Summary
| Detail | |||
|---|---|---|---|
| Vendor | Apple | First view | 2014-01-21 |
| Product | Tvos | Last view | 2025-03-21 |
| Version | 14.0 | Type | Os |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:apple:tvos | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 0 | 2025-03-21 | CVE-2024-54551 | The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.6, tvOS 17.6, Safari 17.6, macOS Sonoma 14.6, visionOS 1.3, iOS 17.6 and iPadOS 17.6. Processing web content may lead to a denial-of-service. |
| 0 | 2025-03-17 | CVE-2024-54525 | A logic issue was addressed with improved file handling. This issue is fixed in visionOS 2.2, watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. Restoring a maliciously crafted backup file may lead to modification of protected system files. |
| 5.5 | 2025-03-10 | CVE-2024-54560 | A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, watchOS 11, tvOS 18, macOS Sequoia 15. A malicious app may be able to modify other apps without having App Management permission. |
| 6.5 | 2025-03-10 | CVE-2024-54467 | A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin. |
| 5.5 | 2025-03-10 | CVE-2024-44192 | The issue was addressed with improved checks. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash. |
| 0 | 2025-03-10 | CVE-2022-43454 | A double free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An app may be able to execute arbitrary code with kernel privileges. |
| 6.5 | 2025-02-10 | CVE-2024-54658 | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, Safari 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service. |
| 8.8 | 2025-02-10 | CVE-2024-27859 | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to arbitrary code execution. |
| 5.5 | 2025-01-27 | CVE-2025-24163 | The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination. |
| 6.5 | 2025-01-27 | CVE-2025-24162 | This issue was addressed through improved state management. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to an unexpected process crash. |
| 5.5 | 2025-01-27 | CVE-2025-24161 | The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination. |
| 0 | 2025-01-27 | CVE-2025-24160 | The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination. |
| 7.8 | 2025-01-27 | CVE-2025-24159 | A validation issue was addressed with improved logic. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to execute arbitrary code with kernel privileges. |
| 6.5 | 2025-01-27 | CVE-2025-24158 | The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing web content may lead to a denial-of-service. |
| 5.5 | 2025-01-27 | CVE-2025-24149 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to disclosure of user information. |
| 0 | 2025-01-27 | CVE-2025-24137 | A type confusion issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A remote attacker may cause an unexpected application termination or arbitrary code execution. |
| 6.5 | 2025-01-27 | CVE-2025-24131 | The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An attacker in a privileged position may be able to perform a denial-of-service. |
| 7.5 | 2025-01-27 | CVE-2025-24129 | A type confusion issue was addressed with improved checks. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A remote attacker may cause an unexpected app termination. |
| 5.5 | 2025-01-27 | CVE-2025-24127 | The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination. |
| 7.3 | 2025-01-27 | CVE-2025-24126 | An input validation issue was addressed. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An attacker on the local network may be able to cause unexpected system termination or corrupt process memory. |
| 5.5 | 2025-01-27 | CVE-2025-24124 | The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination. |
| 5.5 | 2025-01-27 | CVE-2025-24123 | The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination. |
| 7.8 | 2025-01-27 | CVE-2025-24107 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.3, tvOS 18.3, watchOS 11.3, iOS 18.3 and iPadOS 18.3. A malicious app may be able to gain root privileges. |
| 5.5 | 2025-01-27 | CVE-2025-24086 | The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing an image may lead to a denial-of-service. |
| 7.8 | 2025-01-27 | CVE-2025-24085 | A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 31% (110) | CWE-787 | Out-of-bounds Write |
| 18% (64) | CWE-125 | Out-of-bounds Read |
| 13% (47) | CWE-416 | Use After Free |
| 5% (19) | CWE-362 | Race Condition |
| 5% (18) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
| 3% (13) | CWE-190 | Integer Overflow or Wraparound |
| 2% (8) | CWE-276 | Incorrect Default Permissions |
| 2% (8) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 2% (8) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
| 2% (7) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 1% (6) | CWE-269 | Improper Privilege Management |
| 1% (6) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 1% (5) | CWE-665 | Improper Initialization |
| 1% (4) | CWE-287 | Improper Authentication |
| 1% (4) | CWE-20 | Improper Input Validation |
| 0% (3) | CWE-415 | Double Free |
| 0% (3) | CWE-346 | Origin Validation Error |
| 0% (2) | CWE-532 | Information Leak Through Log Files |
| 0% (2) | CWE-367 | Time-of-check Time-of-use (TOCTOU) Race Condition |
| 0% (2) | CWE-295 | Certificate Issues |
| 0% (1) | CWE-770 | Allocation of Resources Without Limits or Throttling |
| 0% (1) | CWE-668 | Exposure of Resource to Wrong Sphere |
| 0% (1) | CWE-667 | Insufficient Locking |
| 0% (1) | CWE-611 | Information Leak Through XML External Entity File Disclosure |
| 0% (1) | CWE-601 | URL Redirection to Untrusted Site ('Open Redirect') |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2018-02-09 | Name: An enterprise data warehousing component installed on the remote Linux host i... File: ibm_netezza_analytics_swg22012645.nasl - Type: ACT_GATHER_INFO |
| 2017-01-12 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201701-21.nasl - Type: ACT_GATHER_INFO |
