Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
appleAppleAPPLE:HT211952
HistoryNov 13, 2020 - 9:13 a.m.

About the security content of iTunes 12.10.9 for Windows - Apple Support

2020-11-1309:13:16
support.apple.com
28

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON

About Apple security updates

For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

iTunes 12.10.9 for Windows

Released September 16, 2020

CoreText

Available for: Windows 7 and later

Impact: Processing a maliciously crafted text file may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

CVE-2020-9999: Mickey Jin & Junzhi Lu of Trend Micro

ImageIO

Available for: Windows 7 and later

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-9961: Xingwei Lin of Ant Security Light-Year Lab

ImageIO

Available for: Windows 7 and later

Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2020-9876: Mickey Jin of Trend Micro

libxml2

Available for: Windows 7 and later

Impact: Processing a maliciously crafted file may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2020-9981: found by OSS-Fuzz

SQLite

Available for: Windows 7 and later

Impact: A remote attacker may be able to cause a denial of service

Description: This issue was addressed with improved checks.

CVE-2020-13434

CVE-2020-13435

SQLite

Available for: Windows 7 and later

Impact: A remote attacker may be able to cause arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

CVE-2020-13630

SQLite

Available for: Windows 7 and later

Impact: A maliciously crafted SQL query may lead to data corruption

Description: This issue was addressed with improved checks.

CVE-2020-13631

SQLite

Available for: Windows 7 and later

Impact: A remote attacker may be able to leak memory

Description: An information disclosure issue was addressed with improved state management.

CVE-2020-9849

WebKit

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2020-9947: cc working with Trend Micro Zero Day Initiative

CVE-2020-9951: Marcin ‘Icewall’ Noga of Cisco Talos

WebKit

Available for: Windows 7 and later

Impact: Processing maliciously crafted web content may lead to code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2020-9983: zhunki

CPENameOperatorVersion
itunes for windowslt12.10.9

Related

kaspersky 2
apple 12
openvas 23
nessus 41
fedora 3
freebsd 1
freebsd_advisory 1
ibm 3
photon 6
rocky 2
redhat 3
almalinux 4
osv 11
mageia 2
ubuntu 2
cloudfoundry 1
gentoo 2
prion 12
debian 2
zdi 3
cve 12
veracode 7
redhatcve 7
ubuntucve 9
alpinelinux 7
cbl_mariner 4
debiancve 7
sqlite 4
talos 1
oraclelinux 2
cloudlinux 1
rosalinux 1
suse 1
kaspersky
kaspersky
KLA12007 Multiple vulnerabilities in Apple iTunes
2020-09-16 00:00:00
KLA12017 Mulitple vulnerabilities in Apple iCloud
2020-12-02 00:00:00
apple
apple
About the security content of iTunes 12.10.9 for Windows
2020-09-16 00:00:00
About the security content of iCloud for Windows 11.5 - Apple Support
2020-12-15 06:06:19
About the security content of iCloud for Windows 11.5
2020-12-02 00:00:00
openvas
openvas
Apple iCloud Security Update (HT211935)
2020-12-08 00:00:00
Fedora: Security Advisory for sqlite (FEDORA-2020-0477f8840e)
2020-06-07 00:00:00
Huawei EulerOS: Security Advisory for sqlite (EulerOS-SA-2020-1930)
2020-09-04 00:00:00
nessus
nessus
Photon OS 1.0: Sqlite PHSA-2020-1.0-0298
2020-06-10 00:00:00
Fedora 32 : sqlite (2020-0477f8840e)
2020-06-04 00:00:00
Photon OS 2.0: Sqlite PHSA-2020-2.0-0249
2020-06-06 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: sqlite-3.32.1-1.fc32
2020-06-02 03:54:26
[SECURITY] Fedora 33 Update: webkit2gtk3-2.30.3-1.fc33
2020-11-29 01:27:55
[SECURITY] Fedora 32 Update: webkit2gtk3-2.30.3-1.fc32
2020-12-04 00:30:44
freebsd
freebsd
several security issues in sqlite3
2020-05-25 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-20:22.sqlite
2020-08-05 00:00:00
ibm
ibm
Security Bulletin: A vulnerability was identified and remediated in the IBM MaaS360 Cloud Extender (CVE-2020-13434, CVE-2020-13435)
2021-03-16 06:52:21
Security Bulletin: WML CE: SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.
2020-07-20 20:09:23
Security Bulletin: WML CE: WML CE: SQLite through 3.32.0 has various security issues.
2020-07-17 22:52:22
photon
photon
Important Photon OS Security Update - PHSA-2020-0101
2020-06-04 00:00:00
Important Photon OS Security Update - PHSA-2020-3.0-0101
2020-06-03 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0249
2020-06-03 00:00:00
rocky
rocky
mingw packages security and bug fix update
2021-05-18 00:00:00
sqlite security update
2021-05-18 05:34:24
redhat
redhat
(RHSA-2021:1968) Moderate: mingw packages security and bug fix update
2021-05-18 06:30:39
(RHSA-2021:1581) Moderate: sqlite security update
2021-05-18 05:34:24
(RHSA-2020:4442) Moderate: sqlite security update
2020-11-03 12:04:56
almalinux
almalinux
Moderate: mingw packages security and bug fix update
2021-05-18 06:30:39
Moderate: GNOME security, bug fix, and enhancement update
2021-05-18 05:35:26
Moderate: sqlite security update
2021-05-18 05:34:24
osv
osv
Moderate: mingw packages security and bug fix update
2021-05-18 06:30:39
webkit2gtk vulnerabilities
2020-11-26 13:07:57
CVE-2020-13435
2020-05-24 22:15:10
mageia
mageia
Updated sqlite3 packages fix security vulnerabilities
2021-07-01 02:58:41
Updated webkit2 packages fix security vulnerabilities
2020-11-27 23:14:57
ubuntu
ubuntu
SQLite vulnerabilities
2020-06-10 00:00:00
WebKitGTK vulnerabilities
2020-11-26 00:00:00
cloudfoundry
cloudfoundry
USN-4394-1: SQLite vulnerabilities | Cloud Foundry
2020-06-24 00:00:00
gentoo
gentoo
SQLite: Multiple vulnerabilities
2020-07-27 00:00:00
WebkitGTK+: Multiple vulnerabilities
2020-12-23 00:00:00
prion
prion
Memory corruption
2020-12-08 20:15:00
Design/Logic Flaw
2020-12-08 20:15:00
Design/Logic Flaw
2020-10-22 18:15:00
debian
debian
[SECURITY] [DSA 4797-1] webkit2gtk security update
2020-11-24 18:45:16
[SECURITY] [DLA 2221-1] sqlite3
2020-05-26 09:44:15
zdi
zdi
Apple macOS ImageIO TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
2020-08-05 00:00:00
Apple macOS CoreText MorxLigatureSubtableBuilder TTF Parsing Out-of-Bounds Write Remote Code Execution Vulnerability
2020-12-08 00:00:00
Apple Safari RenderObject Use-After-Free Remote Code Execution Vulnerability
2020-12-03 00:00:00
cve
cve
CVE-2020-9961
2020-10-27 21:15:00
CVE-2020-9999
2020-12-08 20:15:00
CVE-2020-9876
2020-10-22 18:15:00
veracode
veracode
Remote Code Execution (RCE)
2021-04-29 12:15:30
Remote Code Execution (RCE)
2021-04-29 12:14:52
Denial Of Service (DoS)
2020-11-05 03:10:13
redhatcve
redhatcve
CVE-2020-9983
2020-11-24 18:51:47
CVE-2020-13630
2020-05-29 13:25:19
CVE-2020-9951
2020-11-24 18:52:14
ubuntucve
ubuntucve
CVE-2020-13630
2020-05-27 00:00:00
CVE-2020-9983
2020-11-24 00:00:00
CVE-2020-9849
2020-12-08 00:00:00
alpinelinux
alpinelinux
CVE-2020-13435
2020-05-24 22:15:00
CVE-2020-13630
2020-05-27 15:15:00
CVE-2020-13434
2020-05-24 22:15:00
cbl_mariner
cbl_mariner
CVE-2020-13630 affecting package ceph 16.2.10-3
2024-04-17 22:02:46
CVE-2020-13435 affecting package ceph 16.2.10-3
2024-04-17 22:02:46
CVE-2020-13434 affecting package ceph 16.2.10-3
2024-04-17 22:02:46
debiancve
debiancve
CVE-2020-13434
2020-05-24 22:15:00
CVE-2020-13630
2020-05-27 15:15:00
CVE-2020-9983
2020-10-16 17:15:00
sqlite
sqlite
SQLite report about CVE-2020-13434
2020-01-01 00:00:00
SQLite report about CVE-2020-13630
2020-01-01 00:00:00
SQLite report about CVE-2020-13435
2020-01-01 00:00:00
talos
talos
Apple Safari/Webkit aboutBlankURL() code execution vulnerability
2020-09-30 00:00:00
oraclelinux
oraclelinux
GNOME security, bug fix, and enhancement update
2021-05-25 00:00:00
sqlite security update
2021-05-25 00:00:00
cloudlinux
cloudlinux
Fixed CVEs in sqlite: CVE-2020-35525, CVE-2020-13435
2022-10-10 18:56:17
rosalinux
rosalinux
Advisory ROSA-SA-2021-1975
2021-07-02 18:09:04
suse
suse
Security update for sqlite3 (important)
2021-07-14 00:00:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON
Related for APPLE:HT211952
kaspersky2apple12openvas23nessus41fedora3freebsd1freebsd_advisory1ibm3photon6rocky2redhat3almalinux4osv11mageia2ubuntu2cloudfoundry1gentoo2prion12debian2zdi3cve12veracode7redhatcve7ubuntucve9alpinelinux7cbl_mariner4debiancve7sqlite4talos1oraclelinux2cloudlinux1rosalinux1suse1