Apple Safari vulnerabilities
1,613 known vulnerabilities affecting apple/safari.
Total CVEs
1,613
CISA KEV
31
actively exploited
Public exploits
157
Exploited in wild
25
Severity breakdown
CRITICAL211HIGH615MEDIUM766LOW20UNKNOWN1
Vulnerabilities
Page 20 of 81
CVE-2020-9912LOWCVSS 3.3fixed in 13.1.2≥ unspecified, < Safari 13.1.22020-10-16
CVE-2020-9912 [LOW] CVE-2020-9912: A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.2. A mali
A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.2. A malicious attacker may be able to change the origin of a frame for a download in Safari Reader mode.
nvdapple
CVE-2020-6514MEDIUMCVSS 6.5fixed in 13.1.22020-07-22
CVE-2020-6514 [MEDIUM] CWE-200 CVE-2020-6514: Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.
nvdapple
CVE-2020-9850CRITICALCVSS 9.8PoCfixed in 13.1.1≥ unspecified, < Safari 13.1.12020-06-09
CVE-2020-9850 [CRITICAL] CVE-2020-9850: A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 1
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution.
nvd
CVE-2020-9807HIGHCVSS 8.8fixed in 13.1.1≥ unspecified, < Safari 13.1.12020-06-09
CVE-2020-9807 [HIGH] CWE-787 CVE-2020-9807: A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 1
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.
nvd
CVE-2020-9806HIGHCVSS 8.8fixed in 13.1.1≥ unspecified, < Safari 13.1.12020-06-09
CVE-2020-9806 [HIGH] CWE-787 CVE-2020-9806: A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 1
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.
nvd
CVE-2020-9843HIGHCVSS 7.1fixed in 13.1.1≥ unspecified, < Safari 13.1.12020-06-09
CVE-2020-9843 [HIGH] CWE-79 CVE-2020-9843: An input validation issue was addressed with improved input validation. This issue is fixed in iOS 1
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack.
nvd
CVE-2020-9800HIGHCVSS 8.8fixed in 13.1.1≥ unspecified, < Safari 13.1.12020-06-09
CVE-2020-9800 [HIGH] CWE-843 CVE-2020-9800: A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.5
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.
nvd
CVE-2020-9805HIGHCVSS 7.1fixed in 13.1.1≥ unspecified, < Safari 13.1.12020-06-09
CVE-2020-9805 [HIGH] CWE-79 CVE-2020-9805: A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 1
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting.
nvd
CVE-2020-9803HIGHCVSS 8.8fixed in 13.1.1≥ unspecified, < Safari 13.1.12020-06-09
CVE-2020-9803 [HIGH] CWE-20 CVE-2020-9803: A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 an
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.
nvd
CVE-2020-9802HIGHCVSS 8.8fixed in 13.1.1≥ unspecified, < Safari 13.1.12020-06-09
CVE-2020-9802 [HIGH] CVE-2020-9802: A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 1
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.
nvd
CVE-2020-9801MEDIUMCVSS 5.3PoCfixed in 13.1.1≥ unspecified, < Safari 13.1.12020-06-09
CVE-2020-9801 [MEDIUM] CVE-2020-9801: A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.1. A mali
A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1.1. A malicious process may cause Safari to launch an application.
nvd
CVE-2020-3901HIGHCVSS 8.8fixed in 13.1≥ unspecified, < Safari 13.12020-04-01
CVE-2020-3901 [HIGH] CWE-843 CVE-2020-3901: A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.
nvd
CVE-2020-3899HIGHCVSS 8.8fixed in 13.1≥ unspecified, < Safari 13.12020-04-01
CVE-2020-3899 [HIGH] CVE-2020-3899: A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 1
A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.
nvd
CVE-2020-3897HIGHCVSS 8.8fixed in 13.1≥ unspecified, < Safari 13.12020-04-01
CVE-2020-3897 [HIGH] CWE-843 CVE-2020-3897: A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution.
nvd
CVE-2020-3900HIGHCVSS 8.8fixed in 13.1≥ unspecified, < Safari 13.12020-04-01
CVE-2020-3900 [HIGH] CWE-787 CVE-2020-3900: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.
nvd
CVE-2020-3895HIGHCVSS 8.8fixed in 13.1≥ unspecified, < Safari 13.12020-04-01
CVE-2020-3895 [HIGH] CWE-787 CVE-2020-3895: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution.
nvd
CVE-2020-9783HIGHCVSS 8.8fixed in 13.1≥ unspecified, < Safari 13.12020-04-01
CVE-2020-9783 [HIGH] CWE-416 CVE-2020-9783: A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to code execution.
nvd
CVE-2020-3887MEDIUMCVSS 4.3fixed in 13.1≥ unspecified, < Safari 13.12020-04-01
CVE-2020-3887 [MEDIUM] CVE-2020-3887: A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 1
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download's origin may be incorrectly associated.
nvd
CVE-2020-3902MEDIUMCVSS 6.1fixed in 13.1≥ unspecified, < Safari 13.12020-04-01
CVE-2020-3902 [MEDIUM] CWE-79 CVE-2020-3902: An input validation issue was addressed with improved input validation. This issue is fixed in iOS 1
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site scripting attack.
nvd
CVE-2020-3885MEDIUMCVSS 4.3fixed in 13.1≥ unspecified, < Safari 13.12020-04-01
CVE-2020-3885 [MEDIUM] CWE-670 CVE-2020-3885: A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 1
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed.
nvd