Vulnerabilities > Apple > Tvos > Medium

DATE CVE VULNERABILITY TITLE RISK
2014-09-18 CVE-2014-4383 Improper Input Validation vulnerability in Apple Iphone OS and Tvos
The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header.
network
apple CWE-20
4.3
4.3
2014-09-18 CVE-2014-4378 Buffer Errors vulnerability in Apple Iphone OS, mac OS X and Tvos
CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted PDF document.
network
apple CWE-119
5.8
5.8
2014-09-18 CVE-2014-4377 Numeric Errors vulnerability in Apple Iphone OS, mac OS X and Tvos
Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
network
apple CWE-189
6.8
6.8
2014-07-01 CVE-2014-1383 Permissions, Privileges, and Access Controls vulnerability in Apple Tvos
Apple TV before 6.1.2 allows remote authenticated users to bypass an intended password requirement for iTunes Store purchase transactions via unspecified vectors.
network
low complexity
apple CWE-264
5.5
5.5
2014-07-01 CVE-2014-1382 Buffer Errors vulnerability in Apple Iphone OS, Safari and Tvos
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4.
network
apple CWE-119
6.8
6.8
2014-07-01 CVE-2014-1368 Buffer Errors vulnerability in Apple Iphone OS, Safari and Tvos
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4.
network
apple CWE-119
6.8
6.8
2014-07-01 CVE-2014-1367 Buffer Errors vulnerability in Apple Iphone OS, Safari and Tvos
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4.
network
apple CWE-119
6.8
6.8
2014-07-01 CVE-2014-1366 Buffer Errors vulnerability in Apple Iphone OS, Safari and Tvos
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4.
network
apple CWE-119
6.8
6.8
2014-07-01 CVE-2014-1365 Buffer Errors vulnerability in Apple Iphone OS, Safari and Tvos
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4.
network
apple CWE-119
6.8
6.8
2014-07-01 CVE-2014-1364 Buffer Errors vulnerability in Apple Iphone OS, Safari and Tvos
WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1, APPLE-SA-2014-06-30-3, and APPLE-SA-2014-06-30-4.
network
apple CWE-119
6.8
6.8