Apple tvOS vulnerabilities

2,227 known vulnerabilities affecting apple/tvos.

Total CVEs
2,227
CISA KEV
41
actively exploited
Public exploits
199
Exploited in wild
31
Severity breakdown
CRITICAL148HIGH1222MEDIUM795LOW59UNKNOWN3

Vulnerabilities

Page 112 of 112
CVE-2010-2805MEDIUMCVSS 6.8fixed in 4.1.02010-08-19
CVE-2010-2805 [MEDIUM] CWE-20 CVE-2010-2805: The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly vali The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
nvd
CVE-2010-2806MEDIUMCVSS 6.8fixed in 4.1.02010-08-19
CVE-2010-2806 [MEDIUM] CWE-129 CVE-2010-2806: Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allo Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow.
nvd
CVE-2010-2808MEDIUMCVSS 6.8fixed in 4.1.02010-08-19
CVE-2010-2808 [MEDIUM] CWE-120 CVE-2010-2808: Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 all Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font.
nvd
CVE-2010-2249MEDIUMCVSS 6.5fixed in 4.1.02010-06-30
CVE-2010-2249 [MEDIUM] CWE-401 CVE-2010-2249: Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers t Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.
nvd
CVE-2011-2895CRITICALCVSS 9.3v9.1
CVE-2011-2895 [CRITICAL] CVE-2011-2895: tvOS 9.1 Apple Security Update: About the security content of tvOS 9.1 Product: tvOS Version: 9.1 CVE: CVE-2011-2895 Component: CVE-ID Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: Multiple buffer overflows existed in the C standard library. These issues were addressed through improved bounds checking.
apple
CVE-2015-7109CRITICALCVSS 9.3v9.1
CVE-2015-7109 [CRITICAL] CVE-2015-7109: tvOS 9.1 Apple Security Update: About the security content of tvOS 9.1 Product: tvOS Version: 9.1 CVE: CVE-2015-7109 Component: CVE-ID
apple
CVE-2015-7110MEDIUMCVSS 6.9PoCv9.1
CVE-2015-7110 [MEDIUM] CVE-2015-7110: tvOS 9.1 Apple Security Update: About the security content of tvOS 9.1 Product: tvOS Version: 9.1 CVE: CVE-2015-7110 Component: CVE-ID Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple segment validation issues existed in dyld. These were addressed through improved environment sanitization.
apple
← Previous112 / 112