CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-31184 – Apple Security Advisory 03-31-2025-11
https://notcve.org/view.php?id=CVE-2025-31184
31 Mar 2025 — This issue was addressed with improved permissions checking. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may gain unauthorized access to Local Network. macOS Sequoia 15.4 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122371 •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-30432 – Apple Security Advisory 04-01-2025-1
https://notcve.org/view.php?id=CVE-2025-30432
31 Mar 2025 — A logic issue was addressed with improved state management. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sonoma 14.7.5. A malicious app may be able to attempt passcode entries on a locked device and thereby cause escalating time delays after 4 failures. macOS Ventura 13.7.5 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, and use-after-free vuln... • https://support.apple.com/en-us/122371 •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-54564
https://notcve.org/view.php?id=CVE-2024-54564
20 Mar 2025 — This issue was addressed through improved state management. This issue is fixed in visionOS 1.3, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6. A file received from AirDrop may not have the quarantine flag applied. • https://support.apple.com/en-us/120909 • CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-54551
https://notcve.org/view.php?id=CVE-2024-54551
20 Mar 2025 — The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.6, tvOS 17.6, Safari 17.6, macOS Sonoma 14.6, visionOS 1.3, iOS 17.6 and iPadOS 17.6. Processing web content may lead to a denial-of-service. • https://support.apple.com/en-us/120909 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0CVE-2025-24201 – Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2025-24201
11 Mar 2025 — An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions o... • https://support.apple.com/en-us/122281 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2024-54467 – Debian Security Advisory 5885-1
https://notcve.org/view.php?id=CVE-2024-54467
10 Mar 2025 — A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin. Tashita Software Security discovered that processing maliciously crafted web content may lead to an unexpected process crash. Narendra Bhati discovered that a malicious website may exfiltrate data cross-origin. • https://support.apple.com/en-us/121238 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2024-44192 – Debian Security Advisory 5885-1
https://notcve.org/view.php?id=CVE-2024-44192
10 Mar 2025 — The issue was addressed with improved checks. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash. Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial o... • https://support.apple.com/en-us/121238 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-54469
https://notcve.org/view.php?id=CVE-2024-54469
10 Mar 2025 — The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sequoia 15, macOS Sonoma 14.7, visionOS 2, iOS 18 and iPadOS 18. A local user may be able to leak sensitive user information. • https://support.apple.com/en-us/121234 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2024-27859
https://notcve.org/view.php?id=CVE-2024-27859
10 Feb 2025 — The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to arbitrary code execution. El problema se solucionó mejorando la gestión de la memoria. Este problema se solucionó en iOS 17.4 y iPadOS 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1 y macOS Sonoma 14.4. • https://support.apple.com/en-us/120881 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-54658 – webkitgtk: Processing web content may lead to a denial-of-service
https://notcve.org/view.php?id=CVE-2024-54658
10 Feb 2025 — The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, Safari 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service. A flaw was found in WebKitGTK. Processing malicious web content can cause a denial of service due to improper memory handling. • https://support.apple.com/en-us/120881 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •