CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Tvos : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-1818 Exec Code 2021-04-02 2021-04-08
7.5
None Remote Low Not required Partial Partial Partial
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
2 CVE-2021-1791 125 2021-04-02 2021-04-09
7.1
None Remote Medium Not required Complete None None
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to disclose kernel memory.
3 CVE-2020-9902 125 2020-10-22 2020-10-30
7.1
None Remote Medium Not required Complete None None
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to determine kernel memory layout.
4 CVE-2020-9895 416 Exec Code 2020-10-16 2020-10-20
7.5
None Remote Low Not required Partial Partial Partial
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
5 CVE-2020-9859 400 Exec Code 2020-06-05 2020-06-09
7.2
None Local Low Not required Complete Complete Complete
A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges.
6 CVE-2020-9850 Exec Code 2020-06-09 2020-10-16
7.5
None Remote Low Not required Partial Partial Partial
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution.
7 CVE-2020-9812 200 +Info 2020-06-09 2020-07-07
7.1
None Remote Medium Not required Complete None None
An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A local user may be able to read kernel memory.
8 CVE-2020-9809 200 +Info 2020-06-09 2020-06-11
7.1
None Remote Medium Not required Complete None None
An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to determine kernel memory layout.
9 CVE-2020-3911 120 Overflow 2020-04-01 2020-04-02
7.5
None Remote Low Not required Partial Partial Partial
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.
10 CVE-2020-3910 120 Overflow 2020-04-01 2020-04-02
7.5
None Remote Low Not required Partial Partial Partial
A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.
11 CVE-2020-3909 120 Overflow 2020-04-01 2020-10-20
7.5
None Remote Low Not required Partial Partial Partial
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2.
12 CVE-2020-3864 346 2020-10-27 2021-05-18
7.2
None Local Low Not required Complete Complete Complete
A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin.
13 CVE-2020-3857 119 Exec Code Overflow Mem. Corr. 2020-02-27 2020-03-02
7.2
None Local Low Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to execute arbitrary code with system privileges.
14 CVE-2019-8780 2020-10-27 2020-10-30
7.1
None Remote Medium Not required Complete None None
The issue was addressed with improved permissions logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, tvOS 13. A malicious application may be able to determine kernel memory layout.
15 CVE-2019-8756 20 Mem. Corr. 2020-10-27 2020-10-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. Multiple issues in libxml2.
16 CVE-2019-8749 20 Mem. Corr. 2020-10-27 2020-10-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. Multiple issues in libxml2.
17 CVE-2019-8746 125 Exec Code 2020-10-27 2020-10-29
7.5
None Remote Low Not required Partial Partial Partial
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
18 CVE-2019-8741 835 DoS 2020-02-28 2020-04-01
7.8
None Remote Low Not required None None Complete
A denial of service issue was addressed with improved input validation.
19 CVE-2019-8717 119 Exec Code Overflow Mem. Corr. 2019-12-18 2020-02-12
7.2
None Local Low Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15, tvOS 13. An application may be able to execute arbitrary code with kernel privileges.
20 CVE-2019-8662 416 2019-12-18 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
This issue was addressed with improved checks. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary.
21 CVE-2019-8660 787 Exec Code Mem. Corr. 2019-12-18 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
22 CVE-2019-8648 787 Exec Code Mem. Corr. 2019-12-18 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause arbitrary code execution.
23 CVE-2019-8647 416 Exec Code 2019-12-18 2019-12-19
7.5
None Remote Low Not required Partial Partial Partial
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.4, tvOS 12.4, watchOS 5.3. A remote attacker may be able to cause arbitrary code execution.
24 CVE-2019-8641 125 2019-12-18 2020-02-28
7.5
None Remote Low Not required Partial Partial Partial
An out-of-bounds read was addressed with improved input validation.
25 CVE-2019-8613 416 Exec Code 2019-12-18 2019-12-19
7.5
None Remote Low Not required Partial Partial Partial
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A remote attacker may be able to cause arbitrary code execution.
26 CVE-2019-8600 89 Exec Code Sql Mem. Corr. 2019-12-18 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. A maliciously crafted SQL query may lead to arbitrary code execution.
27 CVE-2019-8540 665 2019-12-18 2019-12-30
7.1
None Remote Medium Not required Complete None None
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to determine kernel memory layout.
28 CVE-2019-6203 20 2020-04-17 2020-04-23
7.5
None Remote Low Not required Partial Partial Partial
A logic issue was addressed with improved state management. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. An attacker in a privileged network position may be able to intercept network traffic.
29 CVE-2018-4413 119 Overflow 2019-04-03 2019-04-05
7.1
None Remote Medium Not required Complete None None
A memory initialization issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.
30 CVE-2018-4363 20 2019-04-03 2019-04-05
7.1
None Remote Medium Not required Complete None None
An input validation issue existed in the kernel. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5.
31 CVE-2018-4167 362 Exec Code 2018-04-03 2019-10-03
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "File System Events" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
32 CVE-2018-4166 362 Exec Code 2018-04-03 2019-10-03
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "NSURLSession" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
33 CVE-2018-4157 362 Exec Code 2018-04-03 2019-10-03
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Quick Look" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
34 CVE-2018-4155 362 Exec Code 2018-04-03 2019-10-03
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "CoreFoundation" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
35 CVE-2018-4115 281 Bypass 2018-04-03 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves CFPreferences in the "System Preferences" component. It allows attackers to bypass intended access restrictions by leveraging incorrect configuration-profile persistence.
36 CVE-2017-7130 119 DoS Overflow 2017-10-23 2019-03-08
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
37 CVE-2017-7129 119 DoS Overflow 2017-10-23 2019-03-08
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
38 CVE-2017-7128 119 DoS Overflow 2017-10-23 2019-03-08
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
39 CVE-2017-7103 119 DoS Exec Code Overflow Mem. Corr. 2017-10-23 2019-03-08
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic.
40 CVE-2017-7086 400 DoS 2017-10-23 2019-10-03
7.8
None Remote Low Not required None None Complete
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "libc" component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted string that is mishandled by the glob function.
41 CVE-2017-7062 119 DoS Exec Code Overflow 2017-07-20 2019-03-08
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Contacts" component. A buffer overflow allows remote attackers to execute arbitrary code or cause a denial of service (application crash).
42 CVE-2017-6979 362 Exec Code 2017-05-22 2019-10-03
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "IOSurface" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
43 CVE-2017-2524 119 DoS Exec Code Overflow Mem. Corr. 2017-05-22 2019-03-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "TextInput" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data.
44 CVE-2017-2523 119 DoS Exec Code Overflow Mem. Corr. 2017-05-22 2019-03-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Foundation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data.
45 CVE-2017-2522 119 DoS Exec Code Overflow Mem. Corr. 2017-05-22 2019-03-21
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreFoundation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data.
46 CVE-2017-2520 787 DoS Exec Code Overflow 2017-05-22 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.
47 CVE-2017-2519 DoS Exec Code Mem. Corr. 2017-05-22 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted SQL statement.
48 CVE-2017-2518 416 DoS Exec Code Overflow 2017-05-22 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.
49 CVE-2017-2513 416 DoS Exec Code 2017-05-22 2019-03-08
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SQL statement.
50 CVE-2017-2501 362 Exec Code 2017-05-22 2019-03-21
7.6
None Remote High Not required Complete Complete Complete
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
Total number of vulnerabilities : 93   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.