Filtered by vendor Apple
Subscriptions
Filtered by product Tvos
Subscriptions
Total
1669 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-1289 | 1 Apple | 2 Iphone Os, Tvos | 2024-08-06 | N/A |
WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1290, CVE-2014-1291, CVE-2014-1292, CVE-2014-1293, and CVE-2014-1294. | ||||
CVE-2014-1291 | 1 Apple | 2 Iphone Os, Tvos | 2024-08-06 | N/A |
WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1289, CVE-2014-1290, CVE-2014-1292, CVE-2014-1293, and CVE-2014-1294. | ||||
CVE-2014-1273 | 1 Apple | 2 Iphone Os, Tvos | 2024-08-06 | N/A |
dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library. | ||||
CVE-2014-1279 | 1 Apple | 1 Tvos | 2024-08-06 | N/A |
Apple TV before 6.1 does not properly restrict logging, which allows local users to obtain sensitive information by reading log data. | ||||
CVE-2014-1287 | 1 Apple | 2 Iphone Os, Tvos | 2024-08-06 | N/A |
USB Host in Apple iOS before 7.1 and Apple TV before 6.1 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted USB messages. | ||||
CVE-2014-1282 | 1 Apple | 2 Iphone Os, Tvos | 2024-08-06 | N/A |
The Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass intended configuration-profile visibility requirements via a long name. | ||||
CVE-2014-1275 | 1 Apple | 2 Iphone Os, Tvos | 2024-08-06 | N/A |
Buffer overflow in ImageIO in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document. | ||||
CVE-2014-1266 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2024-08-06 | 7.4 High |
The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step. | ||||
CVE-2014-1296 | 1 Apple | 4 Iphone Os, Mac Os X, Mac Os X Server and 1 more | 2024-08-06 | N/A |
CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple TV before 6.1.1 does not ensure that a Set-Cookie HTTP header is complete before interpreting the header's value, which allows remote attackers to bypass intended access restrictions by triggering the closing of a TCP connection during transmission of a header, as demonstrated by an HTTPOnly restriction. | ||||
CVE-2014-1272 | 1 Apple | 2 Iphone Os, Tvos | 2024-08-06 | N/A |
CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink. | ||||
CVE-2015-8659 | 2 Apple, Nghttp2 | 5 Iphone Os, Mac Os X, Tvos and 2 more | 2024-08-06 | N/A |
The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug. | ||||
CVE-2015-8242 | 5 Apple, Canonical, Hp and 2 more | 14 Iphone Os, Mac Os X, Tvos and 11 more | 2024-08-06 | N/A |
The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. | ||||
CVE-2015-8035 | 5 Apple, Canonical, Debian and 2 more | 10 Iphone Os, Mac Os X, Tvos and 7 more | 2024-08-06 | N/A |
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. | ||||
CVE-2015-7995 | 2 Apple, Xmlsoft | 5 Iphone Os, Mac Os X, Tvos and 2 more | 2024-08-06 | N/A |
The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue. | ||||
CVE-2015-7942 | 6 Apple, Canonical, Debian and 3 more | 11 Iphone Os, Mac Os X, Tvos and 8 more | 2024-08-06 | N/A |
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941. | ||||
CVE-2015-7500 | 6 Apple, Canonical, Debian and 3 more | 15 Iphone Os, Mac Os X, Tvos and 12 more | 2024-08-06 | N/A |
The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. | ||||
CVE-2015-7499 | 7 Apple, Canonical, Debian and 4 more | 17 Iphone Os, Mac Os X, Tvos and 14 more | 2024-08-06 | N/A |
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. | ||||
CVE-2015-7111 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-08-06 | N/A |
The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-7112. | ||||
CVE-2015-7115 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2024-08-06 | N/A |
libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7116. | ||||
CVE-2015-7104 | 1 Apple | 2 Safari, Tvos | 2024-08-06 | N/A |
WebKit in Apple Safari before 9.0.2 and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. |