Apple Safari vulnerabilities
1,546 known vulnerabilities affecting apple/safari.
Total CVEs
1,546
CISA KEV
27
actively exploited
Public exploits
151
Exploited in wild
21
Severity breakdown
CRITICAL211HIGH575MEDIUM741LOW19
Vulnerabilities
Page 23 of 78
CVE-2019-8615MEDIUMCVSS 6.5fixed in 12.1.1≥ unspecified, < Safari 12.1.12019-12-18
CVE-2019-8615 [MEDIUM] CWE-125 CVE-2019-8615: Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
cvelistv5nvd
CVE-2019-8658MEDIUMCVSS 6.1fixed in 12.1.2≥ unspecified, < Safari 12.1.22019-12-18
CVE-2019-8658 [MEDIUM] CWE-79 CVE-2019-8658: A logic issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS M
A logic issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting.
cvelistv5nvd
CVE-2019-8607MEDIUMCVSS 6.5fixed in 12.1.1≥ unspecified, < Safari 12.1.12019-12-18
CVE-2019-8607 [MEDIUM] CWE-125 CVE-2019-8607: An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3,
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may result in the disclosure of process memory.
cvelistv5nvd
CVE-2019-7292MEDIUMCVSS 6.5fixed in 12.1≥ unspecified, < Safari 12.12019-12-18
CVE-2019-7292 [MEDIUM] CWE-20 CVE-2019-7292: A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, tvOS 12.2, wa
A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may result in the disclosure of process memory.
cvelistv5nvd
CVE-2019-8505MEDIUMCVSS 6.1fixed in 12.1≥ unspecified, < Safari 12.12019-12-18
CVE-2019-8505 [MEDIUM] CWE-79 CVE-2019-8505: A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, Safari 12.1.
A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, Safari 12.1. Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting.
cvelistv5nvd
CVE-2019-8674MEDIUMCVSS 6.1fixed in 13≥ unspecified, < Safari 132019-12-18
CVE-2019-8674 [MEDIUM] CWE-79 CVE-2019-8674: A logic issue was addressed with improved state management. This issue is fixed in iOS 13, Safari 13
A logic issue was addressed with improved state management. This issue is fixed in iOS 13, Safari 13. Processing maliciously crafted web content may lead to universal cross site scripting.
cvelistv5nvd
CVE-2019-8608MEDIUMCVSS 6.3fixed in 12.1.1≥ unspecified, < Safari 12.1.12019-12-18
CVE-2019-8608 [MEDIUM] CWE-416 CVE-2019-8608: Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
cvelistv5nvd
CVE-2019-8597MEDIUMCVSS 6.5fixed in 12.1.1≥ unspecified, < Safari 12.1.12019-12-18
CVE-2019-8597 [MEDIUM] CWE-787 CVE-2019-8597: Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
cvelistv5nvd
CVE-2019-8813MEDIUMCVSS 6.1fixed in 13.0.3≥ unspecified, < Safari 13.0.32019-12-18
CVE-2019-8813 [MEDIUM] CWE-79 CVE-2019-8813: A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPad
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to universal cross site scripting.
cvelistv5nvd
CVE-2019-8725MEDIUMCVSS 5.3fixed in 13.0.1≥ unspecified, < Safari 13.0.12019-12-18
CVE-2019-8725 [MEDIUM] CVE-2019-8725: The issue was addressed with improved handling of service worker lifetime. This issue is fixed in Sa
The issue was addressed with improved handling of service worker lifetime. This issue is fixed in Safari 13.0.1. Service workers may leak private browsing history.
cvelistv5nvd
CVE-2019-8654MEDIUMCVSS 6.5fixed in 13.0.1≥ unspecified, < Safari 13.0.12019-12-18
CVE-2019-8654 [MEDIUM] CWE-20 CVE-2019-8654: An inconsistent user interface issue was addressed with improved state management. This issue is fix
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 13.0.1. Visiting a malicious website may lead to user interface spoofing.
cvelistv5nvd
CVE-2019-8670MEDIUMCVSS 4.3fixed in 12.1.2≥ unspecified, < Safari 12.1.22019-12-18
CVE-2019-8670 [MEDIUM] CWE-20 CVE-2019-8670: An inconsistent user interface issue was addressed with improved state management. This issue is fix
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.6, Safari 12.1.2. Visiting a malicious website may lead to address bar spoofing.
cvelistv5nvd
CVE-2019-8649MEDIUMCVSS 6.1PoCfixed in 12.1.2≥ unspecified, < Safari 12.1.22019-12-18
CVE-2019-8649 [MEDIUM] CWE-79 CVE-2019-8649: A logic issue existed in the handling of synchronous page loads. This issue was addressed with impro
A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross sit
cvelistv5nvd
CVE-2019-8515MEDIUMCVSS 6.5fixed in 12.1≥ unspecified, < Safari 12.12019-12-18
CVE-2019-8515 [MEDIUM] CWE-20 CVE-2019-8515: A cross-origin issue existed with the fetch API. This was addressed with improved input validation.
A cross-origin issue existed with the fetch API. This was addressed with improved input validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may disclose sensitive user information.
cvelistv5nvd
CVE-2018-4359HIGHCVSS 8.8fixed in 122019-04-03
CVE-2018-4359 [HIGH] CWE-119 CVE-2018-4359: Multiple memory corruption issues were addressed with improved memory handling. This issue affected
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
nvd
CVE-2018-4191HIGHCVSS 8.8fixed in 122019-04-03
CVE-2018-4191 [HIGH] CWE-119 CVE-2018-4191: A memory corruption issue was addressed with improved validation. This issue affected versions prior
A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
nvd
CVE-2018-4315HIGHCVSS 8.8PoCfixed in 122019-04-03
CVE-2018-4315 [HIGH] CWE-416 CVE-2018-4315: A use after free issue was addressed with improved memory management. This issue affected versions p
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
nvd
CVE-2018-4197HIGHCVSS 8.8PoCfixed in 122019-04-03
CVE-2018-4197 [HIGH] CWE-416 CVE-2018-4197: A use after free issue was addressed with improved memory management. This issue affected versions p
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
nvd
CVE-2018-4323HIGHCVSS 8.8PoCfixed in 122019-04-03
CVE-2018-4323 [HIGH] CWE-119 CVE-2018-4323: Multiple memory corruption issues were addressed with improved memory handling. This issue affected
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
nvd
CVE-2018-4263HIGHCVSS 8.8fixed in 11.1.22019-04-03
CVE-2018-4263 [HIGH] CWE-119 CVE-2018-4263: Multiple memory corruption issues were addressed with improved memory handling. This issue affected
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.
nvd