Tvos Security Vulnerabilities and Issues — Tvos CVE List

Lucene search

AppleTvos

10 matches found

CVE•added 2015/11/18 4:59 p.m.•322 views

CVE-2015-8035

The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.

2.6CVSS6.6AI score0.01311EPSS

CVE•added 2021/08/24 7:15 p.m.•94 views

CVE-2021-30915

A logic issue was addressed with improved state management. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A person with physical access to an iOS device may be able to determine characteristic...

2.4CVSS3.5AI score0.00112EPSS

CVE•added 2020/10/27 8:15 p.m.•72 views

CVE-2019-8799

This issue was resolved by replacing device names with a random identifier. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15, watchOS 6, tvOS 13. An attacker in physical proximity may be able to passively observe device names in AWDL communications.

2.4CVSS4.6AI score0.0007EPSS

CVE•added 2023/06/23 6:15 p.m.•72 views

CVE-2023-32394

The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. A person with physical access to a device may be able to view contact information from the lock screen.

2.4CVSS2.9AI score0.00048EPSS

CVE•added 2022/11/01 8:15 p.m.•62 views

CVE-2022-32879

A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, watchOS 9, tvOS 16. A user with physical access to a device may be able to access contacts from the lock screen.

2.4CVSS4AI score0.0008EPSS

CVE•added 2014/09/18 10:55 a.m.•55 views

CVE-2014-4357

Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not intended to be present in a log.

2.1CVSS5AI score0.00075EPSS

CVE•added 2013/03/20 2:55 p.m.•54 views

CVE-2013-0978

The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to bypass the ASLR protection mechanism via crafted code.

2.1CVSS5.5AI score0.00061EPSS

CVE•added 2015/12/11 11:59 a.m.•53 views

CVE-2015-7046

The Sandbox feature in xnu in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not properly implement privilege separation, which allows attackers to bypass the ASLR protection mechanism via a crafted app with root privileges.

2.6CVSS7.8AI score0.00738EPSS

CVE•added 2014/03/14 10:55 a.m.•46 views

CVE-2014-1279

Apple TV before 6.1 does not properly restrict logging, which allows local users to obtain sensitive information by reading log data.

2.1CVSS5.1AI score0.00056EPSS

CVE•added 2014/11/18 11:59 a.m.•43 views

CVE-2014-4455

dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file.

2.1CVSS5.3AI score0.00063EPSS