Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusTenable700114.PRM
HistoryMay 17, 2017 - 12:00 a.m.

iTunes < 12.6 Multiple Vulnerabilities

2017-05-1700:00:00
Tenable
www.tenable.com
7
JSON

Versions of iTunes prior to 12.6 are affected by multiple vulnerabilities :

  • A use-after-free condition exists that is triggered when handling RenderBox objects. With specially crafted web content, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. (CVE-2017-2463)
  • A flaw exists that allows a universal cross-site scripting (UXSS) attack. This flaw exists because the ‘notifyChildNodeRemoved()’ function in ‘WebCore/dom/ContainerNodeAlgorithms.cpp’ executes script code synchronously. This may allow a context-dependent attacker to create a specially crafted web page that executes arbitrary script code in a user’s browser session within the trust relationship between their browser and any server. (CVE-2017-2479)
  • A flaw exists that allows a UXSS attack. This flaw exists because the program does not properly revalidates the ‘SubframeLoader::requestFrame()’ function in ‘WebCore/loader/SubframeLoader.cpp’. This may allow a context-dependent attacker to create a specially crafted web page that executes arbitrary script code in a user’s browser session within the trust relationship between their browser and any server. (CVE-2017-2480)
Binary data 700114.prm
VendorProductVersionCPE
appleitunescpe:/a:apple:itunes

Related

apple 10
openvas 3
ubuntucve 3
prion 3
seebug 2
cve 3
packetstorm 1
zdt 2
zdi 1
nessus 3
apple
apple
About the security content of iCloud for Windows 6.2
2017-03-28 00:00:00
About the security content of iCloud for Windows 6.2 - Apple Support
2017-04-24 06:47:37
About the security content of iTunes 12.6 for Windows
2017-03-21 00:00:00
openvas
openvas
Apple iCloud Multiple Vulnerabilities (HT207607) - Windows
2017-05-16 00:00:00
Apple iTunes Multiple Vulnerabilities (HT207599) - Windows
2017-03-30 00:00:00
Apple Safari Multiple Vulnerabilities (HT207600)
2017-03-31 00:00:00
ubuntucve
ubuntucve
CVE-2017-2480
2017-04-02 00:00:00
CVE-2017-2479
2017-04-02 00:00:00
CVE-2017-2463
2017-04-02 00:00:00
prion
prion
Design/Logic Flaw
2017-04-02 01:59:00
Design/Logic Flaw
2017-04-02 01:59:00
Memory corruption
2017-04-02 01:59:00
seebug
seebug
WebKit: UXSS via a synchronous page load(CVE-2017-2480)
2017-04-07 00:00:00
WebKit: UXSS via a focus event and a link element (CVE-2017-2479)
2017-04-07 00:00:00
cve
cve
CVE-2017-2480
2017-04-02 01:59:00
CVE-2017-2479
2017-04-02 01:59:00
CVE-2017-2463
2017-04-02 01:59:00
packetstorm
packetstorm
WebKit Synchronous Page Load UXSS
2017-04-10 00:00:00
zdt
zdt
Apple WebKit / Safari 10.0.3 (12602.4.8) - Synchronous Page Load Universal Cross-Site Scripting Expl
2017-04-12 00:00:00
Apple WebKit / Safari 10.0.3 (12602.4.8) - Universal Cross-Site Scripting Exploit
2017-04-12 00:00:00
zdi
zdi
Apple Safari RenderBox Use-After-Free Remote Code Execution Vulnerability
2017-03-30 00:00:00
nessus
nessus
Apple iTunes < 12.6 Multiple Vulnerabilities (uncredentialed check)
2017-05-08 00:00:00
Apple iTunes < 12.6 Multiple Vulnerabilities (credentialed check)
2017-05-08 00:00:00
macOS : Apple Safari < 10.1 Multiple Vulnerabilities
2017-04-03 00:00:00
JSON
Related for 700114.PRM
apple10openvas3ubuntucve3prion3seebug2cve3packetstorm1zdt2zdi1nessus3