Apple tvOS vulnerabilities

CVE-2019-15165 [MEDIUM] CWE-770 CVE-2019-15165: sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocati sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.

CVE-2019-8750 [CRITICAL] CVE-2019-8750: tvOS 13 Apple Security Update: About the security content of tvOS 13 Product: tvOS Version: 13 CVE: CVE-2019-8750 Component: Keyboards Impact: A local user may be able to leak sensitive user information Description: An authentication issue was addressed with improved state management.

CVE-2019-8747 [HIGH] CVE-2019-8747: tvOS 13 Apple Security Update: About the security content of tvOS 13 Product: tvOS Version: 13 CVE: CVE-2019-8747 Component: AppleFirmwareUpdateKext Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking.

CVE-2019-8766 [HIGH] CVE-2019-8766: tvOS 13 Apple Security Update: About the security content of tvOS 13 Product: tvOS Version: 13 CVE: CVE-2019-8766 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2019-8765 [HIGH] CVE-2019-8765: tvOS 13 Apple Security Update: About the security content of tvOS 13 Product: tvOS Version: 13 CVE: CVE-2019-8765 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2019-8743 [HIGH] CVE-2019-8743: tvOS 13 Apple Security Update: About the security content of tvOS 13 Product: tvOS Version: 13 CVE: CVE-2019-8743 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2019-8710 [HIGH] CVE-2019-8710: tvOS 13 Apple Security Update: About the security content of tvOS 13 Product: tvOS Version: 13 CVE: CVE-2019-8710 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2019-8764 [MEDIUM] CVE-2019-8764: tvOS 13 Apple Security Update: About the security content of tvOS 13 Product: tvOS Version: 13 CVE: CVE-2019-8764 Component: WebKit Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management.

CVE-2019-9506 [HIGH] CWE-310 CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encrypti The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.

CVE-2018-16860 [HIGH] CVE-2018-16860: tvOS 12.4 Apple Security Update: About the security content of tvOS 12.4 Product: tvOS Version: 12.4 CVE: CVE-2018-16860 Component: Heimdal Impact: An issue existed in Samba that may allow attackers to perform unauthorized actions by intercepting communications between services Description: This issue was addressed with improved checks to prevent unauthorized actions.

CVE-2020-10135 [MEDIUM] CVE-2020-10135: tvOS 12.4 Apple Security Update: About the security content of tvOS 12.4 Product: tvOS Version: 12.4 CVE: CVE-2020-10135 Component: The changes for this issue mitigate CVE-2020-10135.

CVE-2019-13118 [MEDIUM] CWE-843 CVE-2019-13118: In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.

CVE-2019-2102 [HIGH] CVE-2019-2102: tvOS 12.3 Apple Security Update: About the security content of tvOS 12.3 Product: tvOS Version: 12.3 CVE: CVE-2019-2102 Component: Bluetooth Impact: Due to a misconfiguration in the Bluetooth pairing protocols of a Bluetooth Low Energy (BLE) version of FIDO Security Keys it may be possible for an attacker with physical proximity to be able to intercept Bluetooth traffic during pairing Description: This issue was addressed by disabling accessories with insecure

CVE-2018-4332 [CRITICAL] CWE-119 CVE-2018-4332: A memory corruption issue was addressed with improved memory handling. This issue affected versions A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

CVE-2018-4331 [CRITICAL] CWE-119 CVE-2018-4331: A memory corruption issue was addressed with improved memory handling. This issue affected versions A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

CVE-2018-4340 [HIGH] CWE-119 CVE-2018-4340: A memory corruption issue was addressed with improved memory handling. This issue affected versions A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

CVE-2018-4414 [HIGH] CWE-119 CVE-2018-4414: A memory corruption issue was addressed with improved input validation. This issue affected versions A memory corruption issue was addressed with improved input validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5, iTunes 12.9 for Windows, iCloud for Windows 7.7.

CVE-2018-4359 [HIGH] CWE-119 CVE-2018-4359: Multiple memory corruption issues were addressed with improved memory handling. This issue affected Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

CVE-2018-4369 [HIGH] CWE-20 CVE-2018-4369: A logic issue was addressed with improved state management. This issue affected versions prior to iO A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.

CVE-2018-4317 [HIGH] CWE-416 CVE-2018-4317: A use after free issue was addressed with improved memory management. This issue affected versions p A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.