Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
AppleTvos

54 matches found

CVE
CVEadded 2020/10/16 5:15 p.m.259 views

CVE-2020-9894

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application...

4.3CVSS6.7AI score0.00204EPSS
CVE
CVEadded 2019/02/18 5:29 p.m.190 views

CVE-2019-8906

do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.

4.4CVSS4.8AI score0.0009EPSS
CVE
CVEadded 2020/04/01 6:15 p.m.180 views

CVE-2020-3885

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed.

4.3CVSS5.6AI score0.00294EPSS
CVE
CVEadded 2022/05/26 8:15 p.m.180 views

CVE-2022-26765

A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

4.7CVSS5.4AI score0.00059EPSS
CVE
CVEadded 2021/08/24 7:15 p.m.161 views

CVE-2021-30884

The issue was resolved with additional restrictions on CSS compositing. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Visiting a maliciously crafted website may reveal a user's browsing history.

4.7CVSS5.5AI score0.0028EPSS
CVE
CVEadded 2019/01/11 6:29 p.m.159 views

CVE-2018-4278

In Safari before 11.1.2, iTunes before 12.8 for Windows, iOS before 11.4.1, tvOS before 11.4.1, iCloud for Windows before 7.6, sound fetched through audio elements may be exfiltrated cross-origin. This issue was addressed with improved audio taint tracking.

4.3CVSS5.5AI score0.00328EPSS
CVE
CVEadded 2023/02/27 8:15 p.m.138 views

CVE-2022-46705

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing.

4.3CVSS3.5AI score0.00178EPSS
CVE
CVEadded 2025/03/31 11:15 p.m.123 views

CVE-2025-30427

A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.

4.3CVSS5.9AI score0.00083EPSS
CVE
CVEadded 2025/05/12 10:15 p.m.123 views

CVE-2025-31257

This issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

4.7CVSS5.8AI score0.00083EPSS
CVE
CVEadded 2018/06/08 6:29 p.m.107 views

CVE-2018-4232

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attacker...

4.3CVSS5.2AI score0.01337EPSS
CVE
CVEadded 2022/08/24 8:15 p.m.105 views

CVE-2022-32857

This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. A user in a privileged network position can track a user’s activi...

4.3CVSS5.3AI score0.00026EPSS
CVE
CVEadded 2022/03/18 6:15 p.m.103 views

CVE-2022-22621

This issue was addressed with improved checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions.

4.6CVSS4.4AI score0.00156EPSS
CVE
CVEadded 2022/05/26 8:15 p.m.100 views

CVE-2022-26764

A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.

4.7CVSS5.9AI score0.00214EPSS
CVE
CVEadded 2023/09/27 3:19 p.m.96 views

CVE-2023-41981

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.

4.4CVSS5AI score0.00009EPSS
CVE
CVEadded 2020/10/27 8:15 p.m.95 views

CVE-2019-8834

A configuration issue was addressed with additional restrictions. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud...

4.3CVSS4.9AI score0.00317EPSS
CVE
CVEadded 2025/03/31 11:15 p.m.94 views

CVE-2025-24216

The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.

4.3CVSS5.5AI score0.00071EPSS
CVE
CVEadded 2015/03/11 1:59 a.m.93 views

CVE-2015-1067

Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue,...

4.3CVSS5.8AI score0.92473EPSS
CVE
CVEadded 2022/03/18 6:15 p.m.91 views

CVE-2022-22670

An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. A malicious application may be able to identify what other applications a user has installed.

4.3CVSS4.6AI score0.00232EPSS
CVE
CVEadded 2020/10/27 9:15 p.m.88 views

CVE-2019-8898

An information disclosure issue existed in the handling of the Storage Access API. This issue was addressed with improved logic. This issue is fixed in iOS 13.3 and iPadOS 13.3, tvOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows. Visiting a maliciously crafted website may reveal sites a user has ...

4.3CVSS4.7AI score0.00456EPSS
CVE
CVEadded 2020/10/27 8:15 p.m.83 views

CVE-2019-8827

The HTTP referrer header may be used to leak browsing history. The issue was resolved by downgrading all third party referrers to their origin. This issue is fixed in Safari 13.0.3, iTunes 12.10.2 for Windows, iCloud for Windows 10.9.2, tvOS 13.2, iOS 13.2 and iPadOS 13.2, iCloud for Windows 7.15. ...

4.3CVSS5.2AI score0.00609EPSS
CVE
CVEadded 2020/04/01 6:15 p.m.81 views

CVE-2020-3887

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download's origin may be incorrectly associated.

4.3CVSS5.3AI score0.00492EPSS
CVE
CVEadded 2025/01/27 10:15 p.m.80 views

CVE-2025-24160

The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.

4.3CVSS5.7AI score0.00114EPSS
CVE
CVEadded 2017/10/23 1:29 a.m.77 views

CVE-2017-7083

An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "CFNetwork Proxies" component. It allows remote attackers to cause a denial of service.

4.9CVSS5.6AI score0.01772EPSS
CVE
CVEadded 2021/04/02 6:15 p.m.77 views

CVE-2020-9978

This issue was addressed with improved setting propagation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An attacker in a privileged network position may be able...

4.5CVSS4.8AI score0.00157EPSS
CVE
CVEadded 2019/12/18 6:15 p.m.74 views

CVE-2019-8502

An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to initiate a Dictation request without user authorization.

4.3CVSS4.3AI score0.00319EPSS
CVE
CVEadded 2024/10/28 9:15 p.m.74 views

CVE-2024-44244

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may lead to an unexpected process crash.

4.3CVSS8.1AI score0.00283EPSS
CVE
CVEadded 2021/10/19 2:15 p.m.72 views

CVE-2021-30810

An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8, tvOS 15. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup.

4.3CVSS4.4AI score0.00147EPSS
CVE
CVEadded 2024/03/08 2:15 a.m.67 views

CVE-2024-23293

This issue was addressed through improved state management. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An attacker with physical access may be able to use Siri to access sensitive user data.

4.6CVSS6AI score0.00062EPSS
CVE
CVEadded 2015/04/10 2:59 p.m.64 views

CVE-2015-1099

Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app.

4CVSS6AI score0.00072EPSS
CVE
CVEadded 2018/04/03 6:29 a.m.64 views

CVE-2017-13873

An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive network-activity information about arbitrary app...

4.3CVSS4.8AI score0.00335EPSS
CVE
CVEadded 2025/03/31 11:15 p.m.64 views

CVE-2025-30425

This issue was addressed through improved state management. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A malicious website may be able to track users in Safari private browsing mode.

4.3CVSS5.7AI score0.00046EPSS
CVE
CVEadded 2020/10/16 5:15 p.m.62 views

CVE-2020-9933

An authorization issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to read sensitive location information.

4.3CVSS4.6AI score0.00216EPSS
CVE
CVEadded 2019/12/18 6:15 p.m.61 views

CVE-2019-8698

A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in iOS 12.4, tvOS 12.4. A malicious application may be able to restrict access to websites.

4.3CVSS4.5AI score0.00252EPSS
CVE
CVEadded 2015/12/11 11:59 a.m.58 views

CVE-2015-7043

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7041, and CVE-2015-7042.

4.3CVSS7.6AI score0.01078EPSS
CVE
CVEadded 2014/07/01 10:17 a.m.57 views

CVE-2014-1355

The IOKit implementation in the kernel in Apple iOS before 7.1.2 and Apple TV before 6.1.2, and in IOReporting in Apple OS X before 10.9.4, allows local users to cause a denial of service (NULL pointer dereference and reboot) via crafted API arguments.

4.9CVSS5.5AI score0.00061EPSS
CVE
CVEadded 2015/12/11 11:59 a.m.57 views

CVE-2015-7040

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7041, CVE-2015-7042, and CVE-2015-7043.

4.3CVSS7.6AI score0.01078EPSS
CVE
CVEadded 2013/03/20 2:55 p.m.56 views

CVE-2013-0977

dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments.

4.6CVSS5.5AI score0.00059EPSS
CVE
CVEadded 2021/08/24 7:15 p.m.56 views

CVE-2021-31000

A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2, watchOS 8.3, macOS Monterey 12.1, tvOS 15.2. A malicious application may be able to read sensitive contact information.

4.3CVSS4.2AI score0.00227EPSS
CVE
CVEadded 2016/01/10 3:59 a.m.55 views

CVE-2015-7115

libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7116.

4.3CVSS4.8AI score0.00828EPSS
CVE
CVEadded 2014/09/18 10:55 a.m.54 views

CVE-2014-4383

The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header.

4.3CVSS5.5AI score0.00629EPSS
CVE
CVEadded 2015/12/11 11:59 a.m.54 views

CVE-2015-7042

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7041, and CVE-2015-7043.

4.3CVSS7.6AI score0.01078EPSS
CVE
CVEadded 2015/12/11 11:59 a.m.52 views

CVE-2015-7041

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7042, and CVE-2015-7043.

4.3CVSS7.6AI score0.01078EPSS
CVE
CVEadded 2017/11/13 3:29 a.m.52 views

CVE-2017-13852

An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "Kernel" component. It allows attackers to monitor arbitrary apps via a crafted app that accesses pr...

4.3CVSS4AI score0.00228EPSS
CVE
CVEadded 2014/04/23 11:52 a.m.51 views

CVE-2014-1296

CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connect...

4.3CVSS5.9AI score0.00207EPSS
CVE
CVEadded 2014/09/18 10:55 a.m.51 views

CVE-2014-4407

IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls.

4.3CVSS3.7AI score0.00215EPSS
CVE
CVEadded 2016/03/24 1:59 a.m.51 views

CVE-2016-1748

IOHIDFamily in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.

4.3CVSS4.5AI score0.00257EPSS
CVE
CVEadded 2014/04/23 11:52 a.m.50 views

CVE-2014-1320

IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by reading unspecified attributes of the object.

4.9CVSS5.5AI score0.00062EPSS
CVE
CVEadded 2025/05/12 10:15 p.m.50 views

CVE-2025-31206

A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

4.3CVSS5.5AI score0.00112EPSS
CVE
CVEadded 2015/12/11 11:59 a.m.49 views

CVE-2015-7058

Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 improperly validate keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app.

4.3CVSS7.8AI score0.00524EPSS
CVE
CVEadded 2023/09/27 3:18 p.m.49 views

CVE-2023-35984

The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An attacker in physical proximity can cause a limited out of bounds write.

4.3CVSS4AI score0.00069EPSS
Total number of security vulnerabilities54