Apple tvOS vulnerabilities
2,227 known vulnerabilities affecting apple/tvos.
Total CVEs
2,227
CISA KEV
41
actively exploited
Public exploits
199
Exploited in wild
31
Severity breakdown
CRITICAL148HIGH1222MEDIUM795LOW59UNKNOWN3
Vulnerabilities
Page 99 of 112
CVE-2016-1824HIGHCVSS 7.8fixed in 9.2.12016-05-20
CVE-2016-1824 [HIGH] CVE-2016-1824: IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.
IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1823.
nvdapple
CVE-2016-1819HIGHCVSS 7.8PoCfixed in 9.2.12016-05-20
CVE-2016-1819 [HIGH] CVE-2016-1819: Use-after-free vulnerability in the IOAccelContext2::clientMemoryForType method in Apple iOS before
Use-after-free vulnerability in the IOAccelContext2::clientMemoryForType method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016
nvdapple
CVE-2016-1813HIGHCVSS 7.8PoCfixed in 9.2.12016-05-20
CVE-2016-1813 [HIGH] CWE-476 CVE-2016-1813: The IOAccelSharedUserClient2::page_off_resource method in Apple iOS before 9.3.2, OS X before 10.11.
The IOAccelSharedUserClient2::page_off_resource method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
nvdapple
CVE-2016-1840HIGHCVSS 7.8fixed in 9.2.12016-05-20
CVE-2016-1840 [HIGH] CWE-119 CVE-2016-1840: Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used i
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
nvdapple
CVE-2016-1856HIGHCVSS 8.8fixed in 9.2.12016-05-20
CVE-2016-1856 [HIGH] CVE-2016-1856: WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1857.
nvdapple
CVE-2016-1832HIGHCVSS 7.8fixed in 9.2.12016-05-20
CVE-2016-1832 [HIGH] CWE-119 CVE-2016-1832: libc in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 all
libc in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
nvdapple
CVE-2016-1828HIGHCVSS 7.8PoCfixed in 9.2.12016-05-20
CVE-2016-1828 [HIGH] CVE-2016-1828: The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2
The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1829, and CVE-2016-1830.
nvdapple
CVE-2016-1801HIGHCVSS 7.5fixed in 9.2.12016-05-20
CVE-2016-1801 [HIGH] CWE-200 CVE-2016-1801: The CFNetwork Proxies subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.
The CFNetwork Proxies subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 mishandles URLs in http and https requests, which allows remote attackers to obtain sensitive information via unspecified vectors.
nvdapple
CVE-2016-1818HIGHCVSS 7.8≤ 9.22016-05-20
CVE-2016-1818 [HIGH] CVE-2016-1818: IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS b
IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016-1819.
nvdapple
CVE-2016-1823HIGHCVSS 7.8PoCfixed in 9.2.12016-05-20
CVE-2016-1823 [HIGH] CWE-125 CVE-2016-1823: The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS
The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read and memory corruption) via a crafted IOHIDReportType enum, which triggers an incorrect cast, a differ
nvdapple
CVE-2016-1854HIGHCVSS 8.8fixed in 9.2.12016-05-20
CVE-2016-1854 [HIGH] CWE-119 CVE-2016-1854: WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1855, CVE-2016-1856, and CVE-2016-1857.
nvdapple
CVE-2016-1859HIGHCVSS 8.8fixed in 9.2.12016-05-20
CVE-2016-1859 [HIGH] CWE-119 CVE-2016-1859: The WebKit Canvas implementation in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2
The WebKit Canvas implementation in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
nvdapple
CVE-2016-1817HIGHCVSS 7.8fixed in 9.2.12016-05-20
CVE-2016-1817 [HIGH] CWE-119 CVE-2016-1817: IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS b
IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1818 and CVE-2016-1819.
nvdapple
CVE-2016-1841HIGHCVSS 8.8fixed in 9.2.12016-05-20
CVE-2016-1841 [HIGH] CWE-119 CVE-2016-1841: libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS befo
libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
nvdapple
CVE-2016-1834HIGHCVSS 7.8fixed in 9.2.12016-05-20
CVE-2016-1834 [HIGH] CWE-119 CVE-2016-1834: Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS
Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
nvdapple
CVE-2016-1803HIGHCVSS 7.8PoCfixed in 9.2.12016-05-20
CVE-2016-1803 [HIGH] CWE-476 CVE-2016-1803: CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.
CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
nvdapple
CVE-2016-1855HIGHCVSS 8.8fixed in 9.2.12016-05-20
CVE-2016-1855 [HIGH] CVE-2016-1855: WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1856, and CVE-2016-1857.
nvdapple
CVE-2016-1830HIGHCVSS 7.8fixed in 9.2.12016-05-20
CVE-2016-1830 [HIGH] CVE-2016-1830: The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2
The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1828, and CVE-2016-1829.
nvdapple
CVE-2016-1857HIGHCVSS 8.8fixed in 9.2.12016-05-20
CVE-2016-1857 [HIGH] CVE-2016-1857: WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856.
nvdapple
CVE-2016-1847HIGHCVSS 8.8fixed in 9.2.12016-05-20
CVE-2016-1847 [HIGH] CWE-119 CVE-2016-1847: OpenGL, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS befor
OpenGL, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
nvdapple