:cc3ea50e54e2c957276934876d20d0be25d7fef4d41c8693b9ca0c0a70d4ab92_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:cc3ea50e54e2c957276934876d20d0be25d7fef4d41c8693b9ca0c0a70d4ab92_ppc64le"
        },
        "product_reference": "devspaces/udi-rhel9@sha256:cc3ea50e54e2c957276934876d20d0be25d7fef4d41c8693b9ca0c0a70d4ab92_ppc64le",
        "relates_to_product_reference": "9Base-RHOSDS-3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-44192",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2025-03-20T12:50:04.459000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2353871"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper checks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.\n\nThis issue can cause an unexpected process crash. Additionally, there is no evidence of remote code execution but this possibility is not discarded.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:0490a4d2b6d27d513047e7425efd22227b8971ebab2c89a39ba2c26ecccada12_amd64",
          "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:26982c23aeae1ec80516c5e837c157c1cbe8327420d0b05140dbca7b39112bc5_ppc64le",
          "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:e932cdd89984a74879127f6af0f6c14ef0cda80beb7782b590eca653d4d34b1e_s390x",
          "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:0d7ddae5a233822061f01d08649403f1bbe1e78179f337e8820bfc10dc83895e_amd64",
          "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:384f0ed8cd2c69b51b4b881fae31130353d84321cfb894c7c8ef20a21b65db49_s390x",
          "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:b794ad0c9273c941eac5314cd886036c7fb5c5c46736dee498811c30671ac490_ppc64le",
          "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:08534bf299826c9b5572373b4418a3607ba722c1bcee2c9b208da4fc2082010b_s390x",
          "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:bf863f4a19a1757641c4cd3a93bed3d2fcc821a975282bbb1c96b962546c25cb_amd64",
          "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:cc3ea50e54e2c957276934876d20d0be25d7fef4d41c8693b9ca0c0a70d4ab92_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-44192"
        },
        {
          "category": "external",
          "summary": "RHBZ#2353871",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2353871"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-44192",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-44192"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-44192",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44192"
        },
        {
          "category": "external",
          "summary": "https://webkitgtk.org/security/WSA-2025-0002.html",
          "url": "https://webkitgtk.org/security/WSA-2025-0002.html"
        }
      ],
      "release_date": "2025-03-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-05-19T16:24:24+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:0490a4d2b6d27d513047e7425efd22227b8971ebab2c89a39ba2c26ecccada12_amd64",
            "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:26982c23aeae1ec80516c5e837c157c1cbe8327420d0b05140dbca7b39112bc5_ppc64le",
            "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:e932cdd89984a74879127f6af0f6c14ef0cda80beb7782b590eca653d4d34b1e_s390x",
            "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:0d7ddae5a233822061f01d08649403f1bbe1e78179f337e8820bfc10dc83895e_amd64",
            "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:384f0ed8cd2c69b51b4b881fae31130353d84321cfb894c7c8ef20a21b65db49_s390x",
            "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:b794ad0c9273c941eac5314cd886036c7fb5c5c46736dee498811c30671ac490_ppc64le",
            "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:08534bf299826c9b5572373b4418a3607ba722c1bcee2c9b208da4fc2082010b_s390x",
            "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:bf863f4a19a1757641c4cd3a93bed3d2fcc821a975282bbb1c96b962546c25cb_amd64",
            "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:cc3ea50e54e2c957276934876d20d0be25d7fef4d41c8693b9ca0c0a70d4ab92_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:7998"
        },
        {
          "category": "workaround",
          "details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
          "product_ids": [
            "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:0490a4d2b6d27d513047e7425efd22227b8971ebab2c89a39ba2c26ecccada12_amd64",
            "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:26982c23aeae1ec80516c5e837c157c1cbe8327420d0b05140dbca7b39112bc5_ppc64le",
            "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:e932cdd89984a74879127f6af0f6c14ef0cda80beb7782b590eca653d4d34b1e_s390x",
            "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:0d7ddae5a233822061f01d08649403f1bbe1e78179f337e8820bfc10dc83895e_amd64",
            "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:384f0ed8cd2c69b51b4b881fae31130353d84321cfb894c7c8ef20a21b65db49_s390x",
            "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:b794ad0c9273c941eac5314cd886036c7fb5c5c46736dee498811c30671ac490_ppc64le",
            "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:08534bf299826c9b5572373b4418a3607ba722c1bcee2c9b208da4fc2082010b_s390x",
            "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:bf863f4a19a1757641c4cd3a93bed3d2fcc821a975282bbb1c96b962546c25cb_amd64",
            "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:cc3ea50e54e2c957276934876d20d0be25d7fef4d41c8693b9ca0c0a70d4ab92_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:0490a4d2b6d27d513047e7425efd22227b8971ebab2c89a39ba2c26ecccada12_amd64",
            "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:26982c23aeae1ec80516c5e837c157c1cbe8327420d0b05140dbca7b39112bc5_ppc64le",
            "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:e932cdd89984a74879127f6af0f6c14ef0cda80beb7782b590eca653d4d34b1e_s390x",
            "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:0d7ddae5a233822061f01d08649403f1bbe1e78179f337e8820bfc10dc83895e_amd64",
            "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:384f0ed8cd2c69b51b4b881fae31130353d84321cfb894c7c8ef20a21b65db49_s390x",
            "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:b794ad0c9273c941eac5314cd886036c7fb5c5c46736dee498811c30671ac490_ppc64le",
            "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:08534bf299826c9b5572373b4418a3607ba722c1bcee2c9b208da4fc2082010b_s390x",
            "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:bf863f4a19a1757641c4cd3a93bed3d2fcc821a975282bbb1c96b962546c25cb_amd64",
            "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:cc3ea50e54e2c957276934876d20d0be25d7fef4d41c8693b9ca0c0a70d4ab92_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
    },
    {
      "cve": "CVE-2025-24209",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2025-04-07T14:27:43.092000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2357911"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a buffer overflow due to improper memory handling and result in an unexpected process crash.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:0490a4d2b6d27d513047e7425efd22227b8971ebab2c89a39ba2c26ecccada12_amd64",
          "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:26982c23aeae1ec80516c5e837c157c1cbe8327420d0b05140dbca7b39112bc5_ppc64le",
          "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:e932cdd89984a74879127f6af0f6c14ef0cda80beb7782b590eca653d4d34b1e_s390x",
          "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:0d7ddae5a233822061f01d08649403f1bbe1e78179f337e8820bfc10dc83895e_amd64",
          "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:384f0ed8cd2c69b51b4b881fae31130353d84321cfb894c7c8ef20a21b65db49_s390x",
          "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:b794ad0c9273c941eac5314cd886036c7fb5c5c46736dee498811c30671ac490_ppc64le",
          "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:08534bf299826c9b5572373b4418a3607ba722c1bcee2c9b208da4fc2082010b_s390x",
          "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:bf863f4a19a1757641c4cd3a93bed3d2fcc821a975282bbb1c96b962546c25cb_amd64",
          "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:cc3ea50e54e2c957276934876d20d0be25d7fef4d41c8693b9ca0c0a70d4ab92_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-24209"
        },
        {
          "category": "external",
          "summary": "RHBZ#2357911",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357911"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-24209",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-24209"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-24209",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24209"
        },
        {
          "category": "external",
          "summary": "https://webkitgtk.org/security/WSA-2025-0003.html",
          "url": "https://webkitgtk.org/security/WSA-2025-0003.html"
        }
      ],
      "release_date": "2025-04-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-05-19T16:24:24+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:0490a4d2b6d27d513047e7425efd22227b8971ebab2c89a39ba2c26ecccada12_amd64",
            "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:26982c23aeae1ec80516c5e837c157c1cbe8327420d0b05140dbca7b39112bc5_ppc64le",
            "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:e932cdd89984a74879127f6af0f6c14ef0cda80beb7782b590eca653d4d34b1e_s390x",
            "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:0d7ddae5a233822061f01d08649403f1bbe1e78179f337e8820bfc10dc83895e_amd64",
            "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:384f0ed8cd2c69b51b4b881fae31130353d84321cfb894c7c8ef20a21b65db49_s390x",
            "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:b794ad0c9273c941eac5314cd886036c7fb5c5c46736dee498811c30671ac490_ppc64le",
            "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:08534bf299826c9b5572373b4418a3607ba722c1bcee2c9b208da4fc2082010b_s390x",
            "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:bf863f4a19a1757641c4cd3a93bed3d2fcc821a975282bbb1c96b962546c25cb_amd64",
            "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:cc3ea50e54e2c957276934876d20d0be25d7fef4d41c8693b9ca0c0a70d4ab92_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:7998"
        },
        {
          "category": "workaround",
          "details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
          "product_ids": [
            "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:0490a4d2b6d27d513047e7425efd22227b8971ebab2c89a39ba2c26ecccada12_amd64",
            "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:26982c23aeae1ec80516c5e837c157c1cbe8327420d0b05140dbca7b39112bc5_ppc64le",
            "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:e932cdd89984a74879127f6af0f6c14ef0cda80beb7782b590eca653d4d34b1e_s390x",
            "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:0d7ddae5a233822061f01d08649403f1bbe1e78179f337e8820bfc10dc83895e_amd64",
            "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:384f0ed8cd2c69b51b4b881fae31130353d84321cfb894c7c8ef20a21b65db49_s390x",
            "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:b794ad0c9273c941eac5314cd886036c7fb5c5c46736dee498811c30671ac490_ppc64le",
            "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:08534bf299826c9b5572373b4418a3607ba722c1bcee2c9b208da4fc2082010b_s390x",
            "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:bf863f4a19a1757641c4cd3a93bed3d2fcc821a975282bbb1c96b962546c25cb_amd64",
            "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:cc3ea50e54e2c957276934876d20d0be25d7fef4d41c8693b9ca0c0a70d4ab92_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:0490a4d2b6d27d513047e7425efd22227b8971ebab2c89a39ba2c26ecccada12_amd64",
            "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:26982c23aeae1ec80516c5e837c157c1cbe8327420d0b05140dbca7b39112bc5_ppc64le",
            "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:e932cdd89984a74879127f6af0f6c14ef0cda80beb7782b590eca653d4d34b1e_s390x",
            "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:0d7ddae5a233822061f01d08649403f1bbe1e78179f337e8820bfc10dc83895e_amd64",
            "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:384f0ed8cd2c69b51b4b881fae31130353d84321cfb894c7c8ef20a21b65db49_s390x",
            "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:b794ad0c9273c941eac5314cd886036c7fb5c5c46736dee498811c30671ac490_ppc64le",
            "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:08534bf299826c9b5572373b4418a3607ba722c1bcee2c9b208da4fc2082010b_s390x",
            "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:bf863f4a19a1757641c4cd3a93bed3d2fcc821a975282bbb1c96b962546c25cb_amd64",
            "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:cc3ea50e54e2c957276934876d20d0be25d7fef4d41c8693b9ca0c0a70d4ab92_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
    },
    {
      "cve": "CVE-2025-24216",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "discovery_date": "2025-04-07T14:29:49.645000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2357917"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:0490a4d2b6d27d513047e7425efd22227b8971ebab2c89a39ba2c26ecccada12_amd64",
          "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:26982c23aeae1ec80516c5e837c157c1cbe8327420d0b05140dbca7b39112bc5_ppc64le",
          "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:e932cdd89984a74879127f6af0f6c14ef0cda80beb7782b590eca653d4d34b1e_s390x",
          "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:0d7ddae5a233822061f01d08649403f1bbe1e78179f337e8820bfc10dc83895e_amd64",
          "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:384f0ed8cd2c69b51b4b881fae31130353d84321cfb894c7c8ef20a21b65db49_s390x",
          "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:b794ad0c9273c941eac5314cd886036c7fb5c5c46736dee498811c30671ac490_ppc64le",
          "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:08534bf299826c9b5572373b4418a3607ba722c1bcee2c9b208da4fc2082010b_s390x",
          "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:bf863f4a19a1757641c4cd3a93bed3d2fcc821a975282bbb1c96b962546c25cb_amd64",
          "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:cc3ea50e54e2c957276934876d20d0be25d7fef4d41c8693b9ca0c0a70d4ab92_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-24216"
        },
        {
          "category": "external",
          "summary": "RHBZ#2357917",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357917"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-24216",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-24216"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-24216",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24216"
        },
        {
          "category": "external",
          "summary": "https://webkitgtk.org/security/WSA-2025-0003.html",
          "url": "https://webkitgtk.org/security/WSA-2025-0003.html"
        }
      ],
      "release_date": "2025-04-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-05-19T16:24:24+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:0490a4d2b6d27d513047e7425efd22227b8971ebab2c89a39ba2c26ecccada12_amd64",
            "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:26982c23aeae1ec80516c5e837c157c1cbe8327420d0b05140dbca7b39112bc5_ppc64le",
            "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:e932cdd89984a74879127f6af0f6c14ef0cda80beb7782b590eca653d4d34b1e_s390x",
            "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:0d7ddae5a233822061f01d08649403f1bbe1e78179f337e8820bfc10dc83895e_amd64",
            "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:384f0ed8cd2c69b51b4b881fae31130353d84321cfb894c7c8ef20a21b65db49_s390x",
            "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:b794ad0c9273c941eac5314cd886036c7fb5c5c46736dee498811c30671ac490_ppc64le",
            "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:08534bf299826c9b5572373b4418a3607ba722c1bcee2c9b208da4fc2082010b_s390x",
            "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:bf863f4a19a1757641c4cd3a93bed3d2fcc821a975282bbb1c96b962546c25cb_amd64",
            "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:cc3ea50e54e2c957276934876d20d0be25d7fef4d41c8693b9ca0c0a70d4ab92_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:7998"
        },
        {
          "category": "workaround",
          "details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
          "product_ids": [
            "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:0490a4d2b6d27d513047e7425efd22227b8971ebab2c89a39ba2c26ecccada12_amd64",
            "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:26982c23aeae1ec80516c5e837c157c1cbe8327420d0b05140dbca7b39112bc5_ppc64le",
            "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:e932cdd89984a74879127f6af0f6c14ef0cda80beb7782b590eca653d4d34b1e_s390x",
            "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:0d7ddae5a233822061f01d08649403f1bbe1e78179f337e8820bfc10dc83895e_amd64",
            "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:384f0ed8cd2c69b51b4b881fae31130353d84321cfb894c7c8ef20a21b65db49_s390x",
            "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:b794ad0c9273c941eac5314cd886036c7fb5c5c46736dee498811c30671ac490_ppc64le",
            "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:08534bf299826c9b5572373b4418a3607ba722c1bcee2c9b208da4fc2082010b_s390x",
            "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:bf863f4a19a1757641c4cd3a93bed3d2fcc821a975282bbb1c96b962546c25cb_amd64",
            "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:cc3ea50e54e2c957276934876d20d0be25d7fef4d41c8693b9ca0c0a70d4ab92_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:0490a4d2b6d27d513047e7425efd22227b8971ebab2c89a39ba2c26ecccada12_amd64",
            "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:26982c23aeae1ec80516c5e837c157c1cbe8327420d0b05140dbca7b39112bc5_ppc64le",
            "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:e932cdd89984a74879127f6af0f6c14ef0cda80beb7782b590eca653d4d34b1e_s390x",
            "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:0d7ddae5a233822061f01d08649403f1bbe1e78179f337e8820bfc10dc83895e_amd64",
            "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:384f0ed8cd2c69b51b4b881fae31130353d84321cfb894c7c8ef20a21b65db49_s390x",
            "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:b794ad0c9273c941eac5314cd886036c7fb5c5c46736dee498811c30671ac490_ppc64le",
            "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:08534bf299826c9b5572373b4418a3607ba722c1bcee2c9b208da4fc2082010b_s390x",
            "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:bf863f4a19a1757641c4cd3a93bed3d2fcc821a975282bbb1c96b962546c25cb_amd64",
            "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:cc3ea50e54e2c957276934876d20d0be25d7fef4d41c8693b9ca0c0a70d4ab92_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash"
    },
    {
      "cve": "CVE-2025-30427",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2025-04-07T14:32:29.265000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2357919"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:0490a4d2b6d27d513047e7425efd22227b8971ebab2c89a39ba2c26ecccada12_amd64",
          "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:26982c23aeae1ec80516c5e837c157c1cbe8327420d0b05140dbca7b39112bc5_ppc64le",
          "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:e932cdd89984a74879127f6af0f6c14ef0cda80beb7782b590eca653d4d34b1e_s390x",
          "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:0d7ddae5a233822061f01d08649403f1bbe1e78179f337e8820bfc10dc83895e_amd64",
          "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:384f0ed8cd2c69b51b4b881fae31130353d84321cfb894c7c8ef20a21b65db49_s390x",
          "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:b794ad0c9273c941eac5314cd886036c7fb5c5c46736dee498811c30671ac490_ppc64le",
          "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:08534bf299826c9b5572373b4418a3607ba722c1bcee2c9b208da4fc2082010b_s390x",
          "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:bf863f4a19a1757641c4cd3a93bed3d2fcc821a975282bbb1c96b962546c25cb_amd64",
          "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:cc3ea50e54e2c957276934876d20d0be25d7fef4d41c8693b9ca0c0a70d4ab92_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-30427"
        },
        {
          "category": "external",
          "summary": "RHBZ#2357919",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357919"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-30427",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30427"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-30427",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30427"
        },
        {
          "category": "external",
          "summary": "https://webkitgtk.org/security/WSA-2025-0003.html",
          "url": "https://webkitgtk.org/security/WSA-2025-0003.html"
        }
      ],
      "release_date": "2025-04-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-05-19T16:24:24+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:0490a4d2b6d27d513047e7425efd22227b8971ebab2c89a39ba2c26ecccada12_amd64",
            "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:26982c23aeae1ec80516c5e837c157c1cbe8327420d0b05140dbca7b39112bc5_ppc64le",
            "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:e932cdd89984a74879127f6af0f6c14ef0cda80beb7782b590eca653d4d34b1e_s390x",
            "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:0d7ddae5a233822061f01d08649403f1bbe1e78179f337e8820bfc10dc83895e_amd64",
            "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:384f0ed8cd2c69b51b4b881fae31130353d84321cfb894c7c8ef20a21b65db49_s390x",
            "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:b794ad0c9273c941eac5314cd886036c7fb5c5c46736dee498811c30671ac490_ppc64le",
            "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:08534bf299826c9b5572373b4418a3607ba722c1bcee2c9b208da4fc2082010b_s390x",
            "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:bf863f4a19a1757641c4cd3a93bed3d2fcc821a975282bbb1c96b962546c25cb_amd64",
            "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:cc3ea50e54e2c957276934876d20d0be25d7fef4d41c8693b9ca0c0a70d4ab92_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:7998"
        },
        {
          "category": "workaround",
          "details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
          "product_ids": [
            "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:0490a4d2b6d27d513047e7425efd22227b8971ebab2c89a39ba2c26ecccada12_amd64",
            "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:26982c23aeae1ec80516c5e837c157c1cbe8327420d0b05140dbca7b39112bc5_ppc64le",
            "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:e932cdd89984a74879127f6af0f6c14ef0cda80beb7782b590eca653d4d34b1e_s390x",
            "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:0d7ddae5a233822061f01d08649403f1bbe1e78179f337e8820bfc10dc83895e_amd64",
            "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:384f0ed8cd2c69b51b4b881fae31130353d84321cfb894c7c8ef20a21b65db49_s390x",
            "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:b794ad0c9273c941eac5314cd886036c7fb5c5c46736dee498811c30671ac490_ppc64le",
            "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:08534bf299826c9b5572373b4418a3607ba722c1bcee2c9b208da4fc2082010b_s390x",
            "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:bf863f4a19a1757641c4cd3a93bed3d2fcc821a975282bbb1c96b962546c25cb_amd64",
            "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:cc3ea50e54e2c957276934876d20d0be25d7fef4d41c8693b9ca0c0a70d4ab92_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:0490a4d2b6d27d513047e7425efd22227b8971ebab2c89a39ba2c26ecccada12_amd64",
            "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:26982c23aeae1ec80516c5e837c157c1cbe8327420d0b05140dbca7b39112bc5_ppc64le",
            "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:e932cdd89984a74879127f6af0f6c14ef0cda80beb7782b590eca653d4d34b1e_s390x",
            "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:0d7ddae5a233822061f01d08649403f1bbe1e78179f337e8820bfc10dc83895e_amd64",
            "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:384f0ed8cd2c69b51b4b881fae31130353d84321cfb894c7c8ef20a21b65db49_s390x",
            "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:b794ad0c9273c941eac5314cd886036c7fb5c5c46736dee498811c30671ac490_ppc64le",
            "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:08534bf299826c9b5572373b4418a3607ba722c1bcee2c9b208da4fc2082010b_s390x",
            "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:bf863f4a19a1757641c4cd3a93bed3d2fcc821a975282bbb1c96b962546c25cb_amd64",
            "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:cc3ea50e54e2c957276934876d20d0be25d7fef4d41c8693b9ca0c0a70d4ab92_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash"
    }
  ]
}

CVE-2024-44192 (GCVE-0-2024-44192)

Vulnerability from cvelistv5

Published

2025-03-10 19:11

Modified

2025-03-11 13:36

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE

Processing maliciously crafted web content may lead to an unexpected process crash

Summary

The issue was addressed with improved checks. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash.

References

►

URL

Tags

	https://support.apple.com/en-us/121238
	https://support.apple.com/en-us/121248
	https://support.apple.com/en-us/121249
	https://support.apple.com/en-us/121250
	https://support.apple.com/en-us/121240
	https://support.apple.com/en-us/121241

Impacted products

Vendor

Product

Version

►

Apple

macOS

Version: unspecified < 15

Apple	tvOS	Version: unspecified < 18
Apple	visionOS	Version: unspecified < 2
Apple	iOS and iPadOS	Version: unspecified < 18
Apple	watchOS	Version: unspecified < 11
Apple	Safari	Version: unspecified < 18

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-44192",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-11T13:35:26.410188Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-11T13:36:24.032Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "15",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "visionOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "11",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The issue was addressed with improved checks. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing maliciously crafted web content may lead to an unexpected process crash",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-10T19:11:09.176Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/121238"
        },
        {
          "url": "https://support.apple.com/en-us/121248"
        },
        {
          "url": "https://support.apple.com/en-us/121249"
        },
        {
          "url": "https://support.apple.com/en-us/121250"
        },
        {
          "url": "https://support.apple.com/en-us/121240"
        },
        {
          "url": "https://support.apple.com/en-us/121241"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2024-44192",
    "datePublished": "2025-03-10T19:11:09.176Z",
    "dateReserved": "2024-08-20T21:42:05.934Z",
    "dateUpdated": "2025-03-11T13:36:24.032Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24216 (GCVE-0-2025-24216)

Vulnerability from cvelistv5

Published

2025-03-31 22:22

Modified

2025-04-03 20:16

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE

Processing maliciously crafted web content may lead to an unexpected Safari crash

Summary

The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.

References

►

URL

Tags

	https://support.apple.com/en-us/122377
	https://support.apple.com/en-us/122371
	https://support.apple.com/en-us/122372
	https://support.apple.com/en-us/122373
	https://support.apple.com/en-us/122378
	https://support.apple.com/en-us/122379

Impacted products

Vendor

Product

Version

►

Apple

tvOS

Version: unspecified < 18.4

Apple	iOS and iPadOS	Version: unspecified < 18.4
Apple	iPadOS	Version: unspecified < 17.7
Apple	macOS	Version: unspecified < 15.4
Apple	visionOS	Version: unspecified < 2.4
Apple	Safari	Version: unspecified < 18.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 4.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-24216",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-02T14:13:08.369709Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-508",
                "description": "CWE-508 Non-Replicating Malicious Code",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-03T20:16:06.043Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "15.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "visionOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "2.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing maliciously crafted web content may lead to an unexpected Safari crash",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-31T22:22:35.858Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/122377"
        },
        {
          "url": "https://support.apple.com/en-us/122371"
        },
        {
          "url": "https://support.apple.com/en-us/122372"
        },
        {
          "url": "https://support.apple.com/en-us/122373"
        },
        {
          "url": "https://support.apple.com/en-us/122378"
        },
        {
          "url": "https://support.apple.com/en-us/122379"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2025-24216",
    "datePublished": "2025-03-31T22:22:35.858Z",
    "dateReserved": "2025-01-17T00:00:45.003Z",
    "dateUpdated": "2025-04-03T20:16:06.043Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24209 (GCVE-0-2025-24209)

Vulnerability from cvelistv5

Published

2025-03-31 22:23

Modified

2025-04-01 18:17

Severity ?

7.0 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE

Processing maliciously crafted web content may lead to an unexpected process crash

Summary

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Processing maliciously crafted web content may lead to an unexpected process crash.

References

►

URL

Tags

	https://support.apple.com/en-us/122377
	https://support.apple.com/en-us/122371
	https://support.apple.com/en-us/122372
	https://support.apple.com/en-us/122373
	https://support.apple.com/en-us/122379

Impacted products

Vendor

Product

Version

►

Apple

tvOS

Version: unspecified < 18.4

Apple	iOS and iPadOS	Version: unspecified < 18.4
Apple	iPadOS	Version: unspecified < 17.7
Apple	macOS	Version: unspecified < 15.4
Apple	Safari	Version: unspecified < 18.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-24209",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-01T18:15:08.714331Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-120",
                "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-01T18:17:16.890Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "15.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Processing maliciously crafted web content may lead to an unexpected process crash."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing maliciously crafted web content may lead to an unexpected process crash",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-31T22:23:39.898Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/122377"
        },
        {
          "url": "https://support.apple.com/en-us/122371"
        },
        {
          "url": "https://support.apple.com/en-us/122372"
        },
        {
          "url": "https://support.apple.com/en-us/122373"
        },
        {
          "url": "https://support.apple.com/en-us/122379"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2025-24209",
    "datePublished": "2025-03-31T22:23:39.898Z",
    "dateReserved": "2025-01-17T00:00:45.001Z",
    "dateUpdated": "2025-04-01T18:17:16.890Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-30427 (GCVE-0-2025-30427)

Vulnerability from cvelistv5

Published

2025-03-31 22:24

Modified

2025-04-01 13:18

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE

Processing maliciously crafted web content may lead to an unexpected Safari crash

Summary

A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.

References

►

URL

Tags

	https://support.apple.com/en-us/122377
	https://support.apple.com/en-us/122371
	https://support.apple.com/en-us/122372
	https://support.apple.com/en-us/122373
	https://support.apple.com/en-us/122378
	https://support.apple.com/en-us/122379

Impacted products

Vendor

Product

Version

►

Apple

tvOS

Version: unspecified < 18.4

Apple	iOS and iPadOS	Version: unspecified < 18.4
Apple	iPadOS	Version: unspecified < 17.7
Apple	macOS	Version: unspecified < 15.4
Apple	visionOS	Version: unspecified < 2.4
Apple	Safari	Version: unspecified < 18.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 4.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-30427",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-01T13:18:38.091976Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-01T13:18:41.175Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "15.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "visionOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "2.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing maliciously crafted web content may lead to an unexpected Safari crash",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-31T22:24:24.350Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/122377"
        },
        {
          "url": "https://support.apple.com/en-us/122371"
        },
        {
          "url": "https://support.apple.com/en-us/122372"
        },
        {
          "url": "https://support.apple.com/en-us/122373"
        },
        {
          "url": "https://support.apple.com/en-us/122378"
        },
        {
          "url": "https://support.apple.com/en-us/122379"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2025-30427",
    "datePublished": "2025-03-31T22:24:24.350Z",
    "dateReserved": "2025-03-22T00:04:43.716Z",
    "dateUpdated": "2025-04-01T13:18:41.175Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

rhsa-2025:7998

Vulnerability from csaf_redhat

CVE-2024-44192 (GCVE-0-2024-44192)

Vulnerability from cvelistv5

CVE-2025-24216 (GCVE-0-2025-24216)

Vulnerability from cvelistv5

CVE-2025-24209 (GCVE-0-2025-24209)

Vulnerability from cvelistv5

CVE-2025-30427 (GCVE-0-2025-30427)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature