Apple tvOS vulnerabilities
2,227 known vulnerabilities affecting apple/tvos.
Total CVEs
2,227
CISA KEV
41
actively exploited
Public exploits
199
Exploited in wild
31
Severity breakdown
CRITICAL148HIGH1222MEDIUM795LOW59UNKNOWN3
Vulnerabilities
Page 104 of 112
CVE-2015-7100MEDIUMCVSS 6.8≤ 9.02015-12-11
CVE-2015-7100 [MEDIUM] CVE-2015-7100: WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7101, CVE-2015
nvdapple
CVE-2015-7046LOWCVSS 2.6≤ 9.02015-12-11
CVE-2015-7046 [LOW] CWE-200 CVE-2015-7046: The Sandbox feature in xnu in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchO
The Sandbox feature in xnu in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not properly implement privilege separation, which allows attackers to bypass the ASLR protection mechanism via a crafted app with root privileges.
nvd
CVE-2015-7942MEDIUMCVSS 6.8≤ 9.12015-11-18
CVE-2015-7942 [MEDIUM] CVE-2015-7942: The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.
nvdapple
CVE-2015-8035LOWCVSS 2.6≤ 9.12015-11-18
CVE-2015-8035 [LOW] CWE-399 CVE-2015-8035: The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, whic
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.
nvdapple
CVE-2015-7995MEDIUMCVSS 5.0≤ 9.12015-11-17
CVE-2015-7995 [MEDIUM] CVE-2015-7995: The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is
The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.
nvdapple
CVE-2015-3807MEDIUMCVSS 4.3≤ 9.02015-08-17
CVE-2015-3807 [MEDIUM] CWE-119 CVE-2015-3807: libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitiv
libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted XML document.
nvd
CVE-2015-1819MEDIUMCVSS 5.0≤ 9.12015-08-14
CVE-2015-1819 [MEDIUM] CWE-399 CVE-2015-1819: The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) vi
The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.
nvdapple
CVE-2015-1095HIGHCVSS 7.2≤ 7.12015-04-10
CVE-2015-1095 [HIGH] CVE-2015-1095: IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physi
IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HID device.
nvd
CVE-2015-1102HIGHCVSS 7.1≤ 7.12015-04-10
CVE-2015-1102 [HIGH] CWE-20 CVE-2015-1102: The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not prop
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly handle TCP headers, which allows man-in-the-middle attackers to cause a denial of service via unspecified vectors.
nvd
CVE-2015-1103HIGHCVSS 7.5≤ 7.12015-04-10
CVE-2015-1103 [HIGH] CWE-20 CVE-2015-1103: The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of service (network outage) or obtain sensitive packet-content information via a crafted ICMP packet.
nvd
CVE-2015-1110MEDIUMCVSS 5.0≤ 7.12015-04-10
CVE-2015-1110 [MEDIUM] CWE-200 CVE-2015-1110: The Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to di
The Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to discover unique identifiers by reading asset-download request data.
nvd
CVE-2015-1101MEDIUMCVSS 6.9≤ 7.12015-04-10
CVE-2015-1101 [MEDIUM] CVE-2015-1101: The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attack
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
nvd
CVE-2015-1105MEDIUMCVSS 5.0≤ 7.12015-04-10
CVE-2015-1105 [MEDIUM] CWE-20 CVE-2015-1105: The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple T
The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets.
nvd
CVE-2015-1123MEDIUMCVSS 6.8≤ 7.12015-04-10
CVE-2015-1123 [MEDIUM] CVE-2015-1123: WebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, allows remote attackers to execute
WebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-3 and APPLE-SA-2015-04-08-4.
nvd
CVE-2015-1124MEDIUMCVSS 6.8≤ 7.12015-04-10
CVE-2015-1124 [MEDIUM] CVE-2015-1124: WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x bef
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, A
nvd
CVE-2015-1099MEDIUMCVSS 4.0≤ 7.12015-04-10
CVE-2015-1099 [MEDIUM] CWE-362 CVE-2015-1099: Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, App
Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a crafted app.
nvd
CVE-2015-1121MEDIUMCVSS 6.8≤ 7.12015-04-10
CVE-2015-1121 [MEDIUM] CVE-2015-1121: WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x bef
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, A
nvd
CVE-2015-1092MEDIUMCVSS 5.0≤ 7.12015-04-10
CVE-2015-1092 [MEDIUM] CVE-2015-1092: NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to
NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
nvd
CVE-2015-1122MEDIUMCVSS 6.8≤ 7.12015-04-10
CVE-2015-1122 [MEDIUM] CVE-2015-1122: WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x bef
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, A
nvd
CVE-2015-1120MEDIUMCVSS 6.8≤ 7.12015-04-10
CVE-2015-1120 [MEDIUM] CVE-2015-1120: WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x bef
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, A
nvd