Apple tvOS vulnerabilities
2,227 known vulnerabilities affecting apple/tvos.
Total CVEs
2,227
CISA KEV
41
actively exploited
Public exploits
199
Exploited in wild
31
Severity breakdown
CRITICAL148HIGH1222MEDIUM795LOW59UNKNOWN3
Vulnerabilities
Page 86 of 112
CVE-2017-7018HIGHCVSS 8.8PoCfixed in 10.2.22017-07-20
CVE-2017-7018 [HIGH] CWE-119 CVE-2017-7018: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of s
nvdapple
CVE-2017-7028MEDIUMCVSS 5.5fixed in 10.2.22017-07-20
CVE-2017-7028 [MEDIUM] CWE-200 CVE-2017-7028: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
nvdapple
CVE-2017-7059MEDIUMCVSS 6.1fixed in 10.2.22017-07-20
CVE-2017-7059 [MEDIUM] CWE-79 CVE-2017-7059: A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safar
A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
nvdapple
CVE-2017-7006MEDIUMCVSS 5.3fixed in 10.2.22017-07-20
CVE-2017-7006 [MEDIUM] CWE-203 CVE-2017-7006: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct a timing side-channel attack to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that u
nvdapple
CVE-2017-7038MEDIUMCVSS 6.1fixed in 10.2.22017-07-20
CVE-2017-7038 [MEDIUM] CWE-79 CVE-2017-7038: A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safar
A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.
nvdapple
CVE-2017-7029MEDIUMCVSS 5.5fixed in 10.2.22017-07-20
CVE-2017-7029 [MEDIUM] CWE-200 CVE-2017-7029: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
nvdapple
CVE-2017-9417CRITICALCVSS 9.8PoCv10.2.22017-07-19
CVE-2017-9417 [CRITICAL] CVE-2017-9417: tvOS 10.2.2
Apple Security Update: About the security content of tvOS 10.2.2
Product: tvOS
Version: 10.2.2
CVE: CVE-2017-9417
Component: Wi-Fi
Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
Description: A memory corruption issue was addressed with improved memory handling.
apple
CVE-2016-9843CRITICALCVSS 9.8fixed in 11.02017-05-23
CVE-2016-9843 [CRITICAL] CVE-2016-9843: The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unsp
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
nvdapple
CVE-2016-9841CRITICALCVSS 9.8fixed in 11.02017-05-23
CVE-2016-9841 [CRITICAL] CVE-2016-9841: inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by levera
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
nvdapple
CVE-2016-9842HIGHCVSS 8.8fixed in 11.02017-05-23
CVE-2016-9842 [HIGH] CWE-1335 CVE-2016-9842: The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
nvdapple
CVE-2016-9840HIGHCVSS 8.8fixed in 11.02017-05-23
CVE-2016-9840 [HIGH] CVE-2016-9840: inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by lever
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
nvdapple
CVE-2017-2524CRITICALCVSS 9.8PoCfixed in 10.2.12017-05-22
CVE-2017-2524 [CRITICAL] CWE-119 CVE-2017-2524: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "TextInput" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash)
nvdapple
CVE-2017-2518CRITICALCVSS 9.8fixed in 10.2.12017-05-22
CVE-2017-2518 [CRITICAL] CWE-416 CVE-2017-2518: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via
nvdapple
CVE-2017-2520CRITICALCVSS 9.8fixed in 10.2.12017-05-22
CVE-2017-2520 [CRITICAL] CWE-787 CVE-2017-2520: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via
nvdapple
CVE-2017-2523CRITICALCVSS 9.8PoCfixed in 10.2.12017-05-22
CVE-2017-2523 [CRITICAL] CWE-119 CVE-2017-2523: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Foundation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash
nvdapple
CVE-2017-2513CRITICALCVSS 9.8≤ 10.22017-05-22
CVE-2017-2513 [CRITICAL] CWE-416 CVE-2017-2513: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (application cra
nvdapple
CVE-2017-2519CRITICALCVSS 9.8fixed in 10.2.12017-05-22
CVE-2017-2519 [CRITICAL] CVE-2017-2519: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craf
nvdapple
CVE-2017-2522CRITICALCVSS 9.8PoCfixed in 10.2.12017-05-22
CVE-2017-2522 [CRITICAL] CWE-119 CVE-2017-2522: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreFoundation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application c
nvdapple
CVE-2017-6996HIGHCVSS 7.8PoC≤ 10.22017-05-22
CVE-2017-6996 [HIGH] CWE-119 CVE-2017-6996: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
nvdapple
CVE-2017-2515HIGHCVSS 8.8PoC≤ 10.22017-05-22
CVE-2017-2515 [HIGH] CWE-119 CVE-2017-2515: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
nvdapple