Apple Safari vulnerabilities
1,546 known vulnerabilities affecting apple/safari.
Total CVEs
1,546
CISA KEV
27
actively exploited
Public exploits
151
Exploited in wild
21
Severity breakdown
CRITICAL211HIGH575MEDIUM741LOW19
Vulnerabilities
Page 17 of 78
CVE-2020-3852MEDIUMCVSS 5.3fixed in 13.0.5≥ unspecified, < 13.02020-10-27
CVE-2020-3852 [MEDIUM] CWE-863 CVE-2020-3852: A logic issue was addressed with improved validation. This issue is fixed in Safari 13.0.5. A URL sc
A logic issue was addressed with improved validation. This issue is fixed in Safari 13.0.5. A URL scheme may be incorrectly ignored when determining multimedia permission for a website.
cvelistv5nvd
CVE-2019-8827MEDIUMCVSS 4.3fixed in 13.0.3≥ unspecified, < 13.02020-10-27
CVE-2019-8827 [MEDIUM] CVE-2019-8827: The HTTP referrer header may be used to leak browsing history. The issue was resolved by downgrading
The HTTP referrer header may be used to leak browsing history. The issue was resolved by downgrading all third party referrers to their origin. This issue is fixed in Safari 13.0.3, iTunes 12.10.2 for Windows, iCloud for Windows 10.9.2, tvOS 13.2, iOS 13.2 and iPadOS 13.2, iCloud for Windows 7.15. Visiting a maliciously crafted website may reveal the sites a
cvelistv5nvd
CVE-2018-4444MEDIUMCVSS 6.5fixed in 12.0.2≥ unspecified, < 12.02020-10-27
CVE-2018-4444 [MEDIUM] CVE-2018-4444: A logic issue was addressed with improved state management. This issue is fixed in Safari 12.0.2, iO
A logic issue was addressed with improved state management. This issue is fixed in Safari 12.0.2, iOS 12.1.1, tvOS 12.1.1, iTunes 12.9.2 for Windows. Processing maliciously crafted web content may disclose sensitive user information.
cvelistv5nvd
CVE-2019-8762MEDIUMCVSS 6.1fixed in 13.0.1≥ unspecified, < 13.02020-10-27
CVE-2019-8762 [MEDIUM] CWE-79 CVE-2019-8762: A validation issue was addressed with improved logic. This issue is fixed in Safari 13.0.1, iOS 13.1
A validation issue was addressed with improved logic. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, tvOS 13, iCloud for Windows 7.14, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to universal cross site scripting.
cvelistv5nvd
CVE-2020-9860MEDIUMCVSS 5.4fixed in 13.0.5≥ unspecified, < 13.02020-10-27
CVE-2020-9860 [MEDIUM] CVE-2020-9860: A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed
A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 13.0.5. Processing a maliciously crafted URL may lead to arbitrary javascript code execution.
cvelistv5nvd
CVE-2020-9895CRITICALCVSS 9.8fixed in 13.1.2≥ unspecified, < Safari 13.1.22020-10-16
CVE-2020-9895 [CRITICAL] CWE-416 CVE-2020-9895: A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
cvelistv5nvd
CVE-2020-9903HIGHCVSS 7.5fixed in 13.1.2≥ unspecified, < Safari 13.1.22020-10-16
CVE-2020-9903 [HIGH] CWE-346 CVE-2020-9903: A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 1
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. A malicious attacker may cause Safari to suggest a password for the wrong domain.
cvelistv5nvd
CVE-2020-9862HIGHCVSS 7.8fixed in 13.1.2≥ unspecified, < Safari 13.1.22020-10-16
CVE-2020-9862 [HIGH] CWE-77 CVE-2020-9862: A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.
A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection.
cvelistv5nvd
CVE-2020-9911HIGHCVSS 7.5fixed in 13.1.2≥ unspecified, < Safari 13.1.22020-10-16
CVE-2020-9911 [HIGH] CVE-2020-9911: A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 1
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy.
cvelistv5nvd
CVE-2020-9951HIGHCVSS 8.8fixed in 14.0≥ unspecified, < Safari 14.02020-10-16
CVE-2020-9951 [HIGH] CWE-416 CVE-2020-9951: A use after free issue was addressed with improved memory management. This issue is fixed in Safari
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.
cvelistv5nvd
CVE-2020-9983HIGHCVSS 8.8fixed in 14.0≥ unspecified, < Safari 14.02020-10-16
CVE-2020-9983 [HIGH] CWE-787 CVE-2020-9983: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Saf
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution.
cvelistv5nvd
CVE-2020-9952HIGHCVSS 7.1fixed in 14.0≥ unspecified, < Safari 14.02020-10-16
CVE-2020-9952 [HIGH] CWE-79 CVE-2020-9952: An input validation issue was addressed with improved input validation. This issue is fixed in iOS 1
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack.
cvelistv5nvd
CVE-2020-9910HIGHCVSS 8.8fixed in 13.1.2≥ unspecified, < Safari 13.1.22020-10-16
CVE-2020-9910 [HIGH] CVE-2020-9910: Multiple issues were addressed with improved logic. This issue is fixed in iOS 13.6 and iPadOS 13.6,
Multiple issues were addressed with improved logic. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.
cvelistv5nvd
CVE-2020-9936HIGHCVSS 7.8fixed in 13.1.22020-10-16
CVE-2020-9936 [HIGH] CWE-787 CVE-2020-9936: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.
nvd
CVE-2020-9893HIGHCVSS 8.8fixed in 13.1.2≥ unspecified, < Safari 13.1.22020-10-16
CVE-2020-9893 [HIGH] CWE-416 CVE-2020-9893: A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
cvelistv5nvd
CVE-2020-9948HIGHCVSS 8.8fixed in 14.0≥ unspecified, < Safari 14.02020-10-16
CVE-2020-9948 [HIGH] CWE-843 CVE-2020-9948: A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14
A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.
cvelistv5nvd
CVE-2020-9916MEDIUMCVSS 5.3fixed in 13.1.2≥ unspecified, < Safari 13.1.22020-10-16
CVE-2020-9916 [MEDIUM] CVE-2020-9916: A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iO
A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker may be able to conceal the destination of a URL.
cvelistv5nvd
CVE-2020-9894MEDIUMCVSS 4.3fixed in 13.1.2≥ unspecified, < Safari 13.1.22020-10-16
CVE-2020-9894 [MEDIUM] CWE-125 CVE-2020-9894: An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
cvelistv5nvd
CVE-2020-9925MEDIUMCVSS 6.1fixed in 13.1.2≥ unspecified, < Safari 13.1.22020-10-16
CVE-2020-9925 [MEDIUM] CWE-79 CVE-2020-9925: A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPad
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting.
cvelistv5nvd
CVE-2020-9915MEDIUMCVSS 6.5fixed in 13.1.2≥ unspecified, < Safari 13.1.22020-10-16
CVE-2020-9915 [MEDIUM] CVE-2020-9915: An access issue existed in Content Security Policy. This issue was addressed with improved access re
An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may prevent Content Security Policy
cvelistv5nvd