Filtered by vendor Apple Subscriptions
Filtered by product Tvos Subscriptions
Total 1698 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-22612 1 Apple 6 Ipados, Iphone Os, Itunes and 3 more 2024-11-21 7.8 High
A memory consumption issue was addressed with improved memory handling. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to heap corruption.
CVE-2022-22611 1 Apple 6 Ipados, Iphone Os, Itunes and 3 more 2024-11-21 7.8 High
An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to arbitrary code execution.
CVE-2022-22610 1 Apple 6 Ipad Os, Iphone Os, Macos and 3 more 2024-11-21 8.8 High
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to code execution.
CVE-2022-22609 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2024-11-21 7.5 High
The issue was addressed with additional permissions checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to read other applications' settings.
CVE-2022-22600 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2024-11-21 5.5 Medium
The issue was addressed with improved permissions logic. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to bypass certain Privacy preferences.
CVE-2022-22594 2 Apple, Redhat 7 Ipados, Iphone Os, Macos and 4 more 2024-11-21 6.5 Medium
A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be able to track sensitive user information.
CVE-2022-22593 1 Apple 6 Ipados, Iphone Os, Mac Os X and 3 more 2024-11-21 7.8 High
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. A malicious application may be able to execute arbitrary code with kernel privileges.
CVE-2022-22592 2 Apple, Redhat 7 Ipados, Iphone, Macos and 4 more 2024-11-21 6.5 Medium
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
CVE-2022-22590 3 Apple, Redhat, Webkitgtk 8 Ipados, Iphone Os, Macos and 5 more 2024-11-21 8.8 High
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2022-22589 2 Apple, Redhat 8 Ipados, Iphone Os, Mac Os X and 5 more 2024-11-21 6.1 Medium
A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript.
CVE-2022-22585 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2024-11-21 7.5 High
An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access a user's files.
CVE-2022-22584 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2024-11-21 7.8 High
A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. Processing a maliciously crafted file may lead to arbitrary code execution.
CVE-2022-22579 1 Apple 5 Ipados, Iphone Os, Mac Os X and 2 more 2024-11-21 7.8 High
An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution.
CVE-2022-22578 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2024-11-21 7.8 High
A logic issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. A malicious application may be able to gain root privileges.
CVE-2022-21658 4 Apple, Fedoraproject, Redhat and 1 more 8 Ipados, Iphone Os, Macos and 5 more 2024-11-21 7.3 High
Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the `std::fs::remove_dir_all` standard library function is vulnerable a race condition enabling symlink following (CWE-363). An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn't otherwise access or delete. Rust 1.0.0 through Rust 1.58.0 is affected by this vulnerability with 1.58.1 containing a patch. Note that the following build targets don't have usable APIs to properly mitigate the attack, and are thus still vulnerable even with a patched toolchain: macOS before version 10.10 (Yosemite) and REDOX. We recommend everyone to update to Rust 1.58.1 as soon as possible, especially people developing programs expected to run in privileged contexts (including system daemons and setuid binaries), as those have the highest risk of being affected by this. Note that adding checks in your codebase before calling remove_dir_all will not mitigate the vulnerability, as they would also be vulnerable to race conditions like remove_dir_all itself. The existing mitigation is working as intended outside of race conditions.
CVE-2022-1622 4 Apple, Fedoraproject, Libtiff and 1 more 7 Iphone Os, Macos, Tvos and 4 more 2024-11-21 5.5 Medium
LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa.
CVE-2021-36690 3 Apple, Oracle, Sqlite 6 Iphone Os, Macos, Tvos and 3 more 2024-11-21 7.5 High
A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.
CVE-2021-31008 1 Apple 6 Ipados, Iphone Os, Macos and 3 more 2024-11-21 8.8 High
A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 15.1, tvOS 15.1, iOS 15 and iPadOS 15, macOS Monterey 12.0.1, watchOS 8.1. Processing maliciously crafted web content may lead to code execution.
CVE-2021-31007 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2024-11-21 5.5 Medium
Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, tvOS 15.1, macOS Big Sur 11.6.2, watchOS 8.1, macOS Monterey 12.1. A malicious application may be able to bypass Privacy preferences.
CVE-2021-31006 1 Apple 3 Macos, Tvos, Watchos 2024-11-21 5.5 Medium
Description: A permissions issue was addressed with improved validation. This issue is fixed in watchOS 7.6, tvOS 14.7, macOS Big Sur 11.5. A malicious application may be able to bypass certain Privacy preferences.