Apple tvOS vulnerabilities
2,227 known vulnerabilities affecting apple/tvos.
Total CVEs
2,227
CISA KEV
41
actively exploited
Public exploits
199
Exploited in wild
31
Severity breakdown
CRITICAL148HIGH1222MEDIUM795LOW59UNKNOWN3
Vulnerabilities
Page 110 of 112
CVE-2014-1365MEDIUMCVSS 6.8≤ 6.1.1v6.0+3 more2014-07-01
CVE-2014-1365 [MEDIUM] CWE-119 CVE-2014-1365: WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA
nvd
CVE-2014-1362MEDIUMCVSS 6.8≤ 6.1.1v6.0+3 more2014-07-01
CVE-2014-1362 [MEDIUM] CWE-119 CVE-2014-1362: WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA
nvd
CVE-2014-1364MEDIUMCVSS 6.8≤ 6.1.1v6.0+3 more2014-07-01
CVE-2014-1364 [MEDIUM] CWE-119 CVE-2014-1364: WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA
nvd
CVE-2014-1325MEDIUMCVSS 6.8≤ 6.1.1v6.0+3 more2014-07-01
CVE-2014-1325 [MEDIUM] CWE-119 CVE-2014-1325: WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA
nvd
CVE-2014-1361MEDIUMCVSS 5.0≤ 6.1.1v6.0+3 more2014-07-01
CVE-2014-1361 [MEDIUM] CWE-200 CVE-2014-1361: Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does
Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote attackers to obtain potentially sensitive information from uninitialized process memory by providing a DTLS message within a TLS connection.
nvd
CVE-2014-1366MEDIUMCVSS 6.8≤ 6.1.1v6.0+3 more2014-07-01
CVE-2014-1366 [MEDIUM] CWE-119 CVE-2014-1366: WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA
nvd
CVE-2014-1296MEDIUMCVSS 4.3≤ 6.1v6.0+2 more2014-04-23
CVE-2014-1296 [MEDIUM] CWE-264 CVE-2014-1296: CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not e
CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated b
nvd
CVE-2014-1320MEDIUMCVSS 4.9≤ 6.1v6.0+2 more2014-04-23
CVE-2014-1320 [MEDIUM] CWE-200 CVE-2014-1320: IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel
IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 places kernel pointers into an object data structure, which makes it easier for local users to bypass the ASLR protection mechanism by reading unspecified attributes of the object.
nvd
CVE-2014-1295MEDIUMCVSS 6.8≤ 6.1v6.0+2 more2014-04-23
CVE-2014-1295 [MEDIUM] CWE-287 CVE-2014-1295: Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple T
Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake
nvd
CVE-2014-1287HIGHCVSS 7.2PoC≤ 6.0.2v6.0+1 more2014-03-14
CVE-2014-1287 [HIGH] CWE-119 CVE-2014-1287: USB Host in Apple iOS before 7.1 and Apple TV before 6.1 allows physically proximate attackers to ex
USB Host in Apple iOS before 7.1 and Apple TV before 6.1 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted USB messages.
nvd
CVE-2014-1271HIGHCVSS 7.8≤ 6.0.2v6.0+1 more2014-03-14
CVE-2014-1271 [HIGH] CWE-20 CVE-2014-1271: CoreCapture in Apple iOS before 7.1 and Apple TV before 6.1 does not properly validate IOKit API cal
CoreCapture in Apple iOS before 7.1 and Apple TV before 6.1 does not properly validate IOKit API calls, which allows attackers to cause a denial of service (assertion failure and device crash) via a crafted app.
nvd
CVE-2014-1280HIGHCVSS 7.1≤ 6.0.2v6.0+1 more2014-03-14
CVE-2014-1280 [HIGH] CVE-2014-1280: Video Driver in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to cause a deni
Video Driver in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to cause a denial of service (NULL pointer dereference and device hang) via a crafted video file with MPEG-4 encoding.
nvd
CVE-2014-1278HIGHCVSS 7.2≤ 6.0.2v6.0+1 more2014-03-14
CVE-2014-1278 [HIGH] CWE-119 CVE-2014-1278: The ptmx_get_ioctl function in the ARM kernel in Apple iOS before 7.1 and Apple TV before 6.1 allows
The ptmx_get_ioctl function in the ARM kernel in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access and device crash) via a crafted call.
nvd
CVE-2014-1272MEDIUMCVSS 6.3≤ 6.0.2v6.0+1 more2014-03-14
CVE-2014-1272 [MEDIUM] CWE-59 CVE-2014-1272: CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local us
CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink.
nvd
CVE-2014-1292MEDIUMCVSS 6.8≤ 6.0.2v6.0+1 more2014-03-14
CVE-2014-1292 [MEDIUM] CVE-2014-1292: WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute
WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290, CVE-2014-1291, CVE-2014-1293, and CVE-2014-1294.
nvd
CVE-2014-1290MEDIUMCVSS 6.8≤ 6.0.2v6.0+1 more2014-03-14
CVE-2014-1290 [MEDIUM] CVE-2014-1290: WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute
WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1291, CVE-2014-1292, CVE-2014-1293, and CVE-2014-1294.
nvd
CVE-2014-1291MEDIUMCVSS 6.8≤ 6.0.2v6.0+1 more2014-03-14
CVE-2014-1291 [MEDIUM] CVE-2014-1291: WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute
WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290, CVE-2014-1292, CVE-2014-1293, and CVE-2014-1294.
nvd
CVE-2014-1273MEDIUMCVSS 5.8≤ 6.0.2v6.0+1 more2014-03-14
CVE-2014-1273 [MEDIUM] CWE-20 CVE-2014-1273: dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing require
dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library.
nvd
CVE-2014-1294MEDIUMCVSS 6.8≤ 6.0.2v6.0+1 more2014-03-14
CVE-2014-1294 [MEDIUM] CVE-2014-1294: WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute
WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290, CVE-2014-1291, CVE-2014-1292, and CVE-2014-1293.
nvd
CVE-2014-1275MEDIUMCVSS 6.8≤ 6.0.2v6.0+1 more2014-03-14
CVE-2014-1275 [MEDIUM] CWE-119 CVE-2014-1275: Buffer overflow in ImageIO in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers t
Buffer overflow in ImageIO in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.
nvd