Filtered by vendor Apple
Subscriptions
Filtered by product Tvos
Subscriptions
Total
1698 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-20044 | 6 Apple, Debian, Fedoraproject and 3 more | 12 Ipados, Iphone Os, Mac Os X and 9 more | 2024-08-05 | 7.8 High |
| In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid(). | ||||
| CVE-2019-15165 | 8 Apple, Canonical, Debian and 5 more | 12 Ipados, Iphone Os, Mac Os X and 9 more | 2024-08-05 | 5.3 Medium |
| sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. | ||||
| CVE-2019-14899 | 4 Apple, Freebsd, Linux and 1 more | 8 Ipados, Iphone Os, Mac Os X and 5 more | 2024-08-05 | 7.4 High |
| A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel. | ||||
| CVE-2019-13118 | 7 Apple, Canonical, Fedoraproject and 4 more | 25 Icloud, Iphone Os, Itunes and 22 more | 2024-08-04 | 5.3 Medium |
| In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. | ||||
| CVE-2019-8898 | 1 Apple | 5 Ipados, Iphone Os, Itunes and 2 more | 2024-08-04 | 4.3 Medium |
| An information disclosure issue existed in the handling of the Storage Access API. This issue was addressed with improved logic. This issue is fixed in iOS 13.3 and iPadOS 13.3, tvOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows. Visiting a maliciously crafted website may reveal sites a user has visited. | ||||
| CVE-2019-8795 | 1 Apple | 3 Ipados, Iphone Os, Tvos | 2024-08-04 | 7.8 High |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2. An application may be able to execute arbitrary code with system privileges. | ||||
| CVE-2019-8833 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2024-08-04 | 7.8 High |
| A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2019-8846 | 2 Apple, Redhat | 10 Icloud, Ipados, Iphone Os and 7 more | 2024-08-04 | 8.8 High |
| A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2019-8848 | 1 Apple | 8 Icloud, Ipados, Iphone Os and 5 more | 2024-08-04 | 7.8 High |
| This issue was addressed with improved checks. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An application may be able to gain elevated privileges. | ||||
| CVE-2019-8854 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-08-04 | 7.5 High |
| A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. A device may be passively tracked by its Wi-Fi MAC address. | ||||
| CVE-2019-8828 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2024-08-04 | 7.8 High |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3 and iPadOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, tvOS 13.3. An application may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2019-8850 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2024-08-04 | 5.5 Medium |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6. Processing a maliciously crafted audio file may disclose restricted memory. | ||||
| CVE-2019-8844 | 2 Apple, Redhat | 11 Icloud, Ipados, Iphone Os and 8 more | 2024-08-04 | 8.8 High |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2019-8815 | 2 Apple, Redhat | 10 Icloud, Ipados, Iphone Os and 7 more | 2024-08-04 | 8.8 High |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2019-8906 | 4 Apple, Canonical, File Project and 1 more | 7 Iphone Os, Mac Os X, Tvos and 4 more | 2024-08-04 | 4.4 Medium |
| do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused. | ||||
| CVE-2019-8829 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2024-08-04 | 7.8 High |
| A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6.1, tvOS 13.2, iOS 13.2 and iPadOS 13.2. An application may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2019-8835 | 2 Apple, Redhat | 10 Icloud, Ipados, Iphone Os and 7 more | 2024-08-04 | 8.8 High |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2019-8831 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2024-08-04 | 7.8 High |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6. An application may be able to execute arbitrary code with system privileges. | ||||
| CVE-2019-8797 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2024-08-04 | 7.8 High |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. An application may be able to execute arbitrary code with system privileges. | ||||
| CVE-2019-8803 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2024-08-04 | 8.4 High |
| An authentication issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. A local attacker may be able to login to the account of a previously logged in user without valid credentials.. | ||||