Lucene search

K
AppleTvos6.1.1

32 matches found

CVE
CVE
added 2014/09/18 10:55 a.m.128 views

CVE-2014-4415

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA...

6.8CVSS7.8AI score0.01118EPSS
CVE
CVE
added 2014/09/18 10:55 a.m.78 views

CVE-2014-4389

Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments.

9.3CVSS5.8AI score0.01745EPSS
CVE
CVE
added 2014/09/18 10:55 a.m.69 views

CVE-2014-4414

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA...

6.8CVSS7.8AI score0.01114EPSS
CVE
CVE
added 2014/09/18 10:55 a.m.63 views

CVE-2014-4377

Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

6.8CVSS7.8AI score0.11335EPSS
CVE
CVE
added 2014/09/18 10:55 a.m.61 views

CVE-2014-4405

IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted key-mapping properties.

9.3CVSS8AI score0.01754EPSS
CVE
CVE
added 2014/09/18 10:55 a.m.60 views

CVE-2014-4388

IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-...

9.3CVSS7.5AI score0.00543EPSS
CVE
CVE
added 2014/09/18 10:55 a.m.60 views

CVE-2014-4413

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA...

6.8CVSS7.8AI score0.01114EPSS
CVE
CVE
added 2014/09/18 10:55 a.m.59 views

CVE-2014-4371

The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4...

1.9CVSS3.6AI score0.00078EPSS
CVE
CVE
added 2014/09/18 10:55 a.m.59 views

CVE-2014-4380

The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code in the kernel's context via a crafted application.

9.3CVSS8.5AI score0.02385EPSS
CVE
CVE
added 2014/09/18 10:55 a.m.59 views

CVE-2014-4422

The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator during the early portion of the boot process, which allows attackers to bypass certain kernel-hardening protection mechanisms by using a user-space process to observe data related to the random numbers...

8.1CVSS7.2AI score0.0169EPSS
CVE
CVE
added 2014/09/18 10:55 a.m.58 views

CVE-2014-4364

The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then performing a cryptographic attack against the MS-CHAPv1 hash.

5.6CVSS5.5AI score0.00498EPSS
CVE
CVE
added 2014/09/18 10:55 a.m.58 views

CVE-2014-4420

The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4...

1.9CVSS3.6AI score0.00078EPSS
CVE
CVE
added 2014/09/18 10:55 a.m.57 views

CVE-2014-4378

CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted PDF document.

5.8CVSS5.8AI score0.0208EPSS
CVE
CVE
added 2014/09/18 10:55 a.m.55 views

CVE-2014-4357

Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not intended to be present in a log.

2.1CVSS5AI score0.00075EPSS
CVE
CVE
added 2014/09/18 10:55 a.m.55 views

CVE-2014-4381

Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code as root via a crafted application.

9.3CVSS7AI score0.01741EPSS
CVE
CVE
added 2014/09/18 10:55 a.m.54 views

CVE-2014-4383

The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header.

4.3CVSS5.5AI score0.00629EPSS
CVE
CVE
added 2014/09/18 10:55 a.m.54 views

CVE-2014-4408

The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (out-of-bounds read and device crash) via a crafted call.

6.9CVSS7.5AI score0.00044EPSS
CVE
CVE
added 2014/09/18 10:55 a.m.54 views

CVE-2014-4412

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA...

6.8CVSS7.8AI score0.01114EPSS
CVE
CVE
added 2014/09/18 10:55 a.m.54 views

CVE-2014-4421

The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4...

1.9CVSS3.6AI score0.00078EPSS
CVE
CVE
added 2014/09/18 10:55 a.m.52 views

CVE-2014-4375

Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related to Mach ports.

7.8CVSS7.3AI score0.00054EPSS
CVE
CVE
added 2014/09/18 10:55 a.m.51 views

CVE-2014-4407

IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls.

4.3CVSS3.7AI score0.00215EPSS
CVE
CVE
added 2014/09/18 10:55 a.m.51 views

CVE-2014-4418

IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-...

9.3CVSS7.5AI score0.00543EPSS
CVE
CVE
added 2014/09/18 10:55 a.m.50 views

CVE-2014-4410

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA...

6.8CVSS7.8AI score0.01114EPSS
CVE
CVE
added 2014/09/18 10:55 a.m.50 views

CVE-2014-4419

The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4...

1.9CVSS3.6AI score0.00078EPSS
CVE
CVE
added 2014/11/18 11:59 a.m.50 views

CVE-2014-4462

WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4452.

5.8CVSS7.8AI score0.01266EPSS
CVE
CVE
added 2014/09/18 10:55 a.m.49 views

CVE-2014-4369

The IOAcceleratorFamily API implementation in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via an application that uses crafted arguments.

7.8CVSS5.8AI score0.01216EPSS
CVE
CVE
added 2014/09/18 10:55 a.m.49 views

CVE-2014-4372

syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file.

3.6CVSS5.8AI score0.00038EPSS
CVE
CVE
added 2014/09/18 10:55 a.m.49 views

CVE-2014-4373

The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application.

7.8CVSS5.1AI score0.00191EPSS
CVE
CVE
added 2014/09/18 10:55 a.m.48 views

CVE-2014-4379

An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking to prevent reading of kernel pointers, which allows attackers to bypass the ASLR protection mechanism via a crafted application.

7.1CVSS6.3AI score0.01872EPSS
CVE
CVE
added 2014/09/18 10:55 a.m.48 views

CVE-2014-4411

WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA...

6.8CVSS7.8AI score0.01114EPSS
CVE
CVE
added 2014/11/18 11:59 a.m.45 views

CVE-2014-4461

The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application.

9.3CVSS4.2AI score0.0186EPSS
CVE
CVE
added 2014/11/18 11:59 a.m.43 views

CVE-2014-4455

dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file.

2.1CVSS5.3AI score0.00063EPSS