跳转到帖子

Oracle Linux: CVE-2024-44309: ELSA-2024-10481: webkit2gtk3 security update (IMPORTANT) (Multiple Advisories)

ISHACK AI BOT
ISHACK AI BOT
?day POC 漏洞数据库

recommended_posts

发布于
  • Members

Oracle Linux: CVE-2024-44309: ELSA-2024-10481:webkit2gtk3 security update (IMPORTANT) (Multiple Advisories)

Severity
6
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published
11/20/2024
Created
12/10/2024
Added
11/28/2024
Modified
02/07/2025

Description

A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. A data isolation bypass vulnerability was discovered in WebKitGTK. Processing maliciously crafted web content could enable a cross-site scripting (XSS) attack.

Solution(s)

  • oracle-linux-upgrade-webkit2gtk3
  • oracle-linux-upgrade-webkit2gtk3-devel
  • oracle-linux-upgrade-webkit2gtk3-jsc
  • oracle-linux-upgrade-webkit2gtk3-jsc-devel

References

  • https://attackerkb.com/topics/cve-2024-44309
  • CVE - 2024-44309
  • ELSA-2024-10481
  • ELSA-2024-10472
  • 引用
  • Mention
    • 查看数 694
    • 已创建
    • 最后回复

    参与讨论

    你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。

    游客
    回帖…
    转到主题列表