Tvos Security Vulnerabilities and Issues — Page 37 of Tvos CVE List

Lucene search

AppleTvos

1875 matches found

cve•added 2015/01/30 11:59 a.m.•44 views

CVE-2014-4489

IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

10CVSS4.6AI score0.01019EPSS

cve•added 2015/08/17 12:0 a.m.•44 views

CVE-2015-3807

libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted XML document.

4.3CVSS7.4AI score0.02365EPSS

cve•added 2015/12/11 11:59 a.m.•44 views

CVE-2015-7001

AppSandbox in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 mishandles hard links, which allows attackers to bypass Contacts access revocation via a crafted app.

6.8CVSS7.7AI score0.0091EPSS

cve•added 2015/12/11 11:59 a.m.•44 views

CVE-2015-7053

ImageIO in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image.

6.8CVSS9AI score0.03398EPSS

cve•added 2015/12/11 11:59 a.m.•44 views

CVE-2015-7066

OpenGL in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-7064.

6.8CVSS9.1AI score0.01234EPSS

cve•added 2015/12/11 11:59 a.m.•44 views

CVE-2015-7072

dyld in Apple iOS before 9.2, tvOS before 9.1, and watchOS before 2.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

9.3CVSS6.9AI score0.0101EPSS

cve•added 2016/05/20 10:59 a.m.•44 views

CVE-2016-1802

CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to obtain sensitive information via a crafted app.

5.5CVSS5AI score0.00262EPSS

cve•added 2016/05/20 11:0 a.m.•44 views

CVE-2016-1858

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted web site.

6.5CVSS6.1AI score0.01579EPSS

cve•added 2017/02/20 8:59 a.m.•44 views

CVE-2016-4664

An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Sandbox Profiles" component, which allows attackers to read photo-directory metadata via a crafted app.

4.3CVSS4AI score0.00228EPSS

cve•added 2017/02/20 8:59 a.m.•44 views

CVE-2016-4679

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libarchive" component, which allows remote attackers to write to arbitrary files via a crafted ar...

5.5CVSS5.3AI score0.00633EPSS

cve•added 2017/05/22 5:29 a.m.•44 views

CVE-2017-6996

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service ...

9.3CVSS7.5AI score0.00676EPSS

cve•added 2024/01/10 10:15 p.m.•44 views

CVE-2023-42865

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory.

6.5CVSS5.7AI score0.00252EPSS

cve•added 2024/12/12 2:15 a.m.•44 views

CVE-2024-54494

A race condition was addressed with additional validation. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An attacker may be able to create a read-only memory mapping that can be w...

5.9CVSS5.7AI score0.00095EPSS

cve•added 2025/05/12 10:15 p.m.•44 views

CVE-2025-31239

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to an unexpected app termination.

3.3CVSS5.8AI score0.00017EPSS

cve•added 2011/03/11 10:55 p.m.•43 views

CVE-2011-1418

The stateless address autoconfiguration (aka SLAAC) functionality in the IPv6 networking implementation in Apple iOS before 4.3 and Apple TV before 4.2 places the MAC address into the IPv6 address, which makes it easier for remote IPv6 servers to track users by logging source IPv6 addresses.

5CVSS5.9AI score0.00388EPSS

cve•added 2014/03/14 10:55 a.m.•43 views

CVE-2014-1273

dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library.

5.8CVSS5.7AI score0.00222EPSS

cve•added 2014/11/18 11:59 a.m.•43 views

CVE-2014-4455

dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file.

2.1CVSS5.3AI score0.00063EPSS

cve•added 2015/04/10 2:59 p.m.•43 views

CVE-2015-1114

The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to discover hardware identifiers via a crafted app.

1.9CVSS5.6AI score0.00074EPSS

cve•added 2015/04/10 2:59 p.m.•43 views

CVE-2015-1123

WebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-3 and APPL...

6.8CVSS7.9AI score0.02011EPSS

cve•added 2015/12/11 11:59 a.m.•43 views

CVE-2015-7045

Keychain Access in Apple OS X before 10.11.2 and tvOS before 9.1 improperly interacts with Keychain Agent, which allows attackers to spoof the Keychain Server via unspecified vectors.

5CVSS8AI score0.00336EPSS

cve•added 2016/02/01 11:59 a.m.•43 views

CVE-2016-1721

The kernel in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.8CVSS6.9AI score0.00182EPSS

cve•added 2016/03/24 1:59 a.m.•43 views

CVE-2016-1750

Use-after-free vulnerability in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context via a crafted app.

9.3CVSS6.8AI score0.00378EPSS

cve•added 2017/02/20 8:59 a.m.•43 views

CVE-2016-7626

An issue was discovered in certain Apple products. iOS before 10.2 is affected. tvOS before 10.1 is affected. watchOS before 3.1.1 is affected. The issue involves the "Profiles" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and appli...

8.8CVSS7.8AI score0.04337EPSS

cve•added 2017/05/22 5:29 a.m.•43 views

CVE-2017-6989

9.3CVSS7.9AI score0.01208EPSS

cve•added 2021/08/24 7:15 p.m.•43 views

CVE-2021-30962

A memory initialization issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information.

5.5CVSS5.6AI score0.00222EPSS

cve•added 2024/09/17 12:15 a.m.•43 views

CVE-2024-27880

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS Sonoma 14.7, tvOS 18. Processing a maliciously crafted file may lead to unexpected app termination.

5.5CVSS5.9AI score0.0004EPSS

cve•added 2024/09/17 12:15 a.m.•43 views

CVE-2024-40856

An integrity issue was addressed with Beacon Protection. This issue is fixed in iOS 18 and iPadOS 18, tvOS 18, macOS Sequoia 15. An attacker may be able to force a device to disconnect from a secure network.

7.5CVSS6AI score0.00294EPSS

cve•added 2024/10/28 9:15 p.m.•43 views

CVE-2024-44144

A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1, tvOS 18, watchOS 11, visionOS 2, iOS 18 and iPadOS 18. Processing a maliciously crafted file may lead to unexpected app termination.

5.5CVSS5.9AI score0.00034EPSS

cve•added 2024/10/24 5:15 p.m.•43 views

CVE-2024-44206

An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. A user may be able to bypass some web content restrictions.

9.3CVSS5.2AI score0.00332EPSS

cve•added 2024/11/01 9:15 p.m.•43 views

CVE-2024-44233

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video file may lead to unexpected system termination.

6.5CVSS5.7AI score0.0008EPSS

cve•added 2025/01/27 10:15 p.m.•43 views

CVE-2024-54499

A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.2, tvOS 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing a maliciously crafted image may lead to arbitrary code execution.

8.8CVSS7.1AI score0.00066EPSS

cve•added 2016/01/10 3:59 a.m.•42 views

CVE-2015-7116

libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7115.

4.3CVSS4.8AI score0.00828EPSS

cve•added 2016/05/20 10:59 a.m.•42 views

CVE-2016-1814

IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.

5.5CVSS5.3AI score0.00454EPSS

cve•added 2016/05/20 10:59 a.m.•42 views

CVE-2016-1832

libc in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.8CVSS7AI score0.00099EPSS

cve•added 2016/07/22 2:59 a.m.•42 views

CVE-2016-4594

The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows attackers to access the process list via a crafted app that makes an API call.

7.8CVSS7.3AI score0.00209EPSS

cve•added 2025/03/10 8:15 p.m.•42 views

CVE-2022-43454

A double free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An app may be able to execute arbitrary code with kernel privileges.

7.8CVSS7.3AI score0.00028EPSS

cve•added 2024/11/01 9:15 p.m.•42 views

CVE-2024-44234

6.5CVSS5.7AI score0.0008EPSS

cve•added 2024/10/28 9:15 p.m.•42 views

CVE-2024-44273

This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, visionOS 2.1, macOS Sonoma 14.7.1, watchOS 11.1, tvOS 18.1. A malicious app may be able to access private information.

5.5CVSS5.2AI score0.00029EPSS

cve•added 2025/05/12 10:15 p.m.•42 views

CVE-2025-31222

A correctness issue was addressed with improved checks. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A user may be able to elevate privileges.

7.8CVSS5.6AI score0.00015EPSS

cve•added 2025/05/12 10:15 p.m.•42 views

CVE-2025-31245

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. An app may be able to cause unexpected system termination.

5.5CVSS5.6AI score0.00016EPSS

cve•added 2014/03/14 10:55 a.m.•41 views

CVE-2014-1278

The ptmx_get_ioctl function in the ARM kernel in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access and device crash) via a crafted call.

7.2CVSS5.9AI score0.00038EPSS

cve•added 2016/05/20 10:59 a.m.•41 views

CVE-2016-1811

ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.

6.5CVSS6AI score0.01746EPSS

cve•added 2019/04/03 6:29 p.m.•41 views

CVE-2018-4461

A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.

9.3CVSS7.2AI score0.00185EPSS

cve•added 2024/10/28 9:15 p.m.•41 views

CVE-2024-44215

This issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, visionOS 2.1. Processing an image may result in disclosure of process memory.

5.5CVSS5.3AI score0.00028EPSS

cve•added 2025/01/27 10:15 p.m.•41 views

CVE-2024-54517

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, tvOS 18.2, iOS 18.2 and iPadOS 18.2. An app may be able to corrupt coprocessor memory.

7.8CVSS5.7AI score0.00029EPSS

cve•added 2025/05/12 10:15 p.m.•41 views

CVE-2025-31217

The issue was addressed with improved input validation. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

6.5CVSS5.8AI score0.00143EPSS

cve•added 2015/04/10 2:59 p.m.•40 views

CVE-2015-1092

NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

5CVSS6AI score0.00823EPSS

cve•added 2015/12/11 11:59 a.m.•40 views

CVE-2015-7051

MobileStorageMounter in Apple iOS before 9.2 and tvOS before 9.1 mishandles the timing of trust-cache loading, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

9.3CVSS6.9AI score0.00757EPSS

cve•added 2016/05/20 10:59 a.m.•40 views

CVE-2016-1823

The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read and memory corruption) via a crafted IOHIDRe...

9.3CVSS7.6AI score0.05778EPSS

cve•added 2016/05/20 10:59 a.m.•40 views

CVE-2016-1831

The kernel in Apple iOS before 9.3.2 and OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS7.5AI score0.00402EPSS

Total number of security vulnerabilities1875