Skip to main content

Tvos

1548 CVEs product

Monthly

CVE-2014-1278 HIGH This Week

The ptmx_get_ioctl function in the ARM kernel in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access and. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Buffer Overflow Iphone Os Tvos
NVD VulDB
CVSS 2.0
7.2
EPSS
0.0%
CVE-2014-1275 MEDIUM This Month

Buffer overflow in ImageIO in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow RCE Iphone Os +1
NVD VulDB
CVSS 2.0
6.8
EPSS
1.1%
CVE-2014-1273 MEDIUM This Month

dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Authentication Bypass Tvos Iphone Os
NVD VulDB
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-1272 MEDIUM This Month

CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink. Rated medium severity (CVSS 6.3). No vendor patch available.

Apple Denial Of Service Tvos Iphone Os
NVD VulDB
CVSS 2.0
6.3
EPSS
0.0%
CVE-2014-1271 HIGH This Week

CoreCapture in Apple iOS before 7.1 and Apple TV before 6.1 does not properly validate IOKit API calls, which allows attackers to cause a denial of service (assertion failure and device crash) via a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Denial Of Service Iphone Os Tvos
NVD VulDB
CVSS 2.0
7.8
EPSS
0.3%
CVE-2014-1267 MEDIUM This Month

The Configuration Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 does not properly evaluate the expiration date of a mobile configuration profile, which allows attackers to bypass. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Authentication Bypass Tvos Iphone Os
NVD VulDB
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-1266 HIGH POC THREAT Act Now

The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 17.9%.

Information Disclosure Apple Microsoft Iphone Os Mac Os X +1
NVD
CVSS 3.1
7.4
EPSS
17.9%
CVE-2013-0340 MEDIUM POC This Month

expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service XXE Libexpat Python Ipados +4
NVD GitHub
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-5228 MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple RCE Itunes +4
NVD
CVSS 2.0
6.8
EPSS
0.9%
CVE-2013-5225 MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple RCE Safari +4
NVD
CVSS 2.0
6.8
EPSS
2.1%
CVE-2013-5199 MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple RCE Itunes +4
NVD
CVSS 2.0
6.8
EPSS
2.8%
CVE-2013-5198 MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple RCE Safari +4
NVD
CVSS 2.0
6.8
EPSS
2.1%
CVE-2013-5197 MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple RCE Safari +4
NVD
CVSS 2.0
6.8
EPSS
2.1%
CVE-2013-5196 MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple RCE Itunes +4
NVD
CVSS 2.0
6.8
EPSS
2.1%
CVE-2013-0981 HIGH This Week

The IOUSBDeviceFamily driver in the USB implementation in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 accesses pipe object pointers that originated in userspace, which allows local. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Iphone Os Tvos
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2013-0978 LOW Monitor

The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Iphone Os Tvos
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-0977 MEDIUM This Month

dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Iphone Os Tvos
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-0964 LOW Monitor

The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not properly validate copyin and copyout arguments, which allows local users to bypass intended pointer restrictions and access. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Tvos Iphone Os
NVD
CVSS 2.0
3.6
EPSS
0.1%
EPSS 0% CVSS 7.2
HIGH This Week

The ptmx_get_ioctl function in the ARM kernel in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access and. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Buffer Overflow +2
NVD VulDB
EPSS 1% CVSS 6.8
MEDIUM This Month

Buffer overflow in ImageIO in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 5.8
MEDIUM This Month

dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Authentication Bypass Tvos +1
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink. Rated medium severity (CVSS 6.3). No vendor patch available.

Apple Denial Of Service Tvos +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

CoreCapture in Apple iOS before 7.1 and Apple TV before 6.1 does not properly validate IOKit API calls, which allows attackers to cause a denial of service (assertion failure and device crash) via a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Denial Of Service Iphone Os +1
NVD VulDB
EPSS 0% CVSS 5.8
MEDIUM This Month

The Configuration Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 does not properly evaluate the expiration date of a mobile configuration profile, which allows attackers to bypass. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Apple Authentication Bypass Tvos +1
NVD VulDB
EPSS 18% CVSS 7.4
HIGH POC THREAT Act Now

The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 17.9%.

Information Disclosure Apple Microsoft +3
NVD
EPSS 0% CVSS 6.8
MEDIUM POC This Month

expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service XXE Libexpat +6
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple +6
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple +6
NVD
EPSS 3% CVSS 6.8
MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple +6
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple +6
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple +6
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple +6
NVD
EPSS 0% CVSS 7.2
HIGH This Week

The IOUSBDeviceFamily driver in the USB implementation in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 accesses pipe object pointers that originated in userspace, which allows local. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Iphone Os +1
NVD
EPSS 0% CVSS 2.1
LOW Monitor

The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Iphone Os +1
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Iphone Os +1
NVD
EPSS 0% CVSS 3.6
LOW Monitor

The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not properly validate copyin and copyout arguments, which allows local users to bypass intended pointer restrictions and access. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Tvos +1
NVD
Prev Page 18 of 18

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy