Tvos@* Security Vulnerabilities and Issues — Tvos@* CVE List

Lucene search

AppleTvos*

109 matches found

CVE•added 2015/12/15 9:59 p.m.•372 views

CVE-2015-5312

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.

7.1CVSS6.2AI score0.04812EPSS

CVE•added 2015/11/18 4:59 p.m.•315 views

CVE-2015-8035

The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.

2.6CVSS6.6AI score0.01311EPSS

CVE•added 2015/08/14 6:59 p.m.•193 views

CVE-2015-1819

The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.

5CVSS6.5AI score0.02464EPSS

CVE•added 2015/12/15 9:59 p.m.•136 views

CVE-2015-7499

Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.

5CVSS7AI score0.01538EPSS

CVE•added 2015/11/18 4:59 p.m.•116 views

CVE-2015-7942

The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than...

6.8CVSS6.6AI score0.01453EPSS

CVE•added 2015/12/15 9:59 p.m.•113 views

CVE-2015-7500

The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.

5CVSS6.5AI score0.05455EPSS

CVE•added 2015/11/17 3:59 p.m.•105 views

CVE-2015-7995

The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.

5CVSS6.1AI score0.03037EPSS

CVE•added 2015/03/11 1:59 a.m.•93 views

CVE-2015-1067

Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue,...

4.3CVSS5.8AI score0.92473EPSS

CVE•added 2015/12/15 9:59 p.m.•84 views

CVE-2015-8242

The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.

5.8CVSS6.8AI score0.02566EPSS

CVE•added 2015/03/18 10:59 p.m.•73 views

CVE-2015-1069

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03...

6.8CVSS8.8AI score0.00872EPSS

CVE•added 2015/03/18 10:59 p.m.•71 views

CVE-2015-1071

6.8CVSS8.8AI score0.00805EPSS

CVE•added 2015/04/10 2:59 p.m.•69 views

CVE-2015-1096

IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.

1.9CVSS4.7AI score0.00074EPSS

CVE•added 2015/04/10 2:59 p.m.•67 views

CVE-2015-1120

WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerabi...

6.8CVSS8.9AI score0.00781EPSS

CVE•added 2015/04/10 2:59 p.m.•66 views

CVE-2015-1117

The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to execute code with unintended user or group privileges via a crafted...

6.9CVSS6.6AI score0.00126EPSS

CVE•added 2015/01/30 11:59 a.m.•65 views

CVE-2014-4477

WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulne...

6.8CVSS5.3AI score0.00913EPSS

CVE•added 2015/03/18 10:59 p.m.•65 views

CVE-2015-1077

6.8CVSS8.8AI score0.00913EPSS

CVE•added 2015/04/10 2:59 p.m.•65 views

CVE-2015-1100

The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (out-of-bounds memory access) or obtain sensitive memory-content information via a crafted app.

5.4CVSS6.1AI score0.00252EPSS

CVE•added 2015/04/10 2:59 p.m.•64 views

CVE-2015-1099

Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app.

4CVSS6AI score0.00072EPSS

CVE•added 2015/01/30 11:59 a.m.•63 views

CVE-2014-4476

6.8CVSS5.3AI score0.00913EPSS

CVE•added 2015/12/11 11:59 a.m.•62 views

CVE-2015-7101

WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2...

6.8CVSS8.9AI score0.01093EPSS

CVE•added 2015/01/30 11:59 a.m.•60 views

CVE-2014-4479

6.8CVSS5.3AI score0.00913EPSS

CVE•added 2015/03/12 10:59 a.m.•60 views

CVE-2015-1061

IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling.

9.3CVSS6.8AI score0.05405EPSS

CVE•added 2015/04/10 2:59 p.m.•60 views

CVE-2015-1105

The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets.

5CVSS6.2AI score0.06234EPSS

CVE•added 2015/12/11 11:59 a.m.•60 views

CVE-2015-7096

6.8CVSS7.6AI score0.01093EPSS

CVE•added 2015/01/30 11:59 a.m.•59 views

CVE-2014-4496

The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app.

5CVSS5.4AI score0.00664EPSS

CVE•added 2015/03/18 10:59 p.m.•59 views

CVE-2015-1074

6.8CVSS7.8AI score0.00787EPSS

CVE•added 2015/03/18 10:59 p.m.•59 views

CVE-2015-1078

6.8CVSS7.8AI score0.00913EPSS

CVE•added 2015/03/18 10:59 p.m.•59 views

CVE-2015-1083

6.8CVSS7.8AI score0.00861EPSS

CVE•added 2015/12/11 11:59 a.m.•59 views

CVE-2015-7098

6.8CVSS7.6AI score0.01093EPSS

CVE•added 2015/12/11 11:59 a.m.•59 views

CVE-2015-7102

6.8CVSS8.9AI score0.01093EPSS

CVE•added 2015/03/18 10:59 p.m.•58 views

CVE-2015-1076

6.8CVSS8.8AI score0.00805EPSS

CVE•added 2015/04/10 2:59 p.m.•58 views

CVE-2015-1101

The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

6.9CVSS7AI score0.00071EPSS

CVE•added 2015/12/11 11:59 a.m.•58 views

CVE-2015-7043

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7041, and CVE-2015-7042.

4.3CVSS7.6AI score0.01078EPSS

CVE•added 2015/12/11 11:59 a.m.•58 views

CVE-2015-7083

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7084.

7.2CVSS7.9AI score0.00335EPSS

CVE•added 2015/04/10 2:59 p.m.•57 views

CVE-2015-1104

The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering protection mechanism via a crafted packet.

5CVSS6AI score0.01373EPSS

CVE•added 2015/12/11 11:59 a.m.•57 views

CVE-2015-7040

4.3CVSS7.6AI score0.01078EPSS

CVE•added 2015/12/11 11:59 a.m.•57 views

CVE-2015-7048

6.8CVSS8.9AI score0.01093EPSS

CVE•added 2015/12/11 11:59 a.m.•57 views

CVE-2015-7084

7.2CVSS7.9AI score0.00335EPSS

CVE•added 2015/01/30 11:59 a.m.•56 views

CVE-2014-4492

libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lac...

7.5CVSS4.2AI score0.17592EPSS

CVE•added 2015/03/18 10:59 p.m.•56 views

CVE-2015-1079

6.8CVSS7.8AI score0.00843EPSS

CVE•added 2015/12/11 11:59 a.m.•56 views

CVE-2015-7095

6.8CVSS8.9AI score0.01093EPSS

CVE•added 2015/03/18 10:59 p.m.•55 views

CVE-2015-1082

6.8CVSS8.8AI score0.00913EPSS

CVE•added 2015/04/10 2:59 p.m.•55 views

CVE-2015-1102

The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly handle TCP headers, which allows man-in-the-middle attackers to cause a denial of service via unspecified vectors.

7.1CVSS6AI score0.01687EPSS

CVE•added 2015/04/10 2:59 p.m.•55 views

CVE-2015-1121

6.8CVSS8.9AI score0.00843EPSS

CVE•added 2015/12/11 11:59 a.m.•55 views

CVE-2015-7075

CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed media file.

6.8CVSS9AI score0.03398EPSS

CVE•added 2015/12/11 11:59 a.m.•55 views

CVE-2015-7097

6.8CVSS8.9AI score0.01093EPSS

CVE•added 2015/03/18 10:59 p.m.•54 views

CVE-2015-1081

6.8CVSS8.8AI score0.00861EPSS

CVE•added 2015/04/10 2:59 p.m.•54 views

CVE-2015-1103

The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of service (network outage) or obtain sensitive packet-content information via a crafted ICMP packet.

7.5CVSS6.2AI score0.01456EPSS

CVE•added 2015/04/10 2:59 p.m.•54 views

CVE-2015-1110

The Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to discover unique identifiers by reading asset-download request data.

5CVSS5.9AI score0.00735EPSS

CVE•added 2015/04/10 2:59 p.m.•54 views

CVE-2015-1118

libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile.

5CVSS6.4AI score0.00875EPSS

Total number of security vulnerabilities109