Apple TV

CVEs (44)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2014-4422	Apple Inc. Iphone Os	Hig	0.53	8.1	0.02	Sep 18, 2014	The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator during the early portion of the boot process, which allows attackers to bypass certain kernel-hardening protection mechanisms by using a user-space process to observe data related…
CVE-2014-4418	Apple Inc. Iphone Os	Hig	0.51	7.8	0.00	Sep 18, 2014	IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different…
CVE-2014-4388	Apple Inc. Mac Os X	Hig	0.51	7.8	0.01	Sep 18, 2014	IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different…
CVE-2014-4375	Apple Inc. Mac Os X	Hig	0.51	7.8	0.00	Sep 18, 2014	Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related to Mach ports.
CVE-2014-4373	Apple Inc. Mac Os X	Med	0.36	5.5	0.00	Sep 18, 2014	The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application.
CVE-2014-4364	Apple Inc. Iphone Os	Med	0.36	5.6	0.01	Sep 18, 2014	The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then performing a cryptographic attack against the…
CVE-2014-4407	Apple Inc. Mac Os X	Low	0.21	3.3	0.00	Sep 18, 2014	IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls.
CVE-2014-4492	Apple Inc. Mac Os X		0.05	—	0.22	Jan 30, 2015	libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as…
CVE-2014-4377	Apple Inc. Mac Os X		0.01	—	0.11	Sep 18, 2014	Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
CVE-2015-1062	Apple Inc. Iphone Os		0.00	—	0.00	Mar 12, 2015	MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app.
CVE-2015-1067	Apple Inc. Mac Os X		0.00	—	0.05	Mar 11, 2015	Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related…
CVE-2014-4491	Apple Inc. Mac Os X		0.00	—	0.01	Jan 30, 2015	The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass the ASLR protection mechanism…
CVE-2014-4489	Apple Inc. Mac Os X		0.00	—	0.01	Jan 30, 2015	IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted…
CVE-2014-4452	Apple Inc. Safari		0.00	—	0.01	Nov 18, 2014	WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462.
CVE-2014-4421	Apple Inc. Mac Os X		0.00	—	0.00	Sep 18, 2014	The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than…
CVE-2014-4420	Apple Inc. Mac Os X		0.00	—	0.00	Sep 18, 2014	The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than…
CVE-2014-4419	Apple Inc. Mac Os X		0.00	—	0.00	Sep 18, 2014	The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than…
CVE-2014-4415	Apple Inc. Safari		0.00	—	0.01	Sep 18, 2014	WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4414	Apple Inc. Mac Os X		0.00	—	0.01	Sep 18, 2014	WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4413	Apple Inc. Mac Os X		0.00	—	0.01	Sep 18, 2014	WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…

CVE-2014-4422HigSep 18, 2014
Apple Inc.
Iphone Os
risk 0.53cvss 8.1epss 0.02
The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator during the early portion of the boot process, which allows attackers to bypass certain kernel-hardening protection mechanisms by using a user-space process to observe data related…
CVE-2014-4418HigSep 18, 2014
Apple Inc.
Iphone Os
risk 0.51cvss 7.8epss 0.00
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different…
CVE-2014-4388HigSep 18, 2014
Apple Inc.
Mac Os X
risk 0.51cvss 7.8epss 0.01
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different…
CVE-2014-4375HigSep 18, 2014
Apple Inc.
Mac Os X
risk 0.51cvss 7.8epss 0.00
Double free vulnerability in Apple iOS before 8 and Apple TV before 7 allows local users to gain privileges or cause a denial of service (device crash) via vectors related to Mach ports.
CVE-2014-4373MedSep 18, 2014
Apple Inc.
Mac Os X
risk 0.36cvss 5.5epss 0.00
The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application.
CVE-2014-4364MedSep 18, 2014
Apple Inc.
Iphone Os
risk 0.36cvss 5.6epss 0.01
The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then performing a cryptographic attack against the…
CVE-2014-4407LowSep 18, 2014
Apple Inc.
Mac Os X
risk 0.21cvss 3.3epss 0.00
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls.
CVE-2014-4492Jan 30, 2015
Apple Inc.
Mac Os X
risk 0.05cvss —epss 0.22
libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as…
CVE-2014-4377Sep 18, 2014
Apple Inc.
Mac Os X
risk 0.01cvss —epss 0.11
Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
CVE-2015-1062Mar 12, 2015
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app.
CVE-2015-1067Mar 11, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.05
Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related…
CVE-2014-4491Jan 30, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass the ASLR protection mechanism…
CVE-2014-4489Jan 30, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted…
CVE-2014-4452Nov 18, 2014
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462.
CVE-2014-4421Sep 18, 2014
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than…
CVE-2014-4420Sep 18, 2014
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than…
CVE-2014-4419Sep 18, 2014
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than…
CVE-2014-4415Sep 18, 2014
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4414Sep 18, 2014
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4413Sep 18, 2014
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…

Page 1 of 3