CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Apple Tv : Security Vulnerabilities (Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-1124 DoS Exec Code Mem. Corr. 2015-04-10 2015-04-14
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.
2 CVE-2015-1123 DoS Exec Code Mem. Corr. 2015-04-10 2015-04-14
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-3 and APPLE-SA-2015-04-08-4.
3 CVE-2015-1122 DoS Exec Code Mem. Corr. 2015-04-10 2015-04-14
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.
4 CVE-2015-1121 DoS Exec Code Mem. Corr. 2015-04-10 2015-04-14
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.
5 CVE-2015-1120 DoS Exec Code Mem. Corr. 2015-04-10 2015-04-14
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.
6 CVE-2015-1119 DoS Exec Code Mem. Corr. 2015-04-10 2015-04-14
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.
7 CVE-2015-1117 264 Exec Code 2015-04-10 2015-04-14
6.9
None Local Medium Not required Complete Complete Complete
The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to execute code with unintended user or group privileges via a crafted app.
8 CVE-2015-1101 DoS Exec Code Mem. Corr. 2015-04-10 2015-04-14
6.9
None Local Medium Not required Complete Complete Complete
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
9 CVE-2015-1095 DoS Exec Code Mem. Corr. 2015-04-10 2015-04-14
7.2
None Local Low Not required Complete Complete Complete
IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HID device.
10 CVE-2015-1086 20 Exec Code 2015-04-10 2015-04-14
6.9
None Local Medium Not required Complete Complete Complete
The Audio Drivers subsystem in Apple iOS before 8.3 and Apple TV before 7.2 does not properly validate IOKit object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
11 CVE-2015-1061 94 Exec Code 2015-03-12 2015-03-25
9.3
None Remote Medium Not required Complete Complete Complete
IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling.
12 CVE-2014-4492 19 1 Exec Code 2015-01-30 2015-03-02
7.5
None Remote Low Not required Partial Partial Partial
libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type.
13 CVE-2014-4489 DoS Exec Code 2015-01-30 2015-02-18
10.0
None Remote Low Not required Complete Complete Complete
IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
14 CVE-2014-4488 19 Exec Code 2015-01-30 2015-02-18
10.0
None Remote Low Not required Complete Complete Complete
IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
15 CVE-2014-4487 119 Exec Code Overflow 2015-01-30 2015-02-18
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app.
16 CVE-2014-4486 DoS Exec Code 2015-01-30 2015-02-02
10.0
None Remote Low Not required Complete Complete Complete
IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted app.
17 CVE-2014-4485 119 DoS Exec Code Overflow 2015-01-30 2015-02-18
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.
18 CVE-2014-4484 19 DoS Exec Code Mem. Corr. 2015-01-30 2015-02-18
7.5
None Remote Low Not required Partial Partial Partial
FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file.
19 CVE-2014-4483 119 DoS Exec Code Overflow 2015-01-30 2015-02-18
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document.
20 CVE-2014-4481 189 DoS Exec Code Overflow 2015-01-30 2015-02-18
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
21 CVE-2014-4479 119 DoS Exec Code Overflow Mem. Corr. 2015-01-30 2015-02-20
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4477.
22 CVE-2014-4477 119 DoS Exec Code Overflow Mem. Corr. 2015-01-30 2015-02-20
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4479.
23 CVE-2014-4476 119 DoS Exec Code Overflow Mem. Corr. 2015-01-30 2015-02-20
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4477 and CVE-2014-4479.
24 CVE-2014-4475 399 DoS Exec Code Mem. Corr. 2014-12-10 2015-02-05
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
25 CVE-2014-4474 399 DoS Exec Code Mem. Corr. 2014-12-10 2015-02-05
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
26 CVE-2014-4473 399 DoS Exec Code Mem. Corr. 2014-12-10 2015-02-05
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
27 CVE-2014-4472 399 DoS Exec Code Mem. Corr. 2014-12-10 2015-02-05
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
28 CVE-2014-4471 399 DoS Exec Code Mem. Corr. 2014-12-10 2015-02-05
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
29 CVE-2014-4470 399 DoS Exec Code Mem. Corr. 2014-12-10 2015-02-06
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
30 CVE-2014-4469 399 DoS Exec Code Mem. Corr. 2014-12-10 2015-02-06
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
31 CVE-2014-4468 399 DoS Exec Code Mem. Corr. 2014-12-10 2015-02-06
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
32 CVE-2014-4466 399 DoS Exec Code Mem. Corr. 2014-12-10 2015-02-06
7.5
None Remote Low Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
33 CVE-2014-4462 399 DoS Exec Code Mem. Corr. 2014-11-18 2014-12-23
5.8
None Local Network Low Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4452.
34 CVE-2014-4461 20 Exec Code 2014-11-18 2015-02-06
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application.
35 CVE-2014-4459 Exec Code 2014-11-18 2015-02-06
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.
36 CVE-2014-4452 399 DoS Exec Code Mem. Corr. 2014-11-18 2014-12-23
5.4
None Local Network Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462.
37 CVE-2014-4418 20 Exec Code 2014-09-18 2014-10-24
9.3
None Remote Medium Not required Complete Complete Complete
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4388.
38 CVE-2014-4415 119 DoS Exec Code Overflow Mem. Corr. 2014-09-18 2014-09-23
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
39 CVE-2014-4414 119 DoS Exec Code Overflow Mem. Corr. 2014-09-18 2014-09-23
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
40 CVE-2014-4413 119 DoS Exec Code Overflow Mem. Corr. 2014-09-18 2014-09-23
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
41 CVE-2014-4412 119 DoS Exec Code Overflow Mem. Corr. 2014-09-18 2014-09-23
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
42 CVE-2014-4411 119 DoS Exec Code Overflow Mem. Corr. 2014-09-18 2014-09-23
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
43 CVE-2014-4410 119 DoS Exec Code Overflow Mem. Corr. 2014-09-18 2014-09-23
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
44 CVE-2014-4405 DoS Exec Code 2014-09-18 2015-04-13
9.3
None Remote Medium Not required Complete Complete Complete
IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted key-mapping properties.
45 CVE-2014-4404 119 Exec Code Overflow 2014-09-18 2015-04-13
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.
46 CVE-2014-4389 189 Exec Code Overflow 2014-09-18 2015-01-30
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments.
47 CVE-2014-4388 20 Exec Code 2014-09-18 2014-10-24
9.3
None Remote Medium Not required Complete Complete Complete
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4418.
48 CVE-2014-4381 119 Exec Code Overflow 2014-09-18 2014-09-23
9.3
None Remote Medium Not required Complete Complete Complete
Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code as root via a crafted application.
49 CVE-2014-4380 119 Exec Code Overflow 2014-09-18 2015-04-13
9.3
None Remote Medium Not required Complete Complete Complete
The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code in the kernel's context via a crafted application.
50 CVE-2014-4377 189 DoS Exec Code Overflow 2014-09-18 2014-09-23
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
Total number of vulnerabilities : 71   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.