Apple tvOS vulnerabilities
2,227 known vulnerabilities affecting apple/tvos.
Total CVEs
2,227
CISA KEV
41
actively exploited
Public exploits
199
Exploited in wild
31
Severity breakdown
CRITICAL148HIGH1222MEDIUM795LOW59UNKNOWN3
Vulnerabilities
Page 107 of 112
CVE-2014-4483MEDIUMCVSS 6.8≤ 7.0.12015-01-30
CVE-2014-4483 [MEDIUM] CWE-119 CVE-2014-4483: Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV bef
Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document.
nvd
CVE-2014-4496MEDIUMCVSS 5.0≤ 7.0.12015-01-30
CVE-2014-4496 [MEDIUM] CWE-264 CVE-2014-4496: The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 do
The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app.
nvd
CVE-2014-4491MEDIUMCVSS 5.0≤ 7.0.12015-01-30
CVE-2014-4491 [MEDIUM] CWE-200 CVE-2014-4491: The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV
The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app.
nvd
CVE-2014-4481MEDIUMCVSS 6.8≤ 7.0.12015-01-30
CVE-2014-4481 [MEDIUM] CWE-189 CVE-2014-4481: Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV
Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
nvd
CVE-2014-4466HIGHCVSS 7.5≤ 7.0.12014-12-10
CVE-2014-4466 [HIGH] CWE-399 CVE-2014-4466: WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
nvd
CVE-2014-4470MEDIUMCVSS 6.8≤ 7.0.12014-12-10
CVE-2014-4470 [MEDIUM] CWE-399 CVE-2014-4470: WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
nvd
CVE-2014-4474MEDIUMCVSS 6.8≤ 7.0.12014-12-10
CVE-2014-4474 [MEDIUM] CWE-399 CVE-2014-4474: WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
nvd
CVE-2014-4475MEDIUMCVSS 6.8≤ 7.0.12014-12-10
CVE-2014-4475 [MEDIUM] CWE-399 CVE-2014-4475: WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
nvd
CVE-2014-4473MEDIUMCVSS 6.8≤ 7.0.12014-12-10
CVE-2014-4473 [MEDIUM] CWE-399 CVE-2014-4473: WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
nvd
CVE-2014-4465MEDIUMCVSS 5.0≤ 7.0.12014-12-10
CVE-2014-4465 [MEDIUM] CWE-20 CVE-2014-4465: WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers
WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of an IMG element.
nvd
CVE-2014-4471MEDIUMCVSS 6.8≤ 7.0.12014-12-10
CVE-2014-4471 [MEDIUM] CWE-399 CVE-2014-4471: WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
nvd
CVE-2014-4469MEDIUMCVSS 6.8≤ 7.0.12014-12-10
CVE-2014-4469 [MEDIUM] CWE-399 CVE-2014-4469: WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
nvd
CVE-2014-4472MEDIUMCVSS 6.8≤ 7.0.12014-12-10
CVE-2014-4472 [MEDIUM] CWE-399 CVE-2014-4472: WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
nvd
CVE-2014-4468MEDIUMCVSS 6.8≤ 7.0.12014-12-10
CVE-2014-4468 [MEDIUM] CWE-399 CVE-2014-4468: WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
nvd
CVE-2014-4461CRITICALCVSS 9.3≤ 7.0.1v6.0+8 more2014-11-18
CVE-2014-4461 [CRITICAL] CWE-20 CVE-2014-4461: The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDa
The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application.
nvd
CVE-2014-4452MEDIUMCVSS 5.4≥ 6.0, < 7.0.22014-11-18
CVE-2014-4452 [MEDIUM] CWE-399 CVE-2014-4452: WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to exec
WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462.
nvd
CVE-2014-4459MEDIUMCVSS 6.8fixed in 7.0.32014-11-18
CVE-2014-4459 [MEDIUM] CVE-2014-4459: Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attacker
Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.
nvd
CVE-2014-4462MEDIUMCVSS 5.8≤ 7.0.1v6.0+8 more2014-11-18
CVE-2014-4462 [MEDIUM] CVE-2014-4462: WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to exec
WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4452.
nvd
CVE-2014-4455LOWCVSS 2.1≤ 7.0.1v6.0+9 more2014-11-18
CVE-2014-4455 [LOW] CWE-264 CVE-2014-4455: dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segmen
dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file.
nvd
CVE-2014-3192HIGHCVSS 7.5≤ 7.0.12014-10-08
CVE-2014-3192 [HIGH] CWE-416 CVE-2014-3192: Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/Pro
Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
nvd