Vulnerabilities > Apple > Tvos > 6.2.1

DATE CVE VULNERABILITY TITLE RISK
2015-01-30 CVE-2014-4485 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Tvos
Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.
network
low complexity
apple CWE-119
7.5
7.5
2015-01-30 CVE-2014-4484 Data Processing Errors vulnerability in Apple Iphone OS, mac OS X and Tvos
FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file.
network
low complexity
apple CWE-19
7.5
7.5
2015-01-30 CVE-2014-4483 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Tvos
Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document.
network
apple CWE-119
6.8
6.8
2015-01-30 CVE-2014-4481 Numeric Errors vulnerability in Apple Iphone OS, mac OS X and Tvos
Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
network
apple CWE-189
6.8
6.8
2015-01-30 CVE-2014-4480 Link Following vulnerability in Apple Iphone OS and Tvos
Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.
network
low complexity
apple CWE-59
critical
 10.0
10
2015-01-30 CVE-2014-4479 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4477.
network
apple CWE-119
6.8
6.8
2015-01-30 CVE-2014-4477 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4479.
network
apple CWE-119
6.8
6.8
2015-01-30 CVE-2014-4476 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4477 and CVE-2014-4479.
network
apple CWE-119
6.8
6.8
2014-12-10 CVE-2014-4475 Resource Management Errors vulnerability in Apple products
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
network
apple CWE-399
6.8
6.8
2014-12-10 CVE-2014-4474 Resource Management Errors vulnerability in Apple products
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
network
apple CWE-399
6.8
6.8