Tvos Security Vulnerabilities and Issues — Page 4 of Tvos CVE List

Lucene search

AppleTvos

1889 matches found

CVE•added 2020/04/14 11:15 p.m.•252 views

CVE-2020-11761

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp.

5.5CVSS5.5AI score0.00363EPSS

CVE•added 2019/12/18 6:15 p.m.•251 views

CVE-2019-8666

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitr...

8.8CVSS8.5AI score0.00816EPSS

CVE•added 2019/12/18 6:15 p.m.•251 views

CVE-2019-8686

8.8CVSS8.6AI score0.00816EPSS

CVE•added 2019/12/18 6:15 p.m.•251 views

CVE-2019-8782

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.6AI score0.00272EPSS

CVE•added 2021/09/08 2:15 p.m.•250 views

CVE-2021-30758

A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.3AI score0.00265EPSS

CVE•added 2019/12/18 6:15 p.m.•248 views

CVE-2019-8544

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

9.3CVSS8.8AI score0.01683EPSS

CVE•added 2019/12/18 6:15 p.m.•248 views

CVE-2019-8813

A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to universal cross site scripting.

6.1CVSS6.1AI score0.00336EPSS

CVE•added 2022/09/23 7:15 p.m.•248 views

CVE-2022-26700

A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution.

8.8CVSS8.3AI score0.00165EPSS

CVE•added 2016/03/13 6:59 p.m.•246 views

CVE-2016-1950

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.

8.8CVSS7.9AI score0.01752EPSS

CVE•added 2019/12/18 6:15 p.m.•246 views

CVE-2019-8558

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS9AI score0.15256EPSS

CVE•added 2019/12/18 6:15 p.m.•246 views

CVE-2019-8677

8.8CVSS8.5AI score0.00816EPSS

CVE•added 2020/04/14 11:15 p.m.•246 views

CVE-2020-11758

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read in ImfOptimizedPixelReading.h.

5.5CVSS5.5AI score0.0039EPSS

CVE•added 2020/10/16 5:15 p.m.•246 views

CVE-2020-9952

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack.

7.1CVSS6.6AI score0.00422EPSS

CVE•added 2020/10/27 9:15 p.m.•245 views

CVE-2020-3864

A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin.

7.8CVSS7.3AI score0.00055EPSS

CVE•added 2019/12/18 6:15 p.m.•244 views

CVE-2019-8681

8.8CVSS8.6AI score0.00816EPSS

CVE•added 2020/04/14 11:15 p.m.•244 views

CVE-2020-11760

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during RLE uncompression in rleUncompress in ImfRle.cpp.

5.5CVSS5.5AI score0.00388EPSS

CVE•added 2019/12/18 6:15 p.m.•242 views

CVE-2019-8689

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may l...

9.3CVSS8.6AI score0.29341EPSS

CVE•added 2019/12/18 6:15 p.m.•242 views

CVE-2019-8808

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.6AI score0.0034EPSS

CVE•added 2020/04/14 11:15 p.m.•242 views

CVE-2020-11765

An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.

5.5CVSS5.4AI score0.0035EPSS

CVE•added 2019/12/18 6:15 p.m.•241 views

CVE-2019-8518

9.3CVSS8.9AI score0.43284EPSS

CVE•added 2019/12/18 6:15 p.m.•241 views

CVE-2019-8823

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary c...

8.8CVSS8.6AI score0.00518EPSS

CVE•added 2021/09/08 2:15 p.m.•241 views

CVE-2021-30720

A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers.

5.8CVSS5.7AI score0.00464EPSS

CVE•added 2021/09/08 2:15 p.m.•240 views

CVE-2021-30797

This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.

8.8CVSS8AI score0.00516EPSS

CVE•added 2019/12/18 6:15 p.m.•239 views

CVE-2019-8559

8.8CVSS9AI score0.00816EPSS

CVE•added 2019/12/18 6:15 p.m.•239 views

CVE-2019-8676

9.3CVSS8.6AI score0.03566EPSS

CVE•added 2019/12/18 6:15 p.m.•239 views

CVE-2019-8726

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.4AI score0.01106EPSS

CVE•added 2020/04/14 11:15 p.m.•239 views

CVE-2020-11762

An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read and write in DwaCompressor::uncompress in ImfDwaCompressor.cpp when handling the UNKNOWN compression case.

5.5CVSS5.5AI score0.0039EPSS

CVE•added 2021/09/08 3:15 p.m.•239 views

CVE-2021-30689

A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.

6.1CVSS5.9AI score0.00861EPSS

CVE•added 2019/12/18 6:15 p.m.•237 views

CVE-2019-8673

8.8CVSS8.5AI score0.00816EPSS

CVE•added 2021/09/08 2:15 p.m.•237 views

CVE-2021-30744

Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site sc...

6.1CVSS6.1AI score0.00861EPSS

CVE•added 2022/05/26 7:15 p.m.•237 views

CVE-2022-26706

An access issue was addressed with additional sandbox restrictions on third-party applications. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions.

5.5CVSS6AI score0.01331EPSS

CVE•added 2022/05/26 7:15 p.m.•237 views

CVE-2022-26711

An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5, iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

9.8CVSS8.9AI score0.01615EPSS

CVE•added 2019/12/18 6:15 p.m.•235 views

CVE-2019-8551

A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to universal cross site scripting.

6.1CVSS6.1AI score0.00885EPSS

CVE•added 2019/12/18 6:15 p.m.•235 views

CVE-2019-8563

8.8CVSS9AI score0.00816EPSS

CVE•added 2022/01/20 6:15 p.m.•234 views

CVE-2022-21658

Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the std::fs::remove_dir_all standard library function is vulnerable a race condition enabling symlink following (CWE-363)....

7.3CVSS6.4AI score0.00891EPSS

CVE•added 2019/12/18 6:15 p.m.•233 views

CVE-2019-8735

8.8CVSS8.4AI score0.01106EPSS

CVE•added 2020/02/27 9:15 p.m.•232 views

CVE-2020-3862

A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. A malicious website may be able to cause a denial of service.

6.5CVSS6.3AI score0.00216EPSS

CVE•added 2019/12/18 6:15 p.m.•231 views

CVE-2019-8535

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

9.3CVSS8.8AI score0.02231EPSS

CVE•added 2019/12/18 6:15 p.m.•231 views

CVE-2019-8679

8.8CVSS8.5AI score0.00816EPSS

CVE•added 2018/06/08 6:29 p.m.•226 views

CVE-2018-4200

An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attacker...

8.8CVSS8.7AI score0.38021EPSS

CVE•added 2019/12/18 6:15 p.m.•226 views

CVE-2019-8536

9.3CVSS8.8AI score0.01589EPSS

CVE•added 2019/12/18 6:15 p.m.•225 views

CVE-2019-8524

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS9AI score0.00838EPSS

CVE•added 2019/12/18 6:15 p.m.•225 views

CVE-2019-8644

8.8CVSS8.5AI score0.00816EPSS

CVE•added 2019/12/18 6:15 p.m.•225 views

CVE-2019-8683

8.8CVSS8.5AI score0.00825EPSS

CVE•added 2019/12/18 6:15 p.m.•225 views

CVE-2019-8684

9.3CVSS8.6AI score0.03566EPSS

CVE•added 2019/12/18 6:15 p.m.•225 views

CVE-2019-8688

9.3CVSS8.6AI score0.04379EPSS

CVE•added 2016/06/09 4:59 p.m.•224 views

CVE-2016-4447

The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.

7.5CVSS8.1AI score0.02822EPSS

CVE•added 2019/12/18 6:15 p.m.•224 views

CVE-2019-8615

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution.

6.5CVSS7.9AI score0.00728EPSS

CVE•added 2021/09/08 2:15 p.m.•224 views

CVE-2021-30749

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to arbitrary code execution.

8.8CVSS8.8AI score0.00562EPSS

CVE•added 2024/01/09 6:15 p.m.•224 views

CVE-2022-48618

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been expl...

7CVSS6.3AI score0.0021EPSS

In wild

Total number of security vulnerabilities1889