Vulnerabilities > Apple > Tvos > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-05-20 CVE-2016-1811 NULL Pointer Dereference vulnerability in Apple products
ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.
network
low complexity
apple CWE-476
6.5
2016-05-20 CVE-2016-1807 Race Condition vulnerability in Apple products
Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel memory via unspecified vectors.
local
high complexity
apple CWE-362
5.1
2016-05-20 CVE-2016-1802 Information Exposure vulnerability in Apple products
CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to obtain sensitive information via a crafted app.
local
low complexity
apple CWE-200
5.5
2016-03-24 CVE-2016-1784 Resource Exhaustion vulnerability in Apple Iphone OS
The History implementation in WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to cause a denial of service (resource consumption and application crash) via a crafted web site.
network
low complexity
apple CWE-400
6.5
2016-03-24 CVE-2016-1752 Improper Input Validation vulnerability in Apple products
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to cause a denial of service via a crafted app.
local
low complexity
apple CWE-20
5.5
2016-01-10 CVE-2015-7116 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X and Tvos
libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7115.
network
low complexity
apple CWE-119
4.3
2016-01-10 CVE-2015-7115 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS
libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7116.
network
low complexity
apple CWE-119
4.3
2014-09-18 CVE-2014-4373 Unspecified vulnerability in Apple Iphone OS
The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application.
local
low complexity
apple
5.5
2014-09-18 CVE-2014-4364 Cryptographic Issues vulnerability in Apple Iphone OS
The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then performing a cryptographic attack against the MS-CHAPv1 hash.
high complexity
apple CWE-310
5.6
2010-06-30 CVE-2010-2249 Memory Leak vulnerability in multiple products
Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.
6.5