Safari@* Security Vulnerabilities and Issues — Safari@* CVE List

Lucene search

AppleSafari*

1435 matches found

CVE•added 2024/02/21 7:15 a.m.•6218 views

CVE-2023-42843

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing.

7.5CVSS5.2AI score0.00085EPSS

CVE•added 2020/12/08 10:15 p.m.•2111 views

CVE-2020-27918

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary cod...

7.8CVSS8.6AI score0.00164EPSS

CVE•added 2021/02/16 5:15 p.m.•1913 views

CVE-2021-23841

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if t...

5.9CVSS7AI score0.0065EPSS

CVE•added 2023/06/23 6:15 p.m.•1791 views

CVE-2023-32373

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is awa...

8.8CVSS8.6AI score0.00013EPSS

CVE•added 2023/06/23 6:15 p.m.•1765 views

CVE-2023-28204

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this...

6.5CVSS6.6AI score0.00044EPSS

CVE•added 2023/06/23 6:15 p.m.•1650 views

CVE-2023-32409

The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue ...

8.6CVSS7.7AI score0.00354EPSS

CVE•added 2021/09/08 3:15 p.m.•1451 views

CVE-2021-30661

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report tha...

8.8CVSS9.1AI score0.00218EPSS

CVE•added 2021/03/26 9:15 p.m.•1320 views

CVE-2020-7463

In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-fre...

5.5CVSS5.8AI score0.00049EPSS

CVE•added 2020/07/22 5:15 p.m.•1283 views

CVE-2020-6514

Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.

6.5CVSS7.3AI score0.07113EPSS

CVE•added 2020/11/03 3:15 a.m.•1227 views

CVE-2020-15969

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS8.8AI score0.03155EPSS

CVE•added 2021/09/08 3:15 p.m.•1211 views

CVE-2021-30663

An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.7AI score0.00117EPSS

CVE•added 2019/12/18 6:15 p.m.•1203 views

CVE-2019-8506

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

9.3CVSS8.6AI score0.16048EPSS

CVE•added 2022/03/18 6:15 p.m.•1160 views

CVE-2022-22620

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a re...

8.8CVSS8.8AI score0.03877EPSS

CVE•added 2022/08/24 8:15 p.m.•1139 views

CVE-2022-32893

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have b...

8.8CVSS8.8AI score0.00145EPSS

CVE•added 2023/07/27 12:15 a.m.•1069 views

CVE-2023-37450

The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

8.8CVSS8.5AI score0.00016EPSS

CVE•added 2023/02/27 8:15 p.m.•1058 views

CVE-2023-23529

A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issu...

8.8CVSS8.6AI score0.0006EPSS

CVE•added 2022/12/15 7:15 p.m.•922 views

CVE-2022-42856

A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue...

8.8CVSS8.7AI score0.00129EPSS

CVE•added 2023/04/10 7:15 p.m.•767 views

CVE-2023-28205

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report t...

8.8CVSS8.8AI score0.00055EPSS

CVE•added 2023/06/23 6:15 p.m.•740 views

CVE-2023-32435

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have be...

8.8CVSS8.8AI score0.00501EPSS

CVE•added 2023/06/23 6:15 p.m.•722 views

CVE-2023-32439

A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Ventura 13.4.1, Safari 16.5.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this is...

8.8CVSS8.6AI score0.00689EPSS

CVE•added 2021/10/28 7:15 p.m.•633 views

CVE-2021-30836

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted audio file may disclose restricted memory.

5.5CVSS5.8AI score0.00215EPSS

CVE•added 2023/07/27 1:15 a.m.•555 views

CVE-2023-38572

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. A website may be able to bypass Same Origin Policy.

7.5CVSS6.7AI score0.00532EPSS

CVE•added 2023/07/27 1:15 a.m.•541 views

CVE-2023-38611

The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.

8.8CVSS8.3AI score0.00992EPSS

CVE•added 2023/07/27 12:15 a.m.•535 views

CVE-2023-38133

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may disclose sensitive information.

6.5CVSS6.2AI score0.00543EPSS

CVE•added 2023/07/27 12:15 a.m.•527 views

CVE-2023-38594

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.

8.8CVSS8.3AI score0.00713EPSS

CVE•added 2023/07/27 12:15 a.m.•517 views

CVE-2023-38597

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution.

8.8CVSS8.3AI score0.0041EPSS

CVE•added 2023/07/27 1:15 a.m.•516 views

CVE-2023-38600

The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.

8.8CVSS8.3AI score0.00992EPSS

CVE•added 2023/07/27 1:15 a.m.•509 views

CVE-2023-38595

8.8CVSS8.3AI score0.00992EPSS

CVE•added 2020/06/09 5:15 p.m.•458 views

CVE-2020-9802

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code exe...

8.8CVSS8.9AI score0.41488EPSS

CVE•added 2023/05/08 8:15 p.m.•457 views

CVE-2023-27954

The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. A website may be able to track sensitive user information.

6.5CVSS6.3AI score0.00192EPSS

CVE•added 2022/11/01 8:15 p.m.•426 views

CVE-2022-26717

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.6AI score0.00438EPSS

CVE•added 2023/07/28 5:15 a.m.•416 views

CVE-2023-38599

A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information.

6.5CVSS6AI score0.00543EPSS

CVE•added 2025/01/27 10:15 p.m.•415 views

CVE-2025-24158

The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing web content may lead to a denial-of-service.

6.5CVSS5.7AI score0.00141EPSS

CVE•added 2023/11/30 11:15 p.m.•412 views

CVE-2023-42917

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against ver...

8.8CVSS8.8AI score0.0004EPSS

CVE•added 2022/09/23 8:15 p.m.•410 views

CVE-2022-22629

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.6AI score0.17036EPSS

CVE•added 2025/03/11 6:15 p.m.•410 views

CVE-2025-24201

An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1, watchOS 11.4, iPadOS 17.7.6, iOS 16.7.11 and iPadOS 16.7.11, iOS 15.8.4 and iPadOS 15.8.4. Malic...

8.8CVSS7.8AI score0.0004EPSS

CVE•added 2022/03/18 6:15 p.m.•387 views

CVE-2022-22654

A user interface issue was addressed. This issue is fixed in watchOS 8.5, Safari 15.4. Visiting a malicious website may lead to address bar spoofing.

4.3CVSS5.7AI score0.00222EPSS

CVE•added 2023/02/27 8:15 p.m.•386 views

CVE-2023-23518

The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.4AI score0.00241EPSS

CVE•added 2022/09/23 7:15 p.m.•383 views

CVE-2022-22637

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. A malicious website may cause unexpected cross-origin behavior.

8.8CVSS7.4AI score0.00108EPSS

CVE•added 2023/02/27 8:15 p.m.•372 views

CVE-2023-23517

8.8CVSS8.4AI score0.00241EPSS

CVE•added 2023/08/14 11:15 p.m.•363 views

CVE-2022-48503

The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution.

8.8CVSS8.2AI score0.00209EPSS

CVE•added 2024/03/28 4:15 p.m.•358 views

CVE-2023-42950

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.4AI score0.00169EPSS

CVE•added 2023/11/30 11:15 p.m.•342 views

CVE-2023-42916

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions...

6.5CVSS6.7AI score0.00037EPSS

CVE•added 2023/05/08 8:15 p.m.•337 views

CVE-2023-27932

This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, watchOS 9.4. Processing maliciously crafted web content may bypass Same Origin Policy.

5.5CVSS5.8AI score0.00011EPSS

CVE•added 2020/10/27 8:15 p.m.•321 views

CVE-2019-8771

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy.

6.1CVSS6.3AI score0.00122EPSS

CVE•added 2021/04/02 7:15 p.m.•316 views

CVE-2021-1844

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS9.1AI score0.014EPSS

CVE•added 2020/02/27 9:15 p.m.•315 views

CVE-2020-3868

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbit...

9.3CVSS8.6AI score0.00261EPSS

CVE•added 2022/11/13 8:15 a.m.•309 views

CVE-2022-3970

A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and ma...

8.8CVSS7.6AI score0.00073EPSS

CVE•added 2023/09/27 3:19 p.m.•306 views

CVE-2023-41074

The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.

8.8CVSS8.6AI score0.0123EPSS

CVE•added 2021/09/08 3:15 p.m.•300 views

CVE-2021-1825

An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site ...

6.1CVSS6.4AI score0.00174EPSS

Total number of security vulnerabilities1435