CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Apple Tv » 9.2 : Security Vulnerabilities Published In 2016

Cpe Name:cpe:/o:apple:apple_tv:9.2
CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-1859 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2018-10-09
6.8
 None Remote Medium Not required Partial Partial Partial
The WebKit Canvas implementation in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
2 CVE-2016-1858 200 +Info 2016-05-20 2018-10-09
4.3
 None Remote Medium Not required Partial None None
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted web site.
3 CVE-2016-1857 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2018-10-09
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856.
4 CVE-2016-1856 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2018-10-09
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1857.
5 CVE-2016-1855 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2018-10-09
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1856, and CVE-2016-1857.
6 CVE-2016-1854 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2018-10-09
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1855, CVE-2016-1856, and CVE-2016-1857.
7 CVE-2016-1847 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2017-11-29
6.8
 None Remote Medium Not required Partial Partial Partial
OpenGL, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
8 CVE-2016-1840 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2018-01-04
6.8
 None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
9 CVE-2016-1839 119 DoS Overflow 2016-05-20 2018-01-04
6.8
 None Remote Medium Not required Partial Partial Partial
The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
10 CVE-2016-1838 119 DoS Overflow 2016-05-20 2018-01-04
6.8
 None Remote Medium Not required Partial Partial Partial
The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
11 CVE-2016-1837 119 DoS Overflow 2016-05-20 2018-01-04
6.8
 None Remote Medium Not required Partial Partial Partial
Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document.
12 CVE-2016-1836 119 DoS Overflow 2016-05-20 2018-01-04
6.8
 None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.
13 CVE-2016-1834 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2018-01-04
6.8
 None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
14 CVE-2016-1833 119 DoS Overflow 2016-05-20 2018-01-04
6.8
 None Remote Medium Not required Partial Partial Partial
The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
15 CVE-2016-1832 119 DoS Overflow +Priv Mem. Corr. 2016-05-20 2017-11-29
4.6
 None Local Low Not required Partial Partial Partial
libc in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
16 CVE-2016-1831 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-12-02
9.3
 None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3.2 and OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
17 CVE-2016-1830 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2017-11-29
8.5
 None Remote Medium Single system Complete Complete Complete
The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1828, and CVE-2016-1829.
18 CVE-2016-1829 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2017-11-29
9.3
 None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1828, and CVE-2016-1830.
19 CVE-2016-1828 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2017-11-29
9.3
 None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1829, and CVE-2016-1830.
20 CVE-2016-1827 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2017-11-29
9.3
 None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1828, CVE-2016-1829, and CVE-2016-1830.
21 CVE-2016-1824 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2017-11-29
9.3
 None Remote Medium Not required Complete Complete Complete
IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1823.
22 CVE-2016-1823 125 DoS Exec Code Mem. Corr. 2016-05-20 2016-12-15
9.3
 None Remote Medium Not required Complete Complete Complete
The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read and memory corruption) via a crafted IOHIDReportType enum, which triggers an incorrect cast, a different vulnerability than CVE-2016-1824.
23 CVE-2016-1819 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-11-30
9.3
 None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the IOAccelContext2::clientMemoryForType method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016-1818.
24 CVE-2016-1818 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-12-29
9.3
 None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016-1819.
25 CVE-2016-1817 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-11-30
9.3
 None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1818 and CVE-2016-1819.
26 CVE-2016-1814 DoS 2016-05-20 2016-11-30
4.3
 None Remote Medium Not required None None Partial
IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.
27 CVE-2016-1813 DoS Exec Code 2016-05-20 2016-11-30
9.3
 None Remote Medium Not required Complete Complete Complete
The IOAccelSharedUserClient2::page_off_resource method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
28 CVE-2016-1811 DoS 2016-05-20 2016-11-30
5.0
 None Remote Low Not required None None Partial
ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.
29 CVE-2016-1808 119 DoS Exec Code Overflow Mem. Corr. 2016-05-20 2016-11-30
9.3
 None Remote Medium Not required Complete Complete Complete
The Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
30 CVE-2016-1807 362 +Info 2016-05-20 2016-11-30
2.6
 None Remote High Not required Partial None None
Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel memory via unspecified vectors.
31 CVE-2016-1803 DoS Exec Code 2016-05-20 2016-11-30
9.3
 None Remote Medium Not required Complete Complete Complete
CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
32 CVE-2016-1802 200 +Info 2016-05-20 2016-11-30
4.3
 None Remote Medium Not required Partial None None
CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to obtain sensitive information via a crafted app.
33 CVE-2016-1801 200 +Info 2016-05-20 2016-11-30
5.0
 None Remote Low Not required Partial None None
The CFNetwork Proxies subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 mishandles URLs in http and https requests, which allows remote attackers to obtain sensitive information via unspecified vectors.
Total number of vulnerabilities : 33   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.