Vulnerabilities > Apple > Tvos > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-02-01 | CVE-2016-1727 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1724. | 9.3 |
| 2016-01-12 | CVE-2015-8659 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug. | 10.0 |
| 2015-12-11 | CVE-2015-7111 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-7112. | 9.3 |
| 2015-12-11 | CVE-2015-7112 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-7111. | 9.3 |
| 2015-12-11 | CVE-2015-7051 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS and Tvos MobileStorageMounter in Apple iOS before 9.2 and tvOS before 9.1 mishandles the timing of trust-cache loading, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | 9.3 |
| 2015-12-11 | CVE-2015-7055 | Improper Access Control vulnerability in Apple Iphone OS and Tvos AppleMobileFileIntegrity in Apple iOS before 9.2 and tvOS before 9.1 does not prevent changes to access-control structures, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | 9.3 |
| 2015-12-11 | CVE-2015-7068 | NULL Pointer Dereference vulnerability in Apple products IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type. | 9.3 |
| 2015-12-11 | CVE-2015-7072 | Improper Input Validation vulnerability in Apple Iphone OS, Tvos and Watchos dyld in Apple iOS before 9.2, tvOS before 9.1, and watchOS before 2.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | 9.3 |
| 2015-12-11 | CVE-2015-7079 | Improper Input Validation vulnerability in Apple Iphone OS and Tvos dyld in Apple iOS before 9.2 and tvOS before 9.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | 9.3 |
| 2015-03-12 | CVE-2015-1061 | Code Injection vulnerability in Apple Iphone OS, mac OS X and Tvos IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling. | 9.3 |