Apple TV

CVEs (85)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2014-4484	Apple Inc. iOS	—	0.04	Jan 30, 2015	FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file.
CVE-2014-4483	Apple Inc. iOS	—	0.04	Jan 30, 2015	Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document.
CVE-2014-4481	Apple Inc. iOS	—	0.06	Jan 30, 2015	Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
CVE-2014-4480	Apple Inc. iOS	—	0.03	Jan 30, 2015	Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.
CVE-2014-4479	Apple Inc. Safari	—	0.03	Jan 30, 2015	WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web…
CVE-2014-4477	Apple Inc. Safari	—	0.03	Jan 30, 2015	WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web…
CVE-2014-4476	Apple Inc. Safari	—	0.03	Jan 30, 2015	WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web…
CVE-2014-4462	Apple Inc. iOS	—	0.01	Nov 18, 2014	WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4452.
CVE-2014-4461	Apple Inc. iOS	—	0.03	Nov 18, 2014	The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application.
CVE-2014-4455	Apple Inc. iOS	—	0.00	Nov 18, 2014	dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file.
CVE-2014-4421	Apple Inc. iOS	—	0.00	Sep 18, 2014	The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than…
CVE-2014-4420	Apple Inc. iOS	—	0.00	Sep 18, 2014	The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than…
CVE-2014-4419	Apple Inc. iOS	—	0.00	Sep 18, 2014	The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than…
CVE-2014-4415	Apple Inc. iOS	—	0.03	Sep 18, 2014	WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4414	Apple Inc. iOS	—	0.03	Sep 18, 2014	WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4413	Apple Inc. iOS	—	0.03	Sep 18, 2014	WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4412	Apple Inc. iOS	—	0.03	Sep 18, 2014	WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4411	Apple Inc. iOS	—	0.03	Sep 18, 2014	WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4410	Apple Inc. iOS	—	0.03	Sep 18, 2014	WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4408	Apple Inc. iOS	—	0.00	Sep 18, 2014	The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (out-of-bounds read and device crash) via a crafted call.

CVE-2014-4484Jan 30, 2015
Apple Inc.
iOS
risk 0.00cvss —epss 0.04
FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file.
CVE-2014-4483Jan 30, 2015
Apple Inc.
iOS
risk 0.00cvss —epss 0.04
Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document.
CVE-2014-4481Jan 30, 2015
Apple Inc.
iOS
risk 0.00cvss —epss 0.06
Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
CVE-2014-4480Jan 30, 2015
Apple Inc.
iOS
risk 0.00cvss —epss 0.03
Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.
CVE-2014-4479Jan 30, 2015
Apple Inc.
Safari
risk 0.00cvss —epss 0.03
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web…
CVE-2014-4477Jan 30, 2015
Apple Inc.
Safari
risk 0.00cvss —epss 0.03
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web…
CVE-2014-4476Jan 30, 2015
Apple Inc.
Safari
risk 0.00cvss —epss 0.03
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web…
CVE-2014-4462Nov 18, 2014
Apple Inc.
iOS
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4452.
CVE-2014-4461Nov 18, 2014
Apple Inc.
iOS
risk 0.00cvss —epss 0.03
The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application.
CVE-2014-4455Nov 18, 2014
Apple Inc.
iOS
risk 0.00cvss —epss 0.00
dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file.
CVE-2014-4421Sep 18, 2014
Apple Inc.
iOS
risk 0.00cvss —epss 0.00
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than…
CVE-2014-4420Sep 18, 2014
Apple Inc.
iOS
risk 0.00cvss —epss 0.00
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than…
CVE-2014-4419Sep 18, 2014
Apple Inc.
iOS
risk 0.00cvss —epss 0.00
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than…
CVE-2014-4415Sep 18, 2014
Apple Inc.
iOS
risk 0.00cvss —epss 0.03
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4414Sep 18, 2014
Apple Inc.
iOS
risk 0.00cvss —epss 0.03
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4413Sep 18, 2014
Apple Inc.
iOS
risk 0.00cvss —epss 0.03
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4412Sep 18, 2014
Apple Inc.
iOS
risk 0.00cvss —epss 0.03
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4411Sep 18, 2014
Apple Inc.
iOS
risk 0.00cvss —epss 0.03
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4410Sep 18, 2014
Apple Inc.
iOS
risk 0.00cvss —epss 0.03
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4408Sep 18, 2014
Apple Inc.
iOS
risk 0.00cvss —epss 0.00
The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (out-of-bounds read and device crash) via a crafted call.

Page 2 of 5