Apple » Safari : Security Vulnerabilities (CVSS score >= 5)

# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail. 1 CVE-2021-1844 119 Exec Code Overflow Mem. Corr. 2021-04-02 2021-05-31 None Remote Medium Not required Partial Partial Partial A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution. 2 CVE-2020-27918 416 Exec Code 2020-12-08 2021-05-01 None Remote Medium Not required Partial Partial Partial A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. 3 CVE-2020-15969 416 2020-11-03 2021-07-21 None Remote Medium Not required Partial Partial Partial Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 4 CVE-2020-9983 787 Exec Code 2020-10-16 2020-12-23 None Remote Medium Not required Partial Partial Partial An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution. 5 CVE-2020-9952 79 XSS 2020-10-16 2020-12-23 None Remote Medium Not required None Partial Partial An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack. 6 CVE-2020-9951 416 Exec Code 2020-10-16 2020-12-23 None Remote Medium Not required Partial Partial Partial A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. 7 CVE-2020-9950 416 Exec Code 2020-12-08 2020-12-09 None Remote Medium Not required Partial Partial Partial A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, tvOS 14.0, Safari 14.0, iOS 14.0 and iPadOS 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. 8 CVE-2020-9948 843 Exec Code 2020-10-16 2020-12-23 None Remote Medium Not required Partial Partial Partial A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. 9 CVE-2020-9947 416 Exec Code 2020-12-08 2021-05-01 None Remote Medium Not required Partial Partial Partial A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. 10 CVE-2020-9936 787 Exec Code 2020-10-16 2020-10-20 None Remote Medium Not required Partial Partial Partial An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. 11 CVE-2020-9932 119 Exec Code Overflow Mem. Corr. 2020-10-27 2021-07-21 None Remote Medium Not required Partial Partial Partial A memory corruption issue was addressed with improved validation. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, tvOS 13. Processing maliciously crafted web content may lead to arbitrary code execution. 12 CVE-2020-9916 2020-10-16 2020-10-20 None Remote Low Not required None Partial None A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker may be able to conceal the destination of a URL. 13 CVE-2020-9911 Bypass 2020-10-16 2020-10-20 None Remote Low Not required None Partial None A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy. 14 CVE-2020-9910 287 Bypass 2020-10-16 2021-07-21 None Remote Low ??? Partial Partial Partial Multiple issues were addressed with improved logic. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. 15 CVE-2020-9903 346 2020-10-16 2020-10-20 None Remote Low Not required None Partial None A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. A malicious attacker may cause Safari to suggest a password for the wrong domain. 16 CVE-2020-9895 416 Exec Code 2020-10-16 2020-10-20 None Remote Low Not required Partial Partial Partial A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. 17 CVE-2020-9893 416 Exec Code 2020-10-16 2020-10-20 None Remote Medium Not required Partial Partial Partial A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. 18 CVE-2020-9862 77 2020-10-16 2021-07-21 None Remote Medium Not required Partial Partial Partial A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection. 19 CVE-2020-9860 Exec Code 2020-10-27 2020-10-29 None Remote Medium Not required Partial Partial None A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 13.0.5. Processing a maliciously crafted URL may lead to arbitrary javascript code execution. 20 CVE-2020-9850 Exec Code 2020-06-09 2020-10-16 None Remote Low Not required Partial Partial Partial A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution. 21 CVE-2020-9843 79 XSS 2020-06-09 2020-10-16 None Remote Medium Not required None Partial Partial An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack. 22 CVE-2020-9807 119 Exec Code Overflow Mem. Corr. 2020-06-09 2021-07-21 None Remote Medium Not required Partial Partial Partial A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. 23 CVE-2020-9806 119 Exec Code Overflow Mem. Corr. 2020-06-09 2021-07-21 None Remote Medium Not required Partial Partial Partial A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. 24 CVE-2020-9805 79 XSS 2020-06-09 2020-10-16 None Remote Medium Not required None Partial Partial A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting. 25 CVE-2020-9803 119 Exec Code Overflow Mem. Corr. 2020-06-09 2021-07-21 None Remote Medium Not required Partial Partial Partial A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. 26 CVE-2020-9802 Exec Code 2020-06-09 2020-10-16 None Remote Medium Not required Partial Partial Partial A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. 27 CVE-2020-9800 843 Exec Code 2020-06-09 2020-06-11 None Remote Medium Not required Partial Partial Partial A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. 28 CVE-2020-9783 416 Exec Code 2020-04-01 2020-04-02 None Remote Medium Not required Partial Partial Partial A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to code execution. 29 CVE-2020-3901 843 Exec Code 2020-04-01 2020-10-16 None Remote Medium Not required Partial Partial Partial A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. 30 CVE-2020-3900 119 Exec Code Overflow Mem. Corr. 2020-04-01 2021-07-21 None Remote Medium Not required Partial Partial Partial A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. 31 CVE-2020-3899 400 Exec Code 2020-04-01 2021-07-21 None Remote Medium Not required Complete Complete Complete A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. 32 CVE-2020-3897 843 Exec Code 2020-04-01 2020-10-16 None Remote Medium Not required Complete Complete Complete A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. 33 CVE-2020-3895 119 Exec Code Overflow Mem. Corr. 2020-04-01 2021-07-21 None Remote Medium Not required Complete Complete Complete A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. 34 CVE-2020-3868 119 Exec Code Overflow Mem. Corr. 2020-02-27 2021-07-21 None Remote Medium Not required Complete Complete Complete Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution. 35 CVE-2020-3865 119 Exec Code Overflow Mem. Corr. 2020-02-27 2021-07-21 None Remote Medium Not required Partial Partial Partial Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution. 36 CVE-2020-3864 346 2020-10-27 2021-05-18 None Local Low Not required Complete Complete Complete A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin. 37 CVE-2020-3852 20 2020-10-27 2021-07-21 None Remote Low Not required None Partial None A logic issue was addressed with improved validation. This issue is fixed in Safari 13.0.5. A URL scheme may be incorrectly ignored when determining multimedia permission for a website. 38 CVE-2020-3825 119 Exec Code Overflow Mem. Corr. 2020-02-27 2021-07-21 None Remote Medium Not required Partial Partial Partial Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution. 39 CVE-2019-8848 269 +Priv 2020-10-27 2021-07-21 None Remote Medium Not required Partial Partial Partial This issue was addressed with improved checks. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An application may be able to gain elevated privileges. 40 CVE-2019-8846 416 Exec Code 2020-10-27 2021-05-18 None Remote Medium Not required Complete Complete Complete A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. 41 CVE-2019-8844 787 Exec Code Mem. Corr. 2020-10-27 2021-05-18 None Remote Medium Not required Complete Complete Complete Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. 42 CVE-2019-8835 787 Exec Code Mem. Corr. 2020-10-27 2021-05-18 None Remote Medium Not required Complete Complete Complete Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. 43 CVE-2019-8823 119 Exec Code Overflow Mem. Corr. 2019-12-18 2021-07-21 None Remote Medium Not required Partial Partial Partial Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. 44 CVE-2019-8822 119 Exec Code Overflow Mem. Corr. 2019-12-18 2021-07-21 None Remote Medium Not required Partial Partial Partial Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. 45 CVE-2019-8821 119 Exec Code Overflow Mem. Corr. 2019-12-18 2021-07-21 None Remote Medium Not required Partial Partial Partial Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. 46 CVE-2019-8820 119 Exec Code Overflow Mem. Corr. 2019-12-18 2021-07-21 None Remote Medium Not required Partial Partial Partial Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. 47 CVE-2019-8819 119 Exec Code Overflow Mem. Corr. 2019-12-18 2021-07-21 None Remote Medium Not required Partial Partial Partial Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. 48 CVE-2019-8816 787 Exec Code Mem. Corr. 2019-12-18 2021-05-18 None Remote Medium Not required Complete Complete Complete Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. 49 CVE-2019-8815 787 Exec Code Mem. Corr. 2019-12-18 2021-05-18 None Remote Medium Not required Complete Complete Complete Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. 50 CVE-2019-8814 787 Exec Code Mem. Corr. 2019-12-18 2021-05-18 None Remote Medium Not required Complete Complete Complete Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution.