Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10620
HistoryJun 30, 2015 - 12:00 a.m.

KLA10620 Multiple vulnerabilities in Apple iTunes

2015-06-3000:00:00
Kaspersky Lab
threats.kaspersky.com
29

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.043 Low

EPSS

Percentile

92.2%

JSON

Detect date:

06/30/2015

Severity:

Critical

Description:

Multiple memory corruption vulnerabilities were found in Apple iTunes. By exploiting these vulnerabilities malicious users can cause denial of service or execute arbitrary code. These vulnerabilities can be exploited remotely via a man-in-the-middle attack at vectors related to iTunes Store browsing.

Affected products:

Apple iTunes versions earlier than 12.2

Solution:

Update to the latest version
Get Apple iTunes

Original advisories:

Apple advisory

Impacts:

ACE

Related products:

Apple iTunes

CVE-IDS:

CVE-2015-10836.8High
CVE-2015-10826.8High
CVE-2015-10706.8High
CVE-2015-10796.8High
CVE-2015-10786.8High
CVE-2015-10816.8High
CVE-2015-10806.8High
CVE-2015-10776.8High
CVE-2015-10766.8High
CVE-2015-10756.8High
CVE-2015-10746.8High
CVE-2015-10716.8High
CVE-2015-10726.8High
CVE-2015-10696.8High
CVE-2015-10686.8High
CVE-2015-10736.8High
CVE-2014-44766.8High
CVE-2014-44776.8High
CVE-2014-44746.8High
CVE-2014-44756.8High
CVE-2014-44726.8High
CVE-2014-44736.8High
CVE-2014-44706.8High
CVE-2014-44716.8High
CVE-2014-44796.8High
CVE-2014-44596.8High
CVE-2015-11196.8High
CVE-2014-44667.5Critical
CVE-2015-11226.8High
CVE-2015-11216.8High
CVE-2015-11206.8High
CVE-2015-11246.8High
CVE-2014-31927.5Critical
CVE-2014-44686.8High
CVE-2014-44696.8High
CVE-2014-44525.4High
CVE-2015-11526.8High
CVE-2015-11546.8High
CVE-2015-11536.8High

References

Related

securityvulns 25
nessus 28
openvas 12
kaspersky 2
prion 40
cve 40
ubuntucve 40
threatpost 1
zdi 2
ubuntu 1
debiancve 1
fedora 5
mageia 2
securityvulns
securityvulns
APPLE-SA-2015-06-30-6 iTunes 12.2
2015-07-05 00:00:00
Apple Safari / Webkit multiple security vulnerabilities
2015-03-18 00:00:00
APPLE-SA-2015-03-17-1 Safari 8.0.4, Safari 7.1.4, and Safari 6.2.4
2015-03-18 00:00:00
nessus
nessus
Apple iTunes < 12.2 Multiple Vulnerabilities (credentialed check)
2015-07-03 00:00:00
Apple iTunes < 12.2 Multiple Vulnerabilities (uncredentialed check)
2015-10-26 00:00:00
Mac OS X : Apple Safari < 6.2.4 / 7.1.4 / 8.0.4 Multiple Vulnerabilities
2015-03-18 00:00:00
openvas
openvas
Apple Safari 'Webkit' Multiple Vulnerabilities -01 (Mar 2015) - Mac OS X
2015-03-27 00:00:00
Apple Safari 'Webkit' Multiple Vulnerabilities-01 (Dec 2014) - Mac OS X
2014-12-16 00:00:00
Apple Safari 'Webkit' Multiple Vulnerabilities -01 (Feb 2015) - Mac OS X
2015-02-09 00:00:00
kaspersky
kaspersky
KLA10466 Multiple vulnerabilities in Apple Safari
2015-03-17 00:00:00
KLA10573 Multiple vulnerabilities in Apple Safari
2015-05-07 00:00:00
prion
prion
Memory corruption
2015-01-30 11:59:00
Memory corruption
2015-01-30 11:59:00
Memory corruption
2015-05-08 00:59:00
cve
cve
CVE-2014-4477
2015-01-30 11:59:00
CVE-2015-1153
2015-05-08 00:59:00
CVE-2014-4479
2015-01-30 11:59:00
ubuntucve
ubuntucve
CVE-2014-4476
2015-01-30 00:00:00
CVE-2014-4477
2015-01-30 00:00:00
CVE-2015-1152
2015-05-08 00:00:00
threatpost
threatpost
Apple Fixes WebKit Vulnerabilities in Safari Browser
2015-05-07 10:49:05
zdi
zdi
(Mobile Pwn2Own) Apple Safari Set Use-After-Free Remote Code Execution Vulnerability
2015-01-27 00:00:00
(Pwn2Own) Apple Safari Uninitialized Buffer Use-After-Free Remote Code Execution Vulnerability
2015-04-08 00:00:00
ubuntu
ubuntu
WebKitGTK+ vulnerabilities
2016-03-21 00:00:00
debiancve
debiancve
CVE-2014-3192
2014-10-08 10:55:00
fedora
fedora
[SECURITY] Fedora 24 Update: webkitgtk3-2.4.10-1.fc24
2016-03-27 00:38:22
[SECURITY] Fedora 23 Update: webkitgtk3-2.4.10-1.fc23
2016-03-21 01:53:49
[SECURITY] Fedora 24 Update: webkitgtk-2.4.10-1.fc24
2016-03-27 00:38:11
mageia
mageia
Updated webkit packages fix security vulnerability
2016-03-25 09:38:37
Updated webkit2 packages fix security vulnerability
2016-03-25 09:38:37

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.043 Low

EPSS

Percentile

92.2%

JSON
Related for KLA10620
securityvulns25nessus28openvas12kaspersky2prion40cve40ubuntucve40threatpost1zdi2ubuntu1debiancve1fedora5mageia2