Vulnerability-Lookup

WID-SEC-W-2024-3291

Vulnerability from csaf_certbund - Published: 2024-10-28 23:00 - Updated: 2025-09-15 22:00

Summary

Apple macOS: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme: - MacOS X

CVE-2024-38476

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-38477

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-39573

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-40849

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-40854

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-40855

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-40858

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44122

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44126

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44137

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44144

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44156

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44159

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44175

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44194

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44195

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44196

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44197

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44200

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44201

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44211

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44212

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44213

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44215

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44216

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44218

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44219

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44222

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44223

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44229

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44231

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44232

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44233

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44234

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44236

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44237

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44239

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44240

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44241

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44242

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44244

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44247

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44248

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44250

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44253

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44254

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44255

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44256

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44257

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44259

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44260

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44264

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44265

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44267

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44269

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44270

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44273

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44275

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44277

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44278

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44279

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44280

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44281

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44282

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44283

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44284

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44285

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44286

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44287

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44289

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44290

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44292

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44293

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44294

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44295

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44296

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44297

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44298

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44299

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44301

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44302

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-44303

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-54471

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-54535

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-54538

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

CVE-2024-54554

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Apple macOS Sonoma <14.7.1 Apple / macOS		Sonoma <14.7.1
Apple macOS Sequoia <15.1 Apple / macOS		Sequoia <15.1
Apple macOS Ventura <13.7.1 Apple / macOS		Ventura <13.7.1

References

5 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://lists.apple.com/archives/security-announc…	external
https://lists.apple.com/archives/security-announc…	external
https://lists.apple.com/archives/security-announc…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- MacOS X",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-3291 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3291.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-3291 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3291"
      },
      {
        "category": "external",
        "summary": "Apple Security Advisory vom 2024-10-28",
        "url": "https://lists.apple.com/archives/security-announce/2024/Oct/msg00003.html"
      },
      {
        "category": "external",
        "summary": "Apple Security Advisory vom 2024-10-28",
        "url": "https://lists.apple.com/archives/security-announce/2024/Oct/msg00004.html"
      },
      {
        "category": "external",
        "summary": "Apple Security Advisory vom 2024-10-28",
        "url": "https://lists.apple.com/archives/security-announce/2024/Oct/msg00005.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Apple macOS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-09-15T22:00:00.000+00:00",
      "generator": {
        "date": "2025-09-16T05:26:10.681+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2024-3291",
      "initial_release_date": "2024-10-28T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-10-28T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-11-19T23:00:00.000+00:00",
          "number": "2",
          "summary": "CVE Nummern erg\u00e4nzt"
        },
        {
          "date": "2024-12-11T23:00:00.000+00:00",
          "number": "3",
          "summary": "CVE Nummern erg\u00e4nzt"
        },
        {
          "date": "2024-12-19T23:00:00.000+00:00",
          "number": "4",
          "summary": "CVE-2024-54538 erg\u00e4nzt"
        },
        {
          "date": "2025-08-28T22:00:00.000+00:00",
          "number": "5",
          "summary": "CVE-2024-54554 erg\u00e4nzt"
        },
        {
          "date": "2025-08-31T22:00:00.000+00:00",
          "number": "6",
          "summary": "Referenz(en) aufgenommen: EUVD-2024-54932"
        },
        {
          "date": "2025-09-15T22:00:00.000+00:00",
          "number": "7",
          "summary": "CVE Nummern erg\u00e4nzt"
        }
      ],
      "status": "final",
      "version": "7"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Sequoia \u003c15.1",
                "product": {
                  "name": "Apple macOS Sequoia \u003c15.1",
                  "product_id": "T038638"
                }
              },
              {
                "category": "product_version",
                "name": "Sequoia 15.1",
                "product": {
                  "name": "Apple macOS Sequoia 15.1",
                  "product_id": "T038638-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:mac_os:sequoia__15.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Sonoma \u003c14.7.1",
                "product": {
                  "name": "Apple macOS Sonoma \u003c14.7.1",
                  "product_id": "T038639"
                }
              },
              {
                "category": "product_version",
                "name": "Sonoma 14.7.1",
                "product": {
                  "name": "Apple macOS Sonoma 14.7.1",
                  "product_id": "T038639-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:mac_os:sonoma__14.7.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Ventura \u003c13.7.1",
                "product": {
                  "name": "Apple macOS Ventura \u003c13.7.1",
                  "product_id": "T038640"
                }
              },
              {
                "category": "product_version",
                "name": "Ventura 13.7.1",
                "product": {
                  "name": "Apple macOS Ventura 13.7.1",
                  "product_id": "T038640-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:apple:mac_os:ventura__13.7.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "macOS"
          }
        ],
        "category": "vendor",
        "name": "Apple"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-38476",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-38476"
    },
    {
      "cve": "CVE-2024-38477",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-38477"
    },
    {
      "cve": "CVE-2024-39573",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-39573"
    },
    {
      "cve": "CVE-2024-40849",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-40849"
    },
    {
      "cve": "CVE-2024-40854",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-40854"
    },
    {
      "cve": "CVE-2024-40855",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-40855"
    },
    {
      "cve": "CVE-2024-40858",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-40858"
    },
    {
      "cve": "CVE-2024-44122",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44122"
    },
    {
      "cve": "CVE-2024-44126",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44126"
    },
    {
      "cve": "CVE-2024-44137",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44137"
    },
    {
      "cve": "CVE-2024-44144",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44144"
    },
    {
      "cve": "CVE-2024-44156",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44156"
    },
    {
      "cve": "CVE-2024-44159",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44159"
    },
    {
      "cve": "CVE-2024-44175",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44175"
    },
    {
      "cve": "CVE-2024-44194",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44194"
    },
    {
      "cve": "CVE-2024-44195",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44195"
    },
    {
      "cve": "CVE-2024-44196",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44196"
    },
    {
      "cve": "CVE-2024-44197",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44197"
    },
    {
      "cve": "CVE-2024-44200",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44200"
    },
    {
      "cve": "CVE-2024-44201",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44201"
    },
    {
      "cve": "CVE-2024-44211",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44211"
    },
    {
      "cve": "CVE-2024-44212",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44212"
    },
    {
      "cve": "CVE-2024-44213",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44213"
    },
    {
      "cve": "CVE-2024-44215",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44215"
    },
    {
      "cve": "CVE-2024-44216",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44216"
    },
    {
      "cve": "CVE-2024-44218",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44218"
    },
    {
      "cve": "CVE-2024-44219",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44219"
    },
    {
      "cve": "CVE-2024-44222",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44222"
    },
    {
      "cve": "CVE-2024-44223",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44223"
    },
    {
      "cve": "CVE-2024-44229",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44229"
    },
    {
      "cve": "CVE-2024-44231",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44231"
    },
    {
      "cve": "CVE-2024-44232",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44232"
    },
    {
      "cve": "CVE-2024-44233",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44233"
    },
    {
      "cve": "CVE-2024-44234",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44234"
    },
    {
      "cve": "CVE-2024-44236",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44236"
    },
    {
      "cve": "CVE-2024-44237",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44237"
    },
    {
      "cve": "CVE-2024-44239",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44239"
    },
    {
      "cve": "CVE-2024-44240",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44240"
    },
    {
      "cve": "CVE-2024-44241",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44241"
    },
    {
      "cve": "CVE-2024-44242",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44242"
    },
    {
      "cve": "CVE-2024-44244",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44244"
    },
    {
      "cve": "CVE-2024-44247",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44247"
    },
    {
      "cve": "CVE-2024-44248",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44248"
    },
    {
      "cve": "CVE-2024-44250",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44250"
    },
    {
      "cve": "CVE-2024-44253",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44253"
    },
    {
      "cve": "CVE-2024-44254",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44254"
    },
    {
      "cve": "CVE-2024-44255",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44255"
    },
    {
      "cve": "CVE-2024-44256",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44256"
    },
    {
      "cve": "CVE-2024-44257",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44257"
    },
    {
      "cve": "CVE-2024-44259",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44259"
    },
    {
      "cve": "CVE-2024-44260",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44260"
    },
    {
      "cve": "CVE-2024-44264",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44264"
    },
    {
      "cve": "CVE-2024-44265",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44265"
    },
    {
      "cve": "CVE-2024-44267",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44267"
    },
    {
      "cve": "CVE-2024-44269",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44269"
    },
    {
      "cve": "CVE-2024-44270",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44270"
    },
    {
      "cve": "CVE-2024-44273",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44273"
    },
    {
      "cve": "CVE-2024-44275",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44275"
    },
    {
      "cve": "CVE-2024-44277",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44277"
    },
    {
      "cve": "CVE-2024-44278",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44278"
    },
    {
      "cve": "CVE-2024-44279",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44279"
    },
    {
      "cve": "CVE-2024-44280",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44280"
    },
    {
      "cve": "CVE-2024-44281",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44281"
    },
    {
      "cve": "CVE-2024-44282",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44282"
    },
    {
      "cve": "CVE-2024-44283",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44283"
    },
    {
      "cve": "CVE-2024-44284",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44284"
    },
    {
      "cve": "CVE-2024-44285",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44285"
    },
    {
      "cve": "CVE-2024-44286",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44286"
    },
    {
      "cve": "CVE-2024-44287",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44287"
    },
    {
      "cve": "CVE-2024-44289",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44289"
    },
    {
      "cve": "CVE-2024-44290",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44290"
    },
    {
      "cve": "CVE-2024-44292",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44292"
    },
    {
      "cve": "CVE-2024-44293",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44293"
    },
    {
      "cve": "CVE-2024-44294",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44294"
    },
    {
      "cve": "CVE-2024-44295",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44295"
    },
    {
      "cve": "CVE-2024-44296",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44296"
    },
    {
      "cve": "CVE-2024-44297",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44297"
    },
    {
      "cve": "CVE-2024-44298",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44298"
    },
    {
      "cve": "CVE-2024-44299",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44299"
    },
    {
      "cve": "CVE-2024-44301",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44301"
    },
    {
      "cve": "CVE-2024-44302",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44302"
    },
    {
      "cve": "CVE-2024-44303",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-44303"
    },
    {
      "cve": "CVE-2024-54471",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-54471"
    },
    {
      "cve": "CVE-2024-54535",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-54535"
    },
    {
      "cve": "CVE-2024-54538",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-54538"
    },
    {
      "cve": "CVE-2024-54554",
      "product_status": {
        "known_affected": [
          "T038639",
          "T038638",
          "T038640"
        ]
      },
      "release_date": "2024-10-28T23:00:00.000+00:00",
      "title": "CVE-2024-54554"
    }
  ]
}

CVE-2024-38476 (GCVE-0-2024-38476)

Vulnerability from cvelistv5 – Published: 2024-07-01 18:15 – Updated: 2025-11-03 21:55

Title

Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect

Summary

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Severity

No CVSS data available.

CWE

CWE-829 - Inclusion of Functionality from Untrusted Control Sphere

Assigner

apache

References

2 references

URL	Tags
https://httpd.apache.org/security/vulnerabilities…	vendor-advisory
https://security.netapp.com/advisory/ntap-2024071…

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache HTTP Server	Affected: 2.4.0 , ≤ 2.4.59 (semver)

Credits

Orange Tsai (@orange_8361) from DEVCORE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "http_server",
            "vendor": "apache",
            "versions": [
              {
                "lessThanOrEqual": "2.4.59",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-38476",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-29T03:55:12.524796Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-29T16:42:18.129Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:55:42.872Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240712-0001/"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/07/01/9"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Oct/11"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache HTTP Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.4.59",
              "status": "affected",
              "version": "2.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Orange Tsai (@orange_8361) from DEVCORE"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ebackend applications whose response headers are malicious or exploitable.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003eUsers are recommended to upgrade to version 2.4.60, which fixes this issue."
            }
          ],
          "value": "Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via\u00a0backend applications whose response headers are malicious or exploitable.\n\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "important"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-829",
              "description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-12T14:06:14.537Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240712-0001/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-04-01T12:00:00.000Z",
          "value": "reported"
        }
      ],
      "title": "Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2024-38476",
    "datePublished": "2024-07-01T18:15:40.071Z",
    "dateReserved": "2024-06-17T11:10:56.470Z",
    "dateUpdated": "2025-11-03T21:55:42.872Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-38477 (GCVE-0-2024-38477)

Vulnerability from cvelistv5 – Published: 2024-07-01 18:16 – Updated: 2025-11-03 21:55

Title

Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request

Summary

null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Severity

No CVSS data available.

CWE

CWE-476 - NULL Pointer Dereference

Assigner

apache

References

2 references

URL	Tags
https://httpd.apache.org/security/vulnerabilities…	vendor-advisory
https://security.netapp.com/advisory/ntap-2024071…

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache HTTP Server	Affected: 2.4.0 , ≤ 2.4.59 (semver)

Credits

Orange Tsai (@orange_8361) from DEVCORE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-38477",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-22T16:23:13.858578Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-18T18:36:04.103Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:55:44.577Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240712-0001/"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/07/01/10"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Oct/11"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache HTTP Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.4.59",
              "status": "affected",
              "version": "2.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Orange Tsai (@orange_8361) from DEVCORE"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.\u003cbr\u003eUsers are recommended to upgrade to version 2.4.60, which fixes this issue."
            }
          ],
          "value": "null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request.\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "important"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-12T14:06:17.790Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240712-0001/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-04-01T12:00:00.000Z",
          "value": "Reported"
        }
      ],
      "title": "Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2024-38477",
    "datePublished": "2024-07-01T18:16:11.935Z",
    "dateReserved": "2024-06-17T11:11:30.174Z",
    "dateUpdated": "2025-11-03T21:55:44.577Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-39573 (GCVE-0-2024-39573)

Vulnerability from cvelistv5 – Published: 2024-07-01 18:16 – Updated: 2025-11-03 21:56

Title

Apache HTTP Server: mod_rewrite proxy handler substitution

Summary

Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

Severity

No CVSS data available.

CWE

CWE-20 - Improper Input Validation

Assigner

apache

References

2 references

URL	Tags
https://httpd.apache.org/security/vulnerabilities…	vendor-advisory
https://security.netapp.com/advisory/ntap-2024071…

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache HTTP Server	Affected: 2.4.0 , ≤ 2.4.59 (semver)

Credits

Orange Tsai (@orange_8361) from DEVCORE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "http_server",
            "vendor": "apache",
            "versions": [
              {
                "lessThanOrEqual": "2.4.59",
                "status": "affected",
                "version": "2.4.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-39573",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-01T20:41:48.835121Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-01T20:44:44.754Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:56:32.361Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240712-0001/"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/07/01/11"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Oct/11"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache HTTP Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.4.59",
              "status": "affected",
              "version": "2.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Orange Tsai (@orange_8361) from DEVCORE"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL\u0027s to be handled by mod_proxy.\u003cbr\u003eUsers are recommended to upgrade to version 2.4.60, which fixes this issue."
            }
          ],
          "value": "Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL\u0027s to be handled by mod_proxy.\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-12T14:06:16.201Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240712-0001/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2024-04-01T12:00:00.000Z",
          "value": "reported"
        }
      ],
      "title": "Apache HTTP Server: mod_rewrite proxy handler substitution",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2024-39573",
    "datePublished": "2024-07-01T18:16:44.297Z",
    "dateReserved": "2024-06-25T17:13:46.679Z",
    "dateUpdated": "2025-11-03T21:56:32.361Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-40849 (GCVE-0-2024-40849)

Vulnerability from cvelistv5 – Published: 2026-04-02 18:22 – Updated: 2026-04-02 19:49

Summary

A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.1. An app may be able to break out of its sandbox.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

An app may be able to break out of its sandbox

Assigner

apple

References

1 reference

URL	Tags
https://support.apple.com/en-us/121564

Impacted products

1 product

Vendor	Product	Version
Apple	macOS	Affected: 0 , < 15.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-40849",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-02T19:48:45.449215Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-362",
                "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-02T19:49:19.309Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "15.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.1. An app may be able to break out of its sandbox."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "An app may be able to break out of its sandbox",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T18:22:35.062Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/121564"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2024-40849",
    "datePublished": "2026-04-02T18:22:35.062Z",
    "dateReserved": "2024-07-10T17:11:04.709Z",
    "dateUpdated": "2026-04-02T19:49:19.309Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-40854 (GCVE-0-2024-40854)

Vulnerability from cvelistv5 – Published: 2025-01-15 19:35 – Updated: 2026-04-02 18:21

Summary

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to cause unexpected system termination.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE

An app may be able to cause unexpected system termination

Assigner

apple

References

5 references

URL	Tags
https://support.apple.com/en-us/121563
https://support.apple.com/en-us/121564
https://support.apple.com/en-us/121567
https://support.apple.com/en-us/121568
https://support.apple.com/en-us/121570

Impacted products

2 products

Vendor	Product	Version
Apple	iOS and iPadOS	Affected: 0 , < 17.7.1 (custom) Affected: 0 , < 18.1 (custom)
Apple	macOS	Affected: 0 , < 13.7.1 (custom) Affected: 0 , < 14.7.1 (custom) Affected: 0 , < 15.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-40854",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-16T16:56:00.680151Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-16T16:57:43.308Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.7.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "18.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "13.7.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "14.7.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "15.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to cause unexpected system termination."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "An app may be able to cause unexpected system termination",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T18:21:59.106Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/121563"
        },
        {
          "url": "https://support.apple.com/en-us/121564"
        },
        {
          "url": "https://support.apple.com/en-us/121567"
        },
        {
          "url": "https://support.apple.com/en-us/121568"
        },
        {
          "url": "https://support.apple.com/en-us/121570"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2024-40854",
    "datePublished": "2025-01-15T19:35:59.681Z",
    "dateReserved": "2024-07-10T17:11:04.710Z",
    "dateUpdated": "2026-04-02T18:21:59.106Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-40855 (GCVE-0-2024-40855)

Vulnerability from cvelistv5 – Published: 2024-10-28 21:08 – Updated: 2026-04-02 18:18

Summary

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2. A sandboxed app may be able to access sensitive user data.

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

A sandboxed app may be able to access sensitive user data

Assigner

apple

References

4 references

URL	Tags
https://support.apple.com/en-us/121238
https://support.apple.com/en-us/121249
https://support.apple.com/en-us/121568
https://support.apple.com/en-us/121570

Impacted products

2 products

Vendor	Product	Version
Apple	macOS	Affected: 0 , < 13.7.1 (custom) Affected: 0 , < 14.7.1 (custom) Affected: 0 , < 15 (custom)
Apple	visionOS	Affected: 0 , < 2 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "macos",
            "vendor": "apple",
            "versions": [
              {
                "lessThan": "15",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "14.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-40855",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T19:04:36.649804Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-863",
                "description": "CWE-863 Incorrect Authorization",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T19:06:01.126Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:57:21.391Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://seclists.org/fulldisclosure/2024/Oct/13"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Oct/12"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "13.7.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "14.7.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "15",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "visionOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2. A sandboxed app may be able to access sensitive user data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "A sandboxed app may be able to access sensitive user data",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T18:18:14.711Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/121238"
        },
        {
          "url": "https://support.apple.com/en-us/121249"
        },
        {
          "url": "https://support.apple.com/en-us/121568"
        },
        {
          "url": "https://support.apple.com/en-us/121570"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2024-40855",
    "datePublished": "2024-10-28T21:08:13.758Z",
    "dateReserved": "2024-07-10T17:11:04.711Z",
    "dateUpdated": "2026-04-02T18:18:14.711Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-40858 (GCVE-0-2024-40858)

Vulnerability from cvelistv5 – Published: 2026-04-02 18:20 – Updated: 2026-04-02 19:52

Summary

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. An app may be able to access Contacts without user consent.

Severity

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE

An app may be able to access Contacts without user consent

Assigner

apple

References

1 reference

URL	Tags
https://support.apple.com/en-us/121564

Impacted products

1 product

Vendor	Product	Version
Apple	macOS	Affected: 0 , < 15.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 7.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-40858",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-02T19:52:07.895610Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-284",
                "description": "CWE-284 Improper Access Control",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-02T19:52:40.158Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "15.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. An app may be able to access Contacts without user consent."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "An app may be able to access Contacts without user consent",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T18:20:41.441Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/121564"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2024-40858",
    "datePublished": "2026-04-02T18:20:41.441Z",
    "dateReserved": "2024-07-10T17:11:04.711Z",
    "dateUpdated": "2026-04-02T19:52:40.158Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-44122 (GCVE-0-2024-44122)

Vulnerability from cvelistv5 – Published: 2024-10-28 21:08 – Updated: 2026-04-02 18:20

Summary

A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An application may be able to break out of its sandbox.

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE

An application may be able to break out of its sandbox

Assigner

apple

References

4 references

URL	Tags
https://support.apple.com/en-us/121238
https://support.apple.com/en-us/121250
https://support.apple.com/en-us/121568
https://support.apple.com/en-us/121570

Impacted products

2 products

Vendor	Product	Version
Apple	iOS and iPadOS	Affected: 0 , < 18 (custom)
Apple	macOS	Affected: 0 , < 13.7.1 (custom) Affected: 0 , < 14.7.1 (custom) Affected: 0 , < 15 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:apple:macos:15.0:-:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "macos",
            "vendor": "apple",
            "versions": [
              {
                "status": "affected",
                "version": "15.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:apple:macos:13.7.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "macos",
            "vendor": "apple",
            "versions": [
              {
                "status": "affected",
                "version": "13.7.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:apple:macos:14.7.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "macos",
            "vendor": "apple",
            "versions": [
              {
                "status": "affected",
                "version": "14.7.1"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-44122",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-01T03:55:35.329149Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-693",
                "description": "CWE-693 Protection Mechanism Failure",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-18T15:29:45.781Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:07:23.486Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://seclists.org/fulldisclosure/2024/Oct/13"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Oct/12"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "13.7.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "14.7.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "15",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An application may be able to break out of its sandbox."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "An application may be able to break out of its sandbox",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T18:20:16.775Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/121238"
        },
        {
          "url": "https://support.apple.com/en-us/121250"
        },
        {
          "url": "https://support.apple.com/en-us/121568"
        },
        {
          "url": "https://support.apple.com/en-us/121570"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2024-44122",
    "datePublished": "2024-10-28T21:08:21.087Z",
    "dateReserved": "2024-08-20T21:42:05.918Z",
    "dateUpdated": "2026-04-02T18:20:16.775Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-44126 (GCVE-0-2024-44126)

Vulnerability from cvelistv5 – Published: 2024-10-28 21:07 – Updated: 2026-04-02 18:12

Summary

The issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7.1, visionOS 2. Processing a maliciously crafted file may lead to heap corruption.

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Processing a maliciously crafted file may lead to heap corruption

Assigner

apple

References

6 references

URL	Tags
https://support.apple.com/en-us/121238
https://support.apple.com/en-us/121246
https://support.apple.com/en-us/121247
https://support.apple.com/en-us/121249
https://support.apple.com/en-us/121250
https://support.apple.com/en-us/121568

Impacted products

3 products

Vendor	Product	Version
Apple	iOS and iPadOS	Affected: 0 , < 17.7 (custom) Affected: 0 , < 18 (custom)
Apple	macOS	Affected: 0 , < 13.7.1 (custom) Affected: 0 , < 14.7 (custom) Affected: 0 , < 15 (custom)
Apple	visionOS	Affected: 0 , < 2 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "macos",
            "vendor": "apple",
            "versions": [
              {
                "lessThan": "13.7.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "14.7",
                "status": "affected",
                "version": "14.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ipados",
            "vendor": "apple",
            "versions": [
              {
                "lessThan": "17.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "visionos",
            "vendor": "apple",
            "versions": [
              {
                "lessThan": "2.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-44126",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-31T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-01T03:55:35.630Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:07:24.949Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://seclists.org/fulldisclosure/2024/Oct/13"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "18",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "13.7.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "14.7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "15",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "visionOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7.1, visionOS 2. Processing a maliciously crafted file may lead to heap corruption."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing a maliciously crafted file may lead to heap corruption",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T18:12:04.981Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/121238"
        },
        {
          "url": "https://support.apple.com/en-us/121246"
        },
        {
          "url": "https://support.apple.com/en-us/121247"
        },
        {
          "url": "https://support.apple.com/en-us/121249"
        },
        {
          "url": "https://support.apple.com/en-us/121250"
        },
        {
          "url": "https://support.apple.com/en-us/121568"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2024-44126",
    "datePublished": "2024-10-28T21:07:57.026Z",
    "dateReserved": "2024-08-20T21:42:05.918Z",
    "dateUpdated": "2026-04-02T18:12:04.981Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-44137 (GCVE-0-2024-44137)

Vulnerability from cvelistv5 – Published: 2024-10-28 21:08 – Updated: 2026-04-02 18:14

Summary

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An attacker with physical access may be able to share items from the lock screen.

Severity

4.6 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

An attacker with physical access may be able to share items from the lock screen

Assigner

apple

References

3 references

URL	Tags
https://support.apple.com/en-us/121238
https://support.apple.com/en-us/121568
https://support.apple.com/en-us/121570

Impacted products

1 product

Vendor	Product	Version
Apple	macOS	Affected: 0 , < 13.7.1 (custom) Affected: 0 , < 14.7.1 (custom) Affected: 0 , < 15 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "PHYSICAL",
              "availabilityImpact": "NONE",
              "baseScore": 4.6,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-44137",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T18:40:41.883799Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-863",
                "description": "CWE-863 Incorrect Authorization",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T18:41:59.712Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:07:27.881Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://seclists.org/fulldisclosure/2024/Oct/13"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Oct/12"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "13.7.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "14.7.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "15",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An attacker with physical access may be able to share items from the lock screen."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "An attacker with physical access may be able to share items from the lock screen",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T18:14:20.883Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/121238"
        },
        {
          "url": "https://support.apple.com/en-us/121568"
        },
        {
          "url": "https://support.apple.com/en-us/121570"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2024-44137",
    "datePublished": "2024-10-28T21:08:03.955Z",
    "dateReserved": "2024-08-20T21:42:05.920Z",
    "dateUpdated": "2026-04-02T18:14:20.883Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2024-3291

CVE-2024-38476 (GCVE-0-2024-38476)

CVE-2024-38477 (GCVE-0-2024-38477)

CVE-2024-39573 (GCVE-0-2024-39573)

CVE-2024-40849 (GCVE-0-2024-40849)

CVE-2024-40854 (GCVE-0-2024-40854)

CVE-2024-40855 (GCVE-0-2024-40855)

CVE-2024-40858 (GCVE-0-2024-40858)

CVE-2024-44122 (GCVE-0-2024-44122)

CVE-2024-44126 (GCVE-0-2024-44126)

CVE-2024-44137 (GCVE-0-2024-44137)

Tags

Sightings

Nomenclature