{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "Update to 2.48.5. The following CVEs were fixed:\n- CVE-2025-6558: fix processing maliciously crafted web content which may\n lead to an unexpected Safari crash\n- CVE-2025-31273: fix processing maliciously crafted web content which may\n lead to memory corruption\n- CVE-2025-31278: fix processing maliciously crafted web content which may\n lead to memory corruption\n- CVE-2025-43212: fix processing maliciously crafted web content which may\n lead to an unexpected Safari crash\n- CVE-2025-43216: fix processing maliciously crafted web content which may\n lead to an unexpected Safari crash\n- CVE-2025-43228: fix issue with visiting a malicious website which may lead\n to address bar spoofing\n- CVE-2025-24189: fix processing maliciously crafted web content which may\n lead to memory corruption\n- CVE-2025-31205: fix issue with a malicious website which may exfiltrate\n data cross-origin\n- CVE-2025-24208: fix loading a malicious iframe which may lead to a cross-site\n scripting attack\n- CVE-2024-54551: fix processing web content which may lead to a denial-of-service\n- CVE-2024-44192: fix processing maliciously crafted web content which may\n lead to an unexpected process crash\n- CVE-2024-54467: fix issue with a malicious website which may exfiltrate\n data cross-origin\n- CVE-2025-24162: fix processing maliciously crafted web content which may\n lead to an unexpected process crash\n- CVE-2024-54502: fix processing maliciously crafted web content which may\n lead to an unexpected process crash\n- CVE-2024-44244: fix processing maliciously crafted web content which may\n lead to an unexpected process crash\n- CVE-2024-44185: fix processing maliciously crafted web content which may\n lead to an unexpected process crash\n- CVE-2024-44187: fix issue wit a malicious website may exfiltrate data\n cross-origin\n- CVE-2024-40866: fix issue with visiting a malicious website which may lead\n to address bar spoofing", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/almalinux9.2esu/advisories/2025/clsa-2025_1756751564.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1756751564", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1756751564" } ], "tracking": { "current_release_date": "2026-02-16T09:36:08Z", "generator": { "date": "2026-02-16T09:36:08Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1756751564", "initial_release_date": "2025-09-01T18:32:46Z", "revision_history": [ { "date": "2025-09-01T18:32:46Z", "number": "1", "summary": "Initial version" }, { "date": "2025-09-15T07:51:39Z", "number": "2", "summary": "Official Publication" }, { "date": "2026-02-16T09:36:08Z", "number": "3", "summary": "Update document" } ], "status": "final", "version": "3" }, "title": "webkit2gtk3: Fix of 18 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.2", "product": { "name": "AlmaLinux 9.2", "product_id": "AlmaLinux-9.2", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "product": { "name": "webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "product_id": "webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/webkit2gtk3-devel@2.48.5-1.el9.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "product": { "name": "webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "product_id": "webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/webkit2gtk3@2.48.5-1.el9.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "product": { "name": "webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "product_id": "webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/webkit2gtk3-jsc-devel@2.48.5-1.el9.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "product": { "name": "webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "product_id": "webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/webkit2gtk3-jsc@2.48.5-1.el9.tuxcare.els1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" }, "product_reference": "webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64" }, "product_reference": "webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" }, "product_reference": "webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64" }, "product_reference": "webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-44187", "cwe": { "id": "CWE-346", "name": "Origin Validation Error" }, "notes": [ { "category": "description", "text": "A cross-origin issue existed with \"iframe\" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-44187" }, { "category": "external", "summary": "https://support.apple.com/en-us/121238", "url": "https://support.apple.com/en-us/121238" }, { "category": "external", "summary": "https://support.apple.com/en-us/121240", "url": "https://support.apple.com/en-us/121240" }, { "category": "external", "summary": "https://support.apple.com/en-us/121241", "url": "https://support.apple.com/en-us/121241" }, { "category": "external", "summary": "https://support.apple.com/en-us/121248", "url": "https://support.apple.com/en-us/121248" }, { "category": "external", "summary": "https://support.apple.com/en-us/121249", "url": "https://support.apple.com/en-us/121249" }, { "category": "external", "summary": "https://support.apple.com/en-us/121250", "url": "https://support.apple.com/en-us/121250" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2024/Sep/32", "url": "http://seclists.org/fulldisclosure/2024/Sep/32" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2024/Sep/33", "url": "http://seclists.org/fulldisclosure/2024/Sep/33" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2024/Sep/36", "url": "http://seclists.org/fulldisclosure/2024/Sep/36" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2024/Sep/37", "url": "http://seclists.org/fulldisclosure/2024/Sep/37" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/11/msg00019.html", "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00019.html" } ], "release_date": "2024-09-17T00:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-09-01T18:32:46.619580Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1756751564", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1756751564" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-54551", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "description", "text": "The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.6, tvOS 17.6, Safari 17.6, macOS Sonoma 14.6, visionOS 1.3, iOS 17.6 and iPadOS 17.6. Processing web content may lead to a denial-of-service.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-54551" } ], "release_date": "2025-04-07T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-09-01T18:32:46.619580Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1756751564", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1756751564" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-44244", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may lead to an unexpected process crash.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-44244" }, { "category": "external", "summary": "https://support.apple.com/en-us/121563", "url": "https://support.apple.com/en-us/121563" }, { "category": "external", "summary": "https://support.apple.com/en-us/121564", "url": "https://support.apple.com/en-us/121564" }, { "category": "external", "summary": "https://support.apple.com/en-us/121565", "url": "https://support.apple.com/en-us/121565" }, { "category": "external", "summary": "https://support.apple.com/en-us/121566", "url": "https://support.apple.com/en-us/121566" }, { "category": "external", "summary": "https://support.apple.com/en-us/121569", "url": "https://support.apple.com/en-us/121569" }, { "category": "external", "summary": "https://support.apple.com/en-us/121571", "url": "https://support.apple.com/en-us/121571" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2024/Oct/11", "url": "http://seclists.org/fulldisclosure/2024/Oct/11" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2024/Oct/15", "url": "http://seclists.org/fulldisclosure/2024/Oct/15" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2024/Oct/19", "url": "http://seclists.org/fulldisclosure/2024/Oct/19" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2024/Oct/9", "url": "http://seclists.org/fulldisclosure/2024/Oct/9" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/11/msg00019.html", "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00019.html" } ], "release_date": "2024-10-28T21:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-09-01T18:32:46.619580Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1756751564", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1756751564" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-31205", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "notes": [ { "category": "description", "text": "The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. A malicious website may exfiltrate data cross-origin.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-31205" } ], "release_date": "2025-05-15T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-09-01T18:32:46.619580Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1756751564", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1756751564" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-31273", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "description", "text": "The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may lead to memory corruption.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-31273" } ], "release_date": "2025-08-01T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-09-01T18:32:46.619580Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1756751564", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1756751564" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-40866", "notes": [ { "category": "description", "text": "The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar spoofing.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-40866" }, { "category": "external", "summary": "https://support.apple.com/en-us/121238", "url": "https://support.apple.com/en-us/121238" }, { "category": "external", "summary": "https://support.apple.com/en-us/121241", "url": "https://support.apple.com/en-us/121241" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2024/Sep/33", "url": "http://seclists.org/fulldisclosure/2024/Sep/33" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2024/Sep/37", "url": "http://seclists.org/fulldisclosure/2024/Sep/37" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/11/msg00019.html", "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00019.html" } ], "release_date": "2024-09-17T00:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-09-01T18:32:46.619580Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1756751564", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1756751564" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-6558", "cwe": { "id": "CWE-76", "name": "Improper Neutralization of Equivalent Special Elements" }, "notes": [ { "category": "description", "text": "Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-6558" } ], "release_date": "2025-07-15T18:12:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-09-01T18:32:46.619580Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1756751564", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1756751564" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-54502", "notes": [ { "category": "description", "text": "The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-54502" }, { "category": "external", "summary": "https://support.apple.com/en-us/121837", "url": "https://support.apple.com/en-us/121837" }, { "category": "external", "summary": "https://support.apple.com/en-us/121839", "url": "https://support.apple.com/en-us/121839" }, { "category": "external", "summary": "https://support.apple.com/en-us/121843", "url": "https://support.apple.com/en-us/121843" }, { "category": "external", "summary": "https://support.apple.com/en-us/121844", "url": "https://support.apple.com/en-us/121844" }, { "category": "external", "summary": "https://support.apple.com/en-us/121845", "url": "https://support.apple.com/en-us/121845" }, { "category": "external", "summary": "https://support.apple.com/en-us/121846", "url": "https://support.apple.com/en-us/121846" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2024/Dec/10", "url": "http://seclists.org/fulldisclosure/2024/Dec/10" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2024/Dec/13", "url": "http://seclists.org/fulldisclosure/2024/Dec/13" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2024/Dec/5", "url": "http://seclists.org/fulldisclosure/2024/Dec/5" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2024/Dec/7", "url": "http://seclists.org/fulldisclosure/2024/Dec/7" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2025/Apr/5", "url": "http://seclists.org/fulldisclosure/2025/Apr/5" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/01/msg00002.html", "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00002.html" } ], "release_date": "2024-12-12T02:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-09-01T18:32:46.619580Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1756751564", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1756751564" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-24189", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "notes": [ { "category": "description", "text": "The issue was addressed with improved checks. This issue is fixed in Safari 18.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to memory corruption.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-24189" } ], "release_date": "2025-08-01T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-09-01T18:32:46.619580Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1756751564", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1756751564" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-43212", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "description", "text": "The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-43212" } ], "release_date": "2025-08-01T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-09-01T18:32:46.619580Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1756751564", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1756751564" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-43216", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 18.6, watchOS 11.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, tvOS 18.6, macOS Sequoia 15.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-43216" } ], "release_date": "2025-08-01T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-09-01T18:32:46.619580Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1756751564", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1756751564" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-44185", "notes": [ { "category": "description", "text": "The issue was addressed with improved checks. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-44185" }, { "category": "external", "summary": "https://support.apple.com/en-us/120909", "url": "https://support.apple.com/en-us/120909" }, { "category": "external", "summary": "https://support.apple.com/en-us/120911", "url": "https://support.apple.com/en-us/120911" }, { "category": "external", "summary": "https://support.apple.com/en-us/120913", "url": "https://support.apple.com/en-us/120913" }, { "category": "external", "summary": "https://support.apple.com/en-us/120914", "url": "https://support.apple.com/en-us/120914" }, { "category": "external", "summary": "https://support.apple.com/en-us/120915", "url": "https://support.apple.com/en-us/120915" }, { "category": "external", "summary": "https://support.apple.com/en-us/120916", "url": "https://support.apple.com/en-us/120916" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/11/msg00019.html", "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00019.html" } ], "release_date": "2024-10-24T17:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-09-01T18:32:46.619580Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1756751564", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1756751564" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-31278", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "description", "text": "The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iPadOS 17.7.9, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. Processing maliciously crafted web content may lead to memory corruption.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-31278" } ], "release_date": "2025-08-01T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-09-01T18:32:46.619580Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1756751564", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1756751564" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-54467", "notes": [ { "category": "description", "text": "A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-54467" }, { "category": "external", "summary": "https://support.apple.com/en-us/121238", "url": "https://support.apple.com/en-us/121238" }, { "category": "external", "summary": "https://support.apple.com/en-us/121240", "url": "https://support.apple.com/en-us/121240" }, { "category": "external", "summary": "https://support.apple.com/en-us/121241", "url": "https://support.apple.com/en-us/121241" }, { "category": "external", "summary": "https://support.apple.com/en-us/121248", "url": "https://support.apple.com/en-us/121248" }, { "category": "external", "summary": "https://support.apple.com/en-us/121249", "url": "https://support.apple.com/en-us/121249" }, { "category": "external", "summary": "https://support.apple.com/en-us/121250", "url": "https://support.apple.com/en-us/121250" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html", "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html" } ], "release_date": "2025-03-10T19:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-09-01T18:32:46.619580Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1756751564", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1756751564" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-24208", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" }, "notes": [ { "category": "description", "text": "A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4. Loading a malicious iframe may lead to a cross-site scripting attack.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-24208" } ], "release_date": "2025-04-07T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-09-01T18:32:46.619580Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1756751564", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1756751564" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-44192", "notes": [ { "category": "description", "text": "The issue was addressed with improved checks. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-44192" }, { "category": "external", "summary": "https://support.apple.com/en-us/121238", "url": "https://support.apple.com/en-us/121238" }, { "category": "external", "summary": "https://support.apple.com/en-us/121240", "url": "https://support.apple.com/en-us/121240" }, { "category": "external", "summary": "https://support.apple.com/en-us/121241", "url": "https://support.apple.com/en-us/121241" }, { "category": "external", "summary": "https://support.apple.com/en-us/121248", "url": "https://support.apple.com/en-us/121248" }, { "category": "external", "summary": "https://support.apple.com/en-us/121249", "url": "https://support.apple.com/en-us/121249" }, { "category": "external", "summary": "https://support.apple.com/en-us/121250", "url": "https://support.apple.com/en-us/121250" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html", "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html" } ], "release_date": "2025-03-10T19:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-09-01T18:32:46.619580Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1756751564", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1756751564" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-24162", "notes": [ { "category": "description", "text": "This issue was addressed through improved state management. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to an unexpected process crash.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-24162" }, { "category": "external", "summary": "https://support.apple.com/en-us/122066", "url": "https://support.apple.com/en-us/122066" }, { "category": "external", "summary": "https://support.apple.com/en-us/122068", "url": "https://support.apple.com/en-us/122068" }, { "category": "external", "summary": "https://support.apple.com/en-us/122071", "url": "https://support.apple.com/en-us/122071" }, { "category": "external", "summary": "https://support.apple.com/en-us/122072", "url": "https://support.apple.com/en-us/122072" }, { "category": "external", "summary": "https://support.apple.com/en-us/122073", "url": "https://support.apple.com/en-us/122073" }, { "category": "external", "summary": "https://support.apple.com/en-us/122074", "url": "https://support.apple.com/en-us/122074" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2025/Jan/13", "url": "http://seclists.org/fulldisclosure/2025/Jan/13" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2025/Jan/15", "url": "http://seclists.org/fulldisclosure/2025/Jan/15" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2025/Jan/18", "url": "http://seclists.org/fulldisclosure/2025/Jan/18" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2025/Jan/20", "url": "http://seclists.org/fulldisclosure/2025/Jan/20" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/02/msg00014.html", "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00014.html" } ], "release_date": "2025-01-27T22:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-09-01T18:32:46.619580Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1756751564", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1756751564" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.48.5-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.48.5-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }