Tvos Security Vulnerabilities and Issues — Page 2 of Tvos CVE List

Lucene search

AppleTvos

109 matches found

CVE•added 2015/04/10 2:59 p.m.•54 views

CVE-2015-1118

libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile.

5CVSS6.4AI score0.00875EPSS

CVE•added 2015/04/10 2:59 p.m.•54 views

CVE-2015-1119

WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerabi...

6.8CVSS8.9AI score0.00913EPSS

CVE•added 2015/04/10 2:59 p.m.•54 views

CVE-2015-1122

6.8CVSS8.9AI score0.00836EPSS

CVE•added 2015/12/11 11:59 a.m.•54 views

CVE-2015-7047

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed.

7.2CVSS7.5AI score0.00746EPSS

CVE•added 2015/12/11 11:59 a.m.•54 views

CVE-2015-7054

zlib in the Compression component in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not initialize memory for an unspecified data structure, which allows remote attackers to execute arbitrary code via a crafted web site.

6.8CVSS8.9AI score0.01142EPSS

CVE•added 2015/12/11 11:59 a.m.•54 views

CVE-2015-7099

WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2...

6.8CVSS8.9AI score0.01093EPSS

CVE•added 2015/12/11 12:0 p.m.•54 views

CVE-2015-7103

6.8CVSS8.9AI score0.01093EPSS

CVE•added 2015/12/11 12:0 p.m.•54 views

CVE-2015-7105

CoreGraphics in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.

6.8CVSS9AI score0.02531EPSS

CVE•added 2015/03/18 10:59 p.m.•53 views

CVE-2015-1070

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03...

6.8CVSS8.8AI score0.00787EPSS

CVE•added 2015/04/10 2:59 p.m.•53 views

CVE-2015-1095

IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HID device.

7.2CVSS7.2AI score0.00216EPSS

CVE•added 2015/12/11 11:59 a.m.•53 views

CVE-2015-7041

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7042, and CVE-2015-7043.

4.3CVSS7.6AI score0.01078EPSS

CVE•added 2015/12/11 11:59 a.m.•53 views

CVE-2015-7046

The Sandbox feature in xnu in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not properly implement privilege separation, which allows attackers to bypass the ASLR protection mechanism via a crafted app with root privileges.

2.6CVSS7.8AI score0.00738EPSS

CVE•added 2015/12/11 11:59 a.m.•53 views

CVE-2015-7074

CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed media file.

6.8CVSS9AI score0.02828EPSS

CVE•added 2015/03/18 10:59 p.m.•52 views

CVE-2015-1072

6.8CVSS8.8AI score0.00787EPSS

CVE•added 2015/04/10 2:59 p.m.•52 views

CVE-2015-1124

6.8CVSS8.9AI score0.00913EPSS

CVE•added 2015/12/11 11:59 a.m.•52 views

CVE-2015-7100

6.8CVSS8.9AI score0.01093EPSS

CVE•added 2015/12/11 12:0 p.m.•52 views

CVE-2015-7112

The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-7111.

9.3CVSS8.8AI score0.19674EPSS

CVE•added 2015/01/30 11:59 a.m.•51 views

CVE-2014-4481

Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

6.8CVSS5.1AI score0.08613EPSS

CVE•added 2015/01/30 11:59 a.m.•51 views

CVE-2014-4487

Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app.

10CVSS4.3AI score0.02421EPSS

CVE•added 2015/03/18 10:59 p.m.•51 views

CVE-2015-1080

6.8CVSS7.8AI score0.00913EPSS

CVE•added 2015/12/11 11:59 a.m.•51 views

CVE-2015-7059

The ASN.1 decoder in Apple OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate, a different vulnerability than CVE-2015-7060 and CVE-2015-7061.

6.8CVSS9.1AI score0.01371EPSS

CVE•added 2015/12/11 11:59 a.m.•51 views

CVE-2015-7060

6.8CVSS9.1AI score0.01371EPSS

CVE•added 2015/12/11 11:59 a.m.•51 views

CVE-2015-7061

6.8CVSS9.1AI score0.01371EPSS

CVE•added 2015/01/30 11:59 a.m.•50 views

CVE-2014-4488

IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

10CVSS4.1AI score0.01797EPSS

CVE•added 2015/04/10 2:59 p.m.•50 views

CVE-2015-1086

The Audio Drivers subsystem in Apple iOS before 8.3 and Apple TV before 7.2 does not properly validate IOKit object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

6.9CVSS6.8AI score0.00057EPSS

CVE•added 2015/12/11 11:59 a.m.•50 views

CVE-2015-7038

Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vulnerability than CVE-2015-7039.

6.8CVSS9AI score0.27364EPSS

CVE•added 2015/12/11 11:59 a.m.•50 views

CVE-2015-7058

Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 improperly validate keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app.

4.3CVSS7.8AI score0.00524EPSS

CVE•added 2015/12/11 11:59 a.m.•50 views

CVE-2015-7064

OpenGL in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-7066.

6.8CVSS9.1AI score0.01234EPSS

CVE•added 2015/12/11 12:0 p.m.•50 views

CVE-2015-7111

9.3CVSS8.8AI score0.19674EPSS

CVE•added 2015/01/30 11:59 a.m.•49 views

CVE-2014-4483

Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document.

6.8CVSS5.1AI score0.02074EPSS

CVE•added 2015/03/18 10:59 p.m.•49 views

CVE-2015-1068

6.8CVSS8.8AI score0.00853EPSS

CVE•added 2015/12/11 11:59 a.m.•49 views

CVE-2015-7039

6.8CVSS9AI score0.27364EPSS

CVE•added 2015/12/11 11:59 a.m.•49 views

CVE-2015-7065

OpenGL in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

6.8CVSS9.1AI score0.01866EPSS

CVE•added 2015/12/11 11:59 a.m.•49 views

CVE-2015-7068

IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type.

9.3CVSS8.5AI score0.04372EPSS

CVE•added 2015/03/18 10:59 p.m.•48 views

CVE-2015-1073

6.8CVSS8.8AI score0.00787EPSS

CVE•added 2015/04/10 2:59 p.m.•48 views

CVE-2015-1097

IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.

1.9CVSS4.8AI score0.00074EPSS

CVE•added 2015/01/30 11:59 a.m.•47 views

CVE-2014-4485

Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.

7.5CVSS5.1AI score0.02977EPSS

CVE•added 2015/01/30 11:59 a.m.•47 views

CVE-2014-4486

IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted app.

10CVSS4.7AI score0.01019EPSS

CVE•added 2015/04/10 2:59 p.m.•47 views

CVE-2015-1094

IOAcceleratorFamily in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.

1.9CVSS4.8AI score0.00074EPSS

CVE•added 2015/12/11 12:0 p.m.•47 views

CVE-2015-7104

WebKit in Apple Safari before 9.0.2 and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

6.8CVSS8.8AI score0.01538EPSS

CVE•added 2015/01/30 11:59 a.m.•46 views

CVE-2014-4480

Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.

10CVSS5.7AI score0.01934EPSS

CVE•added 2015/01/30 11:59 a.m.•46 views

CVE-2014-4491

The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app.

5CVSS2.9AI score0.00524EPSS

CVE•added 2015/03/12 10:59 a.m.•46 views

CVE-2015-1062

MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app.

5CVSS5.7AI score0.00336EPSS

CVE•added 2015/12/11 11:59 a.m.•46 views

CVE-2015-7055

AppleMobileFileIntegrity in Apple iOS before 9.2 and tvOS before 9.1 does not prevent changes to access-control structures, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

9.3CVSS6.9AI score0.00623EPSS

CVE•added 2015/12/11 11:59 a.m.•46 views

CVE-2015-7073

Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted SSL handshake.

6.8CVSS9.2AI score0.03398EPSS

CVE•added 2015/01/30 11:59 a.m.•45 views

CVE-2014-4484

FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file.

7.5CVSS5.1AI score0.03229EPSS

CVE•added 2015/01/30 11:59 a.m.•45 views

CVE-2014-4495

The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app.

10CVSS2.8AI score0.00834EPSS

CVE•added 2015/12/11 11:59 a.m.•45 views

CVE-2015-7001

AppSandbox in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 mishandles hard links, which allows attackers to bypass Contacts access revocation via a crafted app.

6.8CVSS7.7AI score0.0091EPSS

CVE•added 2015/12/11 11:59 a.m.•45 views

CVE-2015-7053

ImageIO in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image.

6.8CVSS9AI score0.03398EPSS

CVE•added 2015/12/11 11:59 a.m.•45 views

CVE-2015-7066

6.8CVSS9.1AI score0.01234EPSS

Total number of security vulnerabilities109