tvOS
by Apple Inc.
CVEs (1,853)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-8854 | Hig | 0.49 | 7.5 | 0.01 | Oct 27, 2020 | A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. A device may be passively tracked by its Wi-Fi MAC address. | ||
| CVE-2019-8633 | Hig | 0.49 | 7.5 | 0.01 | Oct 27, 2020 | A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3, watchOS 5.3. An application may be able to read restricted memory. | ||
| CVE-2019-8631 | Hig | 0.49 | 7.5 | 0.01 | Oct 27, 2020 | A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3. Users removed from an iMessage conversation may still be able to alter state. | ||
| CVE-2018-4474 | Hig | 0.49 | 7.5 | 0.02 | Oct 27, 2020 | A memory consumption issue was addressed with improved memory handling. This issue is fixed in iCloud for Windows 7.7, watchOS 5, Safari 12, iOS 12, iTunes 12.9 for Windows, tvOS 12. Unexpected interaction causes an ASSERT failure. | ||
| CVE-2020-9905 | Hig | 0.49 | 7.5 | 0.03 | Oct 22, 2020 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A remote attacker may be able to cause a denial of service. | ||
| CVE-2020-9914 | Hig | 0.49 | 7.5 | 0.01 | Oct 16, 2020 | An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An attacker in a privileged network position may be able to perform denial of service attack using malformed… | ||
| CVE-2020-9839 | Hig | 0.49 | 7.0 | 0.04 | Jun 9, 2020 | A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges. | ||
| CVE-2020-9837 | Hig | 0.49 | 7.5 | 0.01 | Jun 9, 2020 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5. A remote attacker may be able to leak memory. | ||
| CVE-2020-9827 | Hig | 0.49 | 7.5 | 0.02 | Jun 9, 2020 | A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause a denial of service. | ||
| CVE-2019-8741 | Hig | 0.49 | 7.5 | 0.02 | Feb 28, 2020 | A denial of service issue was addressed with improved input validation. | ||
| CVE-2019-8787 | Hig | 0.49 | 7.5 | 0.01 | Dec 18, 2019 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. A remote attacker may be able to leak memory. | ||
| CVE-2019-8620 | Hig | 0.49 | 7.5 | 0.02 | Dec 18, 2019 | A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A device may be passively tracked by its WiFi MAC address. | ||
| CVE-2019-8516 | Hig | 0.49 | 7.5 | 0.02 | Dec 18, 2019 | A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. Processing a maliciously crafted string may lead to a denial of service. | ||
| CVE-2018-4436 | Hig | 0.49 | 7.5 | 0.01 | Apr 3, 2019 | A certificate validation issue existed in configuration profiles. This was addressed with additional checks. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2. | ||
| CVE-2018-4398 | Hig | 0.49 | 7.5 | 0.02 | Apr 3, 2019 | An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1, iCloud for Windows 7.8. | ||
| CVE-2018-4369 | Hig | 0.49 | 7.5 | 0.02 | Apr 3, 2019 | A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1. | ||
| CVE-2018-4248 | Hig | 0.49 | 7.5 | 0.02 | Apr 3, 2019 | An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2. | ||
| CVE-2018-4203 | Hig | 0.49 | 7.5 | 0.02 | Apr 3, 2019 | An out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. | ||
| CVE-2018-4277 | Hig | 0.49 | 7.5 | 0.02 | Jan 11, 2019 | In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari before 11.1.1, macOS High Sierra before 10.13.6, a spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. | ||
| CVE-2018-4185 | Hig | 0.49 | 7.5 | 0.03 | Jan 11, 2019 | In iOS before 11.3, tvOS before 11.3, watchOS before 4.3, and macOS before High Sierra 10.13.4, an information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling. |
- risk 0.49cvss 7.5epss 0.01
A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. A device may be passively tracked by its Wi-Fi MAC address.
- risk 0.49cvss 7.5epss 0.01
A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3, watchOS 5.3. An application may be able to read restricted memory.
- risk 0.49cvss 7.5epss 0.01
A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3. Users removed from an iMessage conversation may still be able to alter state.
- risk 0.49cvss 7.5epss 0.02
A memory consumption issue was addressed with improved memory handling. This issue is fixed in iCloud for Windows 7.7, watchOS 5, Safari 12, iOS 12, iTunes 12.9 for Windows, tvOS 12. Unexpected interaction causes an ASSERT failure.
- risk 0.49cvss 7.5epss 0.03
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. A remote attacker may be able to cause a denial of service.
- risk 0.49cvss 7.5epss 0.01
An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An attacker in a privileged network position may be able to perform denial of service attack using malformed…
- risk 0.49cvss 7.0epss 0.04
A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges.
- risk 0.49cvss 7.5epss 0.01
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5. A remote attacker may be able to leak memory.
- risk 0.49cvss 7.5epss 0.02
A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause a denial of service.
- risk 0.49cvss 7.5epss 0.02
A denial of service issue was addressed with improved input validation.
- risk 0.49cvss 7.5epss 0.01
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. A remote attacker may be able to leak memory.
- risk 0.49cvss 7.5epss 0.02
A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A device may be passively tracked by its WiFi MAC address.
- risk 0.49cvss 7.5epss 0.02
A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. Processing a maliciously crafted string may lead to a denial of service.
- risk 0.49cvss 7.5epss 0.01
A certificate validation issue existed in configuration profiles. This was addressed with additional checks. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2.
- risk 0.49cvss 7.5epss 0.02
An issue existed in the method for determining prime numbers. This issue was addressed by using pseudorandom bases for testing of primes. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1, iTunes 12.9.1, iCloud for Windows 7.8.
- risk 0.49cvss 7.5epss 0.02
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.
- risk 0.49cvss 7.5epss 0.02
An out-of-bounds read was addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2.
- risk 0.49cvss 7.5epss 0.02
An out-of-bounds read was addressed with improved bounds checking. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
- risk 0.49cvss 7.5epss 0.02
In iOS before 11.4.1, watchOS before 4.3.2, tvOS before 11.4.1, Safari before 11.1.1, macOS High Sierra before 10.13.6, a spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.
- risk 0.49cvss 7.5epss 0.03
In iOS before 11.3, tvOS before 11.3, watchOS before 4.3, and macOS before High Sierra 10.13.4, an information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling.
Page 50 of 93