U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:apple:tvos:7.0.1:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 1,547 matching records.
Displaying matches 1,541 through 1,547.
Vuln ID Summary CVSS Severity
CVE-2014-4462

WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4452.

Published: November 18, 2014; 6:59:09 AM -0500 		V3.x:(not available)
 V2.0: 5.8 MEDIUM
CVE-2014-4461

The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly validate IOSharedDataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted application.

Published: November 18, 2014; 6:59:08 AM -0500 		V3.x:(not available)
 V2.0: 9.3 HIGH
CVE-2014-4459

Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.

Published: November 18, 2014; 6:59:06 AM -0500 		V3.x:(not available)
 V2.0: 6.8 MEDIUM
CVE-2014-4455

dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file.

Published: November 18, 2014; 6:59:03 AM -0500 		V3.x:(not available)
 V2.0: 2.1 LOW
CVE-2014-4452

WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462.

Published: November 18, 2014; 6:59:01 AM -0500 		V3.x:(not available)
 V2.0: 5.4 MEDIUM
CVE-2014-3192

Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Published: October 08, 2014; 6:55:06 AM -0400 		V3.x:(not available)
 V2.0: 7.5 HIGH
CVE-2013-0340

expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.

Published: January 21, 2014; 1:55:09 PM -0500 		V3.x:(not available)
 V2.0: 6.8 MEDIUM