tvOS
by Apple Inc.
CVEs (1,838)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-4466 | 0.00 | — | 0.03 | Dec 10, 2014 | WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs… | |||
| CVE-2014-4465 | 0.00 | — | 0.02 | Dec 10, 2014 | WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of an IMG element. | |||
| CVE-2014-4462 | 0.00 | — | 0.01 | Nov 18, 2014 | WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4452. | |||
| CVE-2014-4461 | 0.00 | — | 0.03 | Nov 18, 2014 | The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application. | |||
| CVE-2014-4459 | 0.00 | — | 0.05 | Nov 18, 2014 | Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document. | |||
| CVE-2014-4455 | 0.00 | — | 0.00 | Nov 18, 2014 | dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file. | |||
| CVE-2014-4452 | 0.00 | — | 0.01 | Nov 18, 2014 | WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462. | |||
| CVE-2014-3192 | 0.00 | — | 0.02 | Oct 8, 2014 | Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have… | |||
| CVE-2014-4421 | 0.00 | — | 0.00 | Sep 18, 2014 | The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than… | |||
| CVE-2014-4420 | 0.00 | — | 0.00 | Sep 18, 2014 | The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than… | |||
| CVE-2014-4419 | 0.00 | — | 0.00 | Sep 18, 2014 | The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than… | |||
| CVE-2014-4415 | 0.00 | — | 0.03 | Sep 18, 2014 | WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in… | |||
| CVE-2014-4414 | 0.00 | — | 0.03 | Sep 18, 2014 | WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in… | |||
| CVE-2014-4413 | 0.00 | — | 0.03 | Sep 18, 2014 | WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in… | |||
| CVE-2014-4412 | 0.00 | — | 0.03 | Sep 18, 2014 | WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in… | |||
| CVE-2014-4411 | 0.00 | — | 0.03 | Sep 18, 2014 | WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in… | |||
| CVE-2014-4410 | 0.00 | — | 0.03 | Sep 18, 2014 | WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in… | |||
| CVE-2014-4408 | 0.00 | — | 0.00 | Sep 18, 2014 | The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (out-of-bounds read and device crash) via a crafted call. | |||
| CVE-2014-4389 | 0.00 | — | 0.03 | Sep 18, 2014 | Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments. | |||
| CVE-2014-4383 | 0.00 | — | 0.01 | Sep 18, 2014 | The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header. |
- CVE-2014-4466Dec 10, 2014risk 0.00cvss —epss 0.03
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs…
- CVE-2014-4465Dec 10, 2014risk 0.00cvss —epss 0.02
WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of an IMG element.
- CVE-2014-4462Nov 18, 2014risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4452.
- CVE-2014-4461Nov 18, 2014risk 0.00cvss —epss 0.03
The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application.
- CVE-2014-4459Nov 18, 2014risk 0.00cvss —epss 0.05
Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.
- CVE-2014-4455Nov 18, 2014risk 0.00cvss —epss 0.00
dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file.
- CVE-2014-4452Nov 18, 2014risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462.
- CVE-2014-3192Oct 8, 2014risk 0.00cvss —epss 0.02
Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have…
- CVE-2014-4421Sep 18, 2014risk 0.00cvss —epss 0.00
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than…
- CVE-2014-4420Sep 18, 2014risk 0.00cvss —epss 0.00
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than…
- CVE-2014-4419Sep 18, 2014risk 0.00cvss —epss 0.00
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than…
- CVE-2014-4415Sep 18, 2014risk 0.00cvss —epss 0.03
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
- CVE-2014-4414Sep 18, 2014risk 0.00cvss —epss 0.03
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
- CVE-2014-4413Sep 18, 2014risk 0.00cvss —epss 0.03
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
- CVE-2014-4412Sep 18, 2014risk 0.00cvss —epss 0.03
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
- CVE-2014-4411Sep 18, 2014risk 0.00cvss —epss 0.03
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
- CVE-2014-4410Sep 18, 2014risk 0.00cvss —epss 0.03
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
- CVE-2014-4408Sep 18, 2014risk 0.00cvss —epss 0.00
The rt_setgate function in the kernel in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (out-of-bounds read and device crash) via a crafted call.
- CVE-2014-4389Sep 18, 2014risk 0.00cvss —epss 0.03
Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments.
- CVE-2014-4383Sep 18, 2014risk 0.00cvss —epss 0.01
The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header.
Page 89 of 92