Apple tvOS vulnerabilities

CVE-2014-4410 [MEDIUM] CWE-119 CVE-2014-4410: WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbi WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.

CVE-2014-4383 [MEDIUM] CWE-20 CVE-2014-4383: The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header.

CVE-2014-4408 [MEDIUM] CWE-119 CVE-2014-4408: The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (out-of-bounds read and device crash) via a crafted call.

CVE-2014-4419 [LOW] CVE-2014-4419: The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4420, and CVE-2014-4421.

CVE-2014-4420 [LOW] CVE-2014-4420: The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4421.

CVE-2014-4407 [LOW] CWE-200 CVE-2014-4407: IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls.

CVE-2014-4421 [LOW] CVE-2014-4421: The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4419, and CVE-2014-4420.

CVE-2014-4371 [LOW] CWE-665 CVE-2014-4371: The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4419, CVE-2014-4420, and CVE-2014-4421.

CVE-2014-4372 [LOW] CWE-59 CVE-2014-4372: syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to ch syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV before 7 allows local users to change the permissions of arbitrary files via a symlink attack on an unspecified file.

CVE-2014-4357 [LOW] CWE-200 CVE-2014-4357: Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not intended to be present in a log.

CVE-2014-1357 [CRITICAL] CWE-119 CVE-2014-1357: Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that generates log messages.

CVE-2014-1358 [CRITICAL] CWE-189 CVE-2014-1358: Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.

CVE-2014-1356 [CRITICAL] CWE-119 CVE-2014-1356: Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that sends IPC messages.

CVE-2014-1359 [CRITICAL] CWE-189 CVE-2014-1359: Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV befor Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.

CVE-2014-1382 [MEDIUM] CWE-119 CVE-2014-1382: WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA

CVE-2014-1368 [MEDIUM] CWE-119 CVE-2014-1368: WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA

CVE-2014-1355 [MEDIUM] CVE-2014-1355: The IOKit implementation in the kernel in Apple iOS before 7.1.2 and Apple TV before 6.1.2, and in I The IOKit implementation in the kernel in Apple iOS before 7.1.2 and Apple TV before 6.1.2, and in IOReporting in Apple OS X before 10.9.4, allows local users to cause a denial of service (NULL pointer dereference and reboot) via crafted API arguments.

CVE-2014-1363 [MEDIUM] CWE-119 CVE-2014-1363: WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA

CVE-2014-1367 [MEDIUM] CWE-119 CVE-2014-1367: WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA

CVE-2014-1383 [MEDIUM] CWE-264 CVE-2014-1383: Apple TV before 6.1.2 allows remote authenticated users to bypass an intended password requirement f Apple TV before 6.1.2 allows remote authenticated users to bypass an intended password requirement for iTunes Store purchase transactions via unspecified vectors.