Apple Safari vulnerabilities
1,613 known vulnerabilities affecting apple/safari.
Total CVEs
1,613
CISA KEV
31
actively exploited
Public exploits
157
Exploited in wild
25
Severity breakdown
CRITICAL211HIGH615MEDIUM766LOW20UNKNOWN1
Vulnerabilities
Page 25 of 81
CVE-2019-8658MEDIUMCVSS 6.1fixed in 12.1.2≥ unspecified, < Safari 12.1.22019-12-18
CVE-2019-8658 [MEDIUM] CWE-79 CVE-2019-8658: A logic issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS M
A logic issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting.
nvdapple
CVE-2019-8649MEDIUMCVSS 6.1PoCfixed in 12.1.2≥ unspecified, < Safari 12.1.22019-12-18
CVE-2019-8649 [MEDIUM] CWE-79 CVE-2019-8649: A logic issue existed in the handling of synchronous page loads. This issue was addressed with impro
A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross sit
nvdapple
CVE-2019-8515MEDIUMCVSS 6.5fixed in 12.1≥ unspecified, < Safari 12.12019-12-18
CVE-2019-8515 [MEDIUM] CWE-20 CVE-2019-8515: A cross-origin issue existed with the fetch API. This was addressed with improved input validation.
A cross-origin issue existed with the fetch API. This was addressed with improved input validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may disclose sensitive user information.
nvdapple
CVE-2019-8607MEDIUMCVSS 6.5fixed in 12.1.1≥ unspecified, < Safari 12.1.12019-12-18
CVE-2019-8607 [MEDIUM] CWE-125 CVE-2019-8607: An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3,
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may result in the disclosure of process memory.
nvdapple
CVE-2019-8551MEDIUMCVSS 6.1fixed in 12.1≥ unspecified, < Safari 12.12019-12-18
CVE-2019-8551 [MEDIUM] CWE-79 CVE-2019-8551: A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Sa
A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to universal cross site scripting.
nvdapple
CVE-2019-8813MEDIUMCVSS 6.1fixed in 13.0.3≥ unspecified, < Safari 13.0.32019-12-18
CVE-2019-8813 [MEDIUM] CWE-79 CVE-2019-8813: A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPad
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to universal cross site scripting.
nvdapple
CVE-2019-7292MEDIUMCVSS 6.5fixed in 12.1≥ unspecified, < Safari 12.12019-12-18
CVE-2019-7292 [MEDIUM] CWE-20 CVE-2019-7292: A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, tvOS 12.2, wa
A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may result in the disclosure of process memory.
nvdapple
CVE-2019-8505MEDIUMCVSS 6.1fixed in 12.1≥ unspecified, < Safari 12.12019-12-18
CVE-2019-8505 [MEDIUM] CWE-79 CVE-2019-8505: A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, Safari 12.1.
A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, Safari 12.1. Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting.
nvdapple
CVE-2019-8674MEDIUMCVSS 6.1fixed in 13≥ unspecified, < Safari 132019-12-18
CVE-2019-8674 [MEDIUM] CWE-79 CVE-2019-8674: A logic issue was addressed with improved state management. This issue is fixed in iOS 13, Safari 13
A logic issue was addressed with improved state management. This issue is fixed in iOS 13, Safari 13. Processing maliciously crafted web content may lead to universal cross site scripting.
nvdapple
CVE-2019-6204MEDIUMCVSS 6.1fixed in 12.1≥ unspecified, < Safari 12.12019-12-18
CVE-2019-6204 [MEDIUM] CWE-79 CVE-2019-6204: A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, Safari 12.1.
A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, Safari 12.1. Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting.
nvdapple
CVE-2019-8725MEDIUMCVSS 5.3fixed in 13.0.1≥ unspecified, < Safari 13.0.12019-12-18
CVE-2019-8725 [MEDIUM] CVE-2019-8725: The issue was addressed with improved handling of service worker lifetime. This issue is fixed in Sa
The issue was addressed with improved handling of service worker lifetime. This issue is fixed in Safari 13.0.1. Service workers may leak private browsing history.
nvdapple
CVE-2019-8597MEDIUMCVSS 6.5fixed in 12.1.1≥ unspecified, < Safari 12.1.12019-12-18
CVE-2019-8597 [MEDIUM] CWE-787 CVE-2019-8597: Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
nvdapple
CVE-2019-8608MEDIUMCVSS 6.3fixed in 12.1.1≥ unspecified, < Safari 12.1.12019-12-18
CVE-2019-8608 [MEDIUM] CWE-416 CVE-2019-8608: Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.
nvdapple
CVE-2019-8690MEDIUMCVSS 6.1PoCfixed in 12.1.2≥ unspecified, < Safari 12.1.22019-12-18
CVE-2019-8690 [MEDIUM] CWE-79 CVE-2019-8690: A logic issue existed in the handling of document loads. This issue was addressed with improved stat
A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site script
nvdapple
CVE-2019-8710HIGHCVSS 8.8v13.0.12019-09-24
CVE-2019-8710 [HIGH] CVE-2019-8710: Safari 13.0.1
Apple Security Update: About the security content of Safari 13.0.1
Product: Safari
Version: 13.0.1
CVE: CVE-2019-8710
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed with improved memory handling.
apple
CVE-2019-8766HIGHCVSS 8.8v13.0.12019-09-24
CVE-2019-8766 [HIGH] CVE-2019-8766: Safari 13.0.1
Apple Security Update: About the security content of Safari 13.0.1
Product: Safari
Version: 13.0.1
CVE: CVE-2019-8766
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed with improved memory handling.
apple
CVE-2019-8743HIGHCVSS 8.8v13.0.12019-09-24
CVE-2019-8743 [HIGH] CVE-2019-8743: Safari 13.0.1
Apple Security Update: About the security content of Safari 13.0.1
Product: Safari
Version: 13.0.1
CVE: CVE-2019-8743
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed with improved memory handling.
apple
CVE-2019-8765HIGHCVSS 8.8PoCv13.0.12019-09-24
CVE-2019-8765 [HIGH] CVE-2019-8765: Safari 13.0.1
Apple Security Update: About the security content of Safari 13.0.1
Product: Safari
Version: 13.0.1
CVE: CVE-2019-8765
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed with improved memory handling.
apple
CVE-2019-8764MEDIUMCVSS 6.1v13.0.12019-09-24
CVE-2019-8764 [MEDIUM] CVE-2019-8764: Safari 13.0.1
Apple Security Update: About the security content of Safari 13.0.1
Product: Safari
Version: 13.0.1
CVE: CVE-2019-8764
Component: WebKit
Impact: Processing maliciously crafted web content may lead to universal cross site scripting
Description: A logic issue was addressed with improved state management.
apple
CVE-2019-8733HIGHCVSS 8.8v132019-09-19
CVE-2019-8733 [HIGH] CVE-2019-8733: Safari 13
Apple Security Update: About the security content of Safari 13
Product: Safari
Version: 13
CVE: CVE-2019-8733
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed with improved memory handling.
apple