Product:

Tvos

(Apple)
Date Id Summary Products Score Patch Annotated
2020-10-27 CVE-2019-8835 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. Icloud, Ipados, Iphone_os, Itunes, Safari, Tvos, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation 8.8
2020-10-27 CVE-2019-8844 Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. Icloud, Ipados, Iphone_os, Itunes, Safari, Tvos, Watchos, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation 8.8
2020-10-27 CVE-2019-8846 A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. Icloud, Ipados, Iphone_os, Itunes, Safari, Tvos, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation 8.8
2010-08-19 CVE-2010-2807 FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. Iphone_os, Mac_os_x, Tvos, Ubuntu_linux, Freetype N/A
2010-08-19 CVE-2010-2805 The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. Iphone_os, Mac_os_x, Tvos, Ubuntu_linux, Freetype N/A
2020-12-08 CVE-2020-10013 A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges. Ipados, Iphone_os, Mac_os_x, Tvos 7.8
2016-07-22 CVE-2016-4614 libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4615, CVE-2016-4616, and CVE-2016-4619. Icloud, Iphone_os, Itunes, Mac_os_x, Tvos, Watchos 9.8
2020-10-27 CVE-2018-4433 A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, watchOS 5, iOS 12, tvOS 12, macOS Mojave 10.14. A malicious application may be able to modify protected parts of the file system. Iphone_os, Mac_os_x, Tvos, Watchos 5.5
2020-10-27 CVE-2019-8854 A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. A device may be passively tracked by its Wi-Fi MAC address. Iphone_os, Mac_os_x, Tvos, Watchos 7.5
2020-10-27 CVE-2019-8834 A configuration issue was addressed with additional restrictions. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An attacker in a privileged network position may be able to bypass HSTS for a limited number of specific top-level domains previously not in the HSTS preload list. Icloud, Ipados, Iphone_os, Itunes, Mac_os_x, Tvos, Watchos 4.3