) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:apple:safari:1.3.1:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2023-42875 |
Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. The issue was addressed with improved memory handling. Published: April 11, 2025; 11:15:44 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-31192 |
The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A website may be able to access sensor information without user consent. Published: March 31, 2025; 7:15:29 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-31184 |
This issue was addressed with improved permissions checking. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may gain unauthorized access to Local Network. Published: March 31, 2025; 7:15:28 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-30467 |
The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Visiting a malicious website may lead to address bar spoofing. Published: March 31, 2025; 7:15:27 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-30427 |
A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash. Published: March 31, 2025; 7:15:25 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-30425 |
This issue was addressed through improved state management. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A malicious website may be able to track users in Safari private browsing mode. Published: March 31, 2025; 7:15:24 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-24264 |
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash. Published: March 31, 2025; 7:15:23 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-24216 |
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash. Published: March 31, 2025; 7:15:19 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-24213 |
This issue was addressed with improved handling of floats. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A type confusion issue could lead to memory corruption. Published: March 31, 2025; 7:15:19 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-24209 |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Processing maliciously crafted web content may lead to an unexpected process crash. Published: March 31, 2025; 7:15:18 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-24208 |
A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4. Loading a malicious iframe may lead to a cross-site scripting attack. Published: March 31, 2025; 7:15:18 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-24192 |
A script imports issue was addressed with improved isolation. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Visiting a website may leak sensitive data. Published: March 31, 2025; 7:15:17 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-24180 |
The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix. Published: March 31, 2025; 7:15:17 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-24167 |
This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A download's origin may be incorrectly associated. Published: March 31, 2025; 7:15:16 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2024-54551 |
The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.6, tvOS 17.6, Safari 17.6, macOS Sonoma 14.6, visionOS 1.3, iOS 17.6 and iPadOS 17.6. Processing web content may lead to a denial-of-service. Published: March 20, 2025; 8:15:18 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
| CVE-2025-24201 |
An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1, watchOS 11.4, iPadOS 17.7.6, iOS 16.7.11 and iPadOS 16.7.11, iOS 15.8.4 and iPadOS 15.8.4. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.). Published: March 11, 2025; 2:15:30 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2024-54467 |
A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin. Published: March 10, 2025; 3:15:38 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
| CVE-2024-44192 |
The issue was addressed with improved checks. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash. Published: March 10, 2025; 3:15:38 PM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |
| CVE-2024-54658 |
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, Safari 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service. Published: February 10, 2025; 2:15:39 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
| CVE-2025-24169 |
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.3, Safari 18.3. A malicious app may be able to bypass browser extension authentication. Published: January 27, 2025; 5:15:20 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |