Apple tvOS vulnerabilities

2,227 known vulnerabilities affecting apple/tvos.

Total CVEs

2,227

CISA KEV

actively exploited

Public exploits

199

Exploited in wild

Severity breakdown

CRITICAL148HIGH1222MEDIUM795LOW59UNKNOWN3

Vulnerabilities

Page 105 of 112

CVE-2015-1100MEDIUMCVSS 5.4PoC≤ 7.12015-04-10

CVE-2015-1100 [MEDIUM] CWE-119 CVE-2015-1100: The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attack The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (out-of-bounds memory access) or obtain sensitive memory-content information via a crafted app.

nvd

CVE-2015-1118MEDIUMCVSS 5.0≤ 7.12015-04-10

CVE-2015-1118 [MEDIUM] CVE-2015-1118: libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attack libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile.

nvd

CVE-2015-1104MEDIUMCVSS 5.0≤ 7.12015-04-10

CVE-2015-1104 [MEDIUM] CWE-20 CVE-2015-1104: The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not prop The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering protection mechanism via a crafted packet.

nvd

CVE-2015-1117MEDIUMCVSS 6.9≤ 7.12015-04-10

CVE-2015-1117 [MEDIUM] CWE-264 CVE-2015-1117: The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to execute code with unintended user or group privileges via a crafted app.

nvd

CVE-2015-1086MEDIUMCVSS 6.9≤ 7.12015-04-10

CVE-2015-1086 [MEDIUM] CWE-20 CVE-2015-1086: The Audio Drivers subsystem in Apple iOS before 8.3 and Apple TV before 7.2 does not properly valida The Audio Drivers subsystem in Apple iOS before 8.3 and Apple TV before 7.2 does not properly validate IOKit object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

nvd

CVE-2015-1119MEDIUMCVSS 6.8≤ 7.12015-04-10

CVE-2015-1119 [MEDIUM] CVE-2015-1119: WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x bef WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, A

nvd

CVE-2015-1096LOWCVSS 1.9≤ 7.12015-04-10

CVE-2015-1096 [LOW] CWE-200 CVE-2015-1096: IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attac IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.

nvd

CVE-2015-1094LOWCVSS 1.9≤ 7.12015-04-10

CVE-2015-1094 [LOW] CWE-200 CVE-2015-1094: IOAcceleratorFamily in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensi IOAcceleratorFamily in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.

nvd

CVE-2015-1097LOWCVSS 1.9≤ 7.12015-04-10

CVE-2015-1097 [LOW] CWE-200 CVE-2015-1097: IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensi IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.

nvd

CVE-2015-1114LOWCVSS 1.9≤ 7.12015-04-10

CVE-2015-1114 [LOW] CWE-200 CVE-2015-1114: The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to d The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to discover hardware identifiers via a crafted app.

nvd

CVE-2015-1082MEDIUMCVSS 6.8≤ 7.12015-03-18

CVE-2015-1082 [MEDIUM] CWE-399 CVE-2015-1082: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

nvd

CVE-2015-1073MEDIUMCVSS 6.8≤ 7.12015-03-18

CVE-2015-1073 [MEDIUM] CWE-399 CVE-2015-1073: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

nvd

CVE-2015-1077MEDIUMCVSS 6.8≤ 7.12015-03-18

CVE-2015-1077 [MEDIUM] CWE-399 CVE-2015-1077: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

nvd

CVE-2015-1079MEDIUMCVSS 6.8≤ 7.12015-03-18

CVE-2015-1079 [MEDIUM] CWE-399 CVE-2015-1079: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

nvd

CVE-2015-1080MEDIUMCVSS 6.8≤ 7.12015-03-18

CVE-2015-1080 [MEDIUM] CWE-399 CVE-2015-1080: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

nvd

CVE-2015-1074MEDIUMCVSS 6.8≤ 7.12015-03-18

CVE-2015-1074 [MEDIUM] CWE-399 CVE-2015-1074: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

nvd

CVE-2015-1069MEDIUMCVSS 6.8≤ 7.12015-03-18

CVE-2015-1069 [MEDIUM] CWE-399 CVE-2015-1069: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

nvd

CVE-2015-1071MEDIUMCVSS 6.8≤ 7.12015-03-18

CVE-2015-1071 [MEDIUM] CWE-399 CVE-2015-1071: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

nvd

CVE-2015-1081MEDIUMCVSS 6.8≤ 7.12015-03-18

CVE-2015-1081 [MEDIUM] CWE-399 CVE-2015-1081: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

nvd

CVE-2015-1076MEDIUMCVSS 6.8≤ 7.12015-03-18

CVE-2015-1076 [MEDIUM] CWE-399 CVE-2015-1076: WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.

nvd

← Previous105 / 112Next →