Tvos Security Vulnerabilities and Issues — Tvos CVE List

Lucene search

AppleTvos

34 matches found

CVE•added 2016/05/20 10:59 a.m.•150 views

CVE-2016-1839

The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

5.5CVSS6.4AI score0.07853EPSS

CVE•added 2016/05/20 10:59 a.m.•119 views

CVE-2016-1834

Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML do...

9.3CVSS8.6AI score0.02822EPSS

CVE•added 2016/05/20 10:59 a.m.•112 views

CVE-2016-1840

Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a cr...

7.8CVSS8.6AI score0.01706EPSS

CVE•added 2016/05/20 10:59 a.m.•111 views

CVE-2016-1837

Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a cr...

5.5CVSS6.6AI score0.01636EPSS

CVE•added 2016/05/20 10:59 a.m.•109 views

CVE-2016-1833

The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

5.5CVSS6.3AI score0.0092EPSS

CVE•added 2016/05/20 10:59 a.m.•106 views

CVE-2016-1838

The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

5.5CVSS6.3AI score0.07841EPSS

CVE•added 2016/05/20 10:59 a.m.•103 views

CVE-2016-1836

Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.

5.5CVSS6.5AI score0.01468EPSS

CVE•added 2016/05/20 10:59 a.m.•77 views

CVE-2016-1841

libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

8.8CVSS8.3AI score0.01678EPSS

CVE•added 2016/05/20 11:0 a.m.•73 views

CVE-2016-1854

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1855, CVE-2016-1856, and CVE-2016-1857.

8.8CVSS8.4AI score0.01359EPSS

CVE•added 2016/05/20 10:59 a.m.•70 views

CVE-2016-1827

The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1828, CVE-2016-1829, ...

9.3CVSS7.5AI score0.05151EPSS

CVE•added 2016/05/20 10:59 a.m.•67 views

CVE-2016-1828

9.3CVSS7.5AI score0.05151EPSS

CVE•added 2016/05/20 11:0 a.m.•65 views

CVE-2016-1856

8.8CVSS8.4AI score0.01359EPSS

CVE•added 2016/05/20 11:0 a.m.•63 views

CVE-2016-1857

8.8CVSS8.4AI score0.01359EPSS

CVE•added 2016/05/20 10:59 a.m.•57 views

CVE-2016-1819

Use-after-free vulnerability in the IOAccelContext2::clientMemoryForType method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a craft...

9.3CVSS7.6AI score0.04268EPSS

CVE•added 2016/05/20 10:59 a.m.•56 views

CVE-2016-1830

8.5CVSS7.5AI score0.05151EPSS

CVE•added 2016/05/20 10:59 a.m.•55 views

CVE-2016-1829

9.3CVSS7.5AI score0.05151EPSS

CVE•added 2016/05/20 11:0 a.m.•55 views

CVE-2016-1855

8.8CVSS8.4AI score0.01359EPSS

CVE•added 2016/05/20 10:59 a.m.•52 views

CVE-2016-1808

The Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS7.6AI score0.00353EPSS

CVE•added 2016/05/20 10:59 a.m.•51 views

CVE-2016-1801

The CFNetwork Proxies subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 mishandles URLs in http and https requests, which allows remote attackers to obtain sensitive information via unspecified vectors.

7.5CVSS6.7AI score0.07722EPSS

CVE•added 2016/05/20 11:0 a.m.•51 views

CVE-2016-1859

The WebKit Canvas implementation in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

8.8CVSS8.3AI score0.00589EPSS

CVE•added 2016/05/20 10:59 a.m.•49 views

CVE-2016-1817

IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1818 and CVE...

9.3CVSS7.6AI score0.04268EPSS

CVE•added 2016/05/20 10:59 a.m.•48 views

CVE-2016-1803

CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

7.8CVSS7.6AI score0.06656EPSS

CVE•added 2016/05/20 10:59 a.m.•48 views

CVE-2016-1807

Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel memory via unspecified vectors.

5.1CVSS4.8AI score0.00125EPSS

Web

CVE•added 2016/05/20 10:59 a.m.•47 views

CVE-2016-1818

9.3CVSS7.6AI score0.04268EPSS

CVE•added 2016/05/20 11:0 a.m.•47 views

CVE-2016-1847

OpenGL, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

8.8CVSS8.3AI score0.00752EPSS

CVE•added 2016/05/20 10:59 a.m.•46 views

CVE-2016-1813

The IOAccelSharedUserClient2::page_off_resource method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

9.3CVSS7.7AI score0.03537EPSS

Web

CVE•added 2016/05/20 10:59 a.m.•46 views

CVE-2016-1824

IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1823.

9.3CVSS7.6AI score0.03188EPSS

CVE•added 2016/05/20 10:59 a.m.•44 views

CVE-2016-1802

CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to obtain sensitive information via a crafted app.

5.5CVSS5AI score0.00262EPSS

CVE•added 2016/05/20 11:0 a.m.•44 views

CVE-2016-1858

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted web site.

6.5CVSS6.1AI score0.01328EPSS

CVE•added 2016/05/20 10:59 a.m.•42 views

CVE-2016-1814

IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.

5.5CVSS5.3AI score0.00243EPSS

CVE•added 2016/05/20 10:59 a.m.•42 views

CVE-2016-1832

libc in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.8CVSS7AI score0.00064EPSS

CVE•added 2016/05/20 10:59 a.m.•41 views

CVE-2016-1811

ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.

6.5CVSS6AI score0.01032EPSS

CVE•added 2016/05/20 10:59 a.m.•40 views

CVE-2016-1823

The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read and memory corruption) via a crafted IOHIDRe...

9.3CVSS7.6AI score0.03188EPSS

Web

CVE•added 2016/05/20 10:59 a.m.•40 views

CVE-2016-1831

The kernel in Apple iOS before 9.3.2 and OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS7.5AI score0.00156EPSS