Apple TV

CVEs (63)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2014-4483	Apple Inc. Mac Os X	—	0.02	Jan 30, 2015	Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document.
CVE-2014-4480	Apple Inc. Iphone Os	—	0.02	Jan 30, 2015	Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.
CVE-2014-4479	Apple Inc. Safari	—	0.01	Jan 30, 2015	WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web…
CVE-2014-4477	Apple Inc. Safari	—	0.01	Jan 30, 2015	WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web…
CVE-2014-4476	Apple Inc. Safari	—	0.01	Jan 30, 2015	WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web…
CVE-2014-4462	Apple Inc. Iphone Os	—	0.02	Nov 18, 2014	WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4452.
CVE-2014-4455	Apple Inc. Iphone Os	—	0.00	Nov 18, 2014	dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file.
CVE-2014-4452	Apple Inc. Safari	—	0.01	Nov 18, 2014	WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462.
CVE-2014-4421	Apple Inc. Mac Os X	—	0.00	Sep 18, 2014	The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than…
CVE-2014-4420	Apple Inc. Mac Os X	—	0.00	Sep 18, 2014	The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than…
CVE-2014-4419	Apple Inc. Mac Os X	—	0.00	Sep 18, 2014	The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than…
CVE-2014-4415	Apple Inc. Safari	—	0.01	Sep 18, 2014	WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4414	Apple Inc. Mac Os X	—	0.01	Sep 18, 2014	WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4413	Apple Inc. Mac Os X	—	0.01	Sep 18, 2014	WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4412	Apple Inc. Mac Os X	—	0.01	Sep 18, 2014	WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4411	Apple Inc. Mac Os X	—	0.01	Sep 18, 2014	WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4410	Apple Inc. Mac Os X	—	0.01	Sep 18, 2014	WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4405	Apple Inc. Mac Os X	—	0.01	Sep 18, 2014	IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted key-mapping properties.
CVE-2014-4389	Apple Inc. Mac Os X	—	0.01	Sep 18, 2014	Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments.
CVE-2014-4383	Apple Inc. Iphone Os	—	0.01	Sep 18, 2014	The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header.

CVE-2014-4483Jan 30, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.02
Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document.
CVE-2014-4480Jan 30, 2015
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.02
Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.
CVE-2014-4479Jan 30, 2015
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web…
CVE-2014-4477Jan 30, 2015
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web…
CVE-2014-4476Jan 30, 2015
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web…
CVE-2014-4462Nov 18, 2014
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4452.
CVE-2014-4455Nov 18, 2014
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file.
CVE-2014-4452Nov 18, 2014
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462.
CVE-2014-4421Sep 18, 2014
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than…
CVE-2014-4420Sep 18, 2014
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than…
CVE-2014-4419Sep 18, 2014
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than…
CVE-2014-4415Sep 18, 2014
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4414Sep 18, 2014
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4413Sep 18, 2014
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4412Sep 18, 2014
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4411Sep 18, 2014
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4410Sep 18, 2014
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2014-4405Sep 18, 2014
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted key-mapping properties.
CVE-2014-4389Sep 18, 2014
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments.
CVE-2014-4383Sep 18, 2014
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.01
The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header.

Page 2 of 4