VYPR

TV

by Apple Inc.

CVEs (149)

  • CVE-2026-28830MedMay 11, 2026
    risk 0.31cvss 4.7epss 0.00

    A race condition was addressed with additional validation. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data.

  • CVE-2026-28901MedMay 11, 2026
    risk 0.28cvss 4.3epss 0.00

    The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

  • CVE-2014-4407LowSep 18, 2014
    risk 0.22cvss 3.3epss 0.01

    IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls.

  • CVE-2014-4492Jan 30, 2015
    risk 0.05cvss epss 0.20

    libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as…

  • CVE-2015-1100Apr 10, 2015
    risk 0.03cvss epss 0.01

    The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (out-of-bounds memory access) or obtain sensitive memory-content information via a crafted app.

  • CVE-2014-1287Mar 14, 2014
    risk 0.03cvss epss 0.01

    USB Host in Apple iOS before 7.1 and Apple TV before 6.1 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted USB messages.

  • CVE-2015-1067Mar 11, 2015
    risk 0.02cvss epss 0.20

    Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related…

  • CVE-2015-1105Apr 10, 2015
    risk 0.01cvss epss 0.09

    The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets.

  • CVE-2015-1104Apr 10, 2015
    risk 0.01cvss epss 0.07

    The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass an intended network-filtering protection mechanism via a crafted packet.

  • CVE-2014-4405Sep 18, 2014
    risk 0.01cvss epss 0.08

    IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted key-mapping properties.

  • CVE-2014-4377Sep 18, 2014
    risk 0.01cvss epss 0.07

    Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

  • CVE-2024-44157Oct 11, 2024
    risk 0.00cvss epss 0.00

    A stack buffer overflow was addressed through improved input validation. This issue is fixed in Apple TV 1.5.0.152 for Windows, iTunes 12.13.3 for Windows. Parsing a maliciously crafted video file may lead to unexpected system termination.

  • CVE-2015-1123Apr 10, 2015
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…

  • CVE-2015-1122Apr 10, 2015
    risk 0.00cvss epss 0.03

    WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a…

  • CVE-2015-1121Apr 10, 2015
    risk 0.00cvss epss 0.03

    WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a…

  • CVE-2015-1119Apr 10, 2015
    risk 0.00cvss epss 0.03

    WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a…

  • CVE-2015-1118Apr 10, 2015
    risk 0.00cvss epss 0.02

    libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configuration profile.

  • CVE-2015-1117Apr 10, 2015
    risk 0.00cvss epss 0.00

    The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to execute code with unintended user or group…

  • CVE-2015-1114Apr 10, 2015
    risk 0.00cvss epss 0.00

    The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to discover hardware identifiers via a crafted app.

  • CVE-2015-1110Apr 10, 2015
    risk 0.00cvss epss 0.02

    The Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to discover unique identifiers by reading asset-download request data.

Page 3 of 8