Tvos Security Vulnerabilities and Issues — Tvos CVE List

Lucene search

AppleTvos

16 matches found

CVE•added 2015/01/30 11:59 a.m.•65 views

CVE-2014-4477

WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulne...

6.8CVSS5.3AI score0.00913EPSS

CVE•added 2015/01/30 11:59 a.m.•63 views

CVE-2014-4476

6.8CVSS5.3AI score0.00913EPSS

CVE•added 2015/01/30 11:59 a.m.•60 views

CVE-2014-4479

6.8CVSS5.3AI score0.00913EPSS

CVE•added 2015/01/30 11:59 a.m.•59 views

CVE-2014-4496

The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app.

5CVSS5.4AI score0.00664EPSS

CVE•added 2015/01/30 11:59 a.m.•56 views

CVE-2014-4492

libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lac...

7.5CVSS4.2AI score0.09598EPSS

CVE•added 2015/01/30 11:59 a.m.•51 views

CVE-2014-4481

Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

6.8CVSS5.1AI score0.08613EPSS

CVE•added 2015/01/30 11:59 a.m.•51 views

CVE-2014-4487

Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app.

10CVSS4.3AI score0.02421EPSS

CVE•added 2015/01/30 11:59 a.m.•50 views

CVE-2014-4488

IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

10CVSS4.1AI score0.01797EPSS

CVE•added 2015/01/30 11:59 a.m.•49 views

CVE-2014-4483

Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document.

6.8CVSS5.1AI score0.02074EPSS

CVE•added 2015/01/30 11:59 a.m.•47 views

CVE-2014-4485

Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.

7.5CVSS5.1AI score0.02977EPSS

CVE•added 2015/01/30 11:59 a.m.•47 views

CVE-2014-4486

IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted app.

10CVSS4.7AI score0.01019EPSS

CVE•added 2015/01/30 11:59 a.m.•46 views

CVE-2014-4480

Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.

10CVSS5.7AI score0.01934EPSS

CVE•added 2015/01/30 11:59 a.m.•46 views

CVE-2014-4491

The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app.

5CVSS2.9AI score0.00524EPSS

CVE•added 2015/01/30 11:59 a.m.•45 views

CVE-2014-4484

FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file.

7.5CVSS5.1AI score0.03229EPSS

CVE•added 2015/01/30 11:59 a.m.•45 views

CVE-2014-4495

The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app.

10CVSS2.8AI score0.01564EPSS

CVE•added 2015/01/30 11:59 a.m.•44 views

CVE-2014-4489

IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

10CVSS4.6AI score0.01019EPSS