Lucene search
K
AppleItunes

922 matches found

CVE
CVE
added 2024/03/14 6:24 p.m.2807 views

CVE-2023-42938

The CVE-2023-42938 entry concerns Apple iTunes for Windows prior to version 12.13.1, where a logic issue could allow a local user to elevate privileges. The vulnerability is described across multiple Connected documents as a local privilege escalation affecting iTunes on Windows, caused by insuff...

7.8CVSS5.6AI score0.00189EPSS
CVE
CVE
added 2020/12/08 9:11 p.m.2159 views

CVE-2020-27918

CVE-2020-27918 is a use-after-free vulnerability in WebKitGTK/WebKit where processing maliciously crafted web content may lead to arbitrary code execution. The issue is documented across multiple advisories and is fixed upstream in WebKitGTK/WebKit version 2.30.6 (and corresponding package update...

7.8CVSS8.6AI score0.01361EPSS
CVE
CVE
added 2021/03/26 8:48 p.m.1341 views

CVE-2020-7463

CVE-2020-7463 is a FreeBSD kernel use-after-free vulnerability caused by improper handling of large user messages from multiple threads on the same SCTP socket. Affected: FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEA...

5.5CVSS5.8AI score0.00399EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.1256 views

CVE-2019-8506

CVE-2019-8506 is a type-confusion memory issue that affects WebKit components and was fixed in multiple Apple platforms (iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes/Windows, iCloud for Windows 7.11) and WebKitGTK/WebKitGTK+ up to 2.28.x. The vulnerability can allow arbitrary code execut...

9.3CVSS8.6AI score0.18108EPSS
In wild
CVE
CVE
added 2024/05/08 10:15 p.m.1205 views

CVE-2024-27793

Summary (CVE-2024-27793) : Apple iTunes for Windows is affected by a vulnerability where parsing a file could cause an unexpected app termination or arbitrary code execution. The issue is addressed by Apple in iTunes 12.13.2 for Windows (HT214099; Apple security content). The root cause is relate...

7.8CVSS7AI score0.00683EPSS
CVE
CVE
added 2020/12/08 8:13 p.m.1102 views

CVE-2020-27932

CVE-2020-27932 is a kernel-type-confusion issue in Apple’s XNU (mach turnstiles) that could allow a malicious app to execute code with kernel privileges. Connected sources confirm the root cause as a type confusion in kernel IPC machinery and note exploitation in-the-wild only in a macOS/iOS/macO...

9.3CVSS7.2AI score0.10337EPSS
In wild
CVE
CVE
added 2024/04/26 7:40 p.m.1035 views

CVE-2022-48611

CVE-2022-48611 is tied to Apple iTunes on Windows, where a logic issue could allow a local attacker to elevate privileges. The issue is addressed in iTunes 12.12.4 for Windows, per multiple sources (NVD, Red Hat, CVE lists, and Apple security content). The Red Hat and NVD descriptions concur that...

7.8CVSS7.9AI score0.00225EPSS
CVE
CVE
added 2023/06/23 12:0 a.m.828 views

CVE-2023-32353

CVE-2023-32353 affects Apple iTunes for Windows prior to version 12.12.9. The issue is described as a logic fault addressed by improved checks, with the fix implemented in iTunes 12.12.9 for Windows. The resulting impact is the potential for elevation of privileges. Affected software: Apple iTune...

7.8CVSS6.7AI score0.00658EPSS
CVE
CVE
added 2020/06/09 4:7 p.m.550 views

CVE-2020-9802

CVE-2020-9802 is a memory-related/logic issue in WebKit-based components where processing maliciously crafted web content may lead to arbitrary code execution. The initial Apple advisory links the vulnerability to multiple products and states that the issue is fixed in Apple iOS 13.5 and iPadOS 1...

8.8CVSS8.9AI score0.08207EPSS
CVE
CVE
added 2020/05/24 9:55 p.m.506 views

CVE-2020-13434

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c (CVE-2020-13434). Affected versions are up to 3.32.0; remediation is to update to SQLite 3.32.3. This fix is reflected in multiple advisories (e.g., Apple iOS/macOS security content HT211850/HT211935 noting SQLite u...

5.5CVSS6.8AI score0.01013EPSS
CVE
CVE
added 2023/06/23 12:0 a.m.501 views

CVE-2023-32351

Apple iTunes for Windows prior to 12.12.9 is affected by a logic issue that may allow privilege escalation. The issue is addressed by iTunes 12.12.9 for Windows, under HT213763, with the fix described as improved checks. CVE-2023-32351 is the associated vulnerability entry, and related advisories...

7.8CVSS6.9AI score0.00272EPSS
CVE
CVE
added 2022/11/01 12:0 a.m.465 views

CVE-2022-26717

CVE-2022-26717 is a WebKitGTK/WebKit use-after-free issue that can lead to arbitrary code execution when processing malicious web content. The Initial Description states the flaw is addressed with memory-management improvements and lists affected Apple platforms (tvOS 15.5, watchOS 8.6, iOS 15.5,...

8.8CVSS8.6AI score0.01424EPSS
CVE
CVE
added 2022/09/23 7:2 p.m.447 views

CVE-2022-22629

CVE-2022-22629 is a buffer overflow in WebKit-derived components (WebKitGTK/WebKit) that could allow arbitrary code execution when processing malicious web content. Public sources in the Apple Safari 15.4 security content and multiple Linux advisories confirm the issue and provide fixed versions....

8.8CVSS8.6AI score0.03668EPSS
CVE
CVE
added 2020/05/27 2:42 p.m.387 views

CVE-2020-13630

CVE-2020-13630 affects SQLite prior to 3.32.0, with a use-after-free in ext/fts3/fts3.c (fts3EvalNextRow) related to the snippet feature. Multiple connected advisories (Astra Linux, BSA, AlmaLinux) confirm the issue in SQLite and reference the same function/file. The provided sources do not quant...

7CVSS7.5AI score0.0103EPSS
CVE
CVE
added 2020/05/27 2:42 p.m.385 views

CVE-2020-13631

CVE-2020-13631 affects SQLite up to version 3.32.0, where a vulnerability allows renaming a virtual table to the name of one of its shadow tables (related to alter.c and build.c). Connected advisories confirm the issue in SQLite prior to 3.32.0 and note the remediation is to upgrade SQLite to 3.3...

5.5CVSS6.7AI score0.0062EPSS
CVE
CVE
added 2020/02/27 8:45 p.m.356 views

CVE-2020-3868

CVE-2020-3868 involves multiple memory corruption issues that are fixed by improved memory handling. The public advisories indicate the vulnerability could allow arbitrary code execution when processing malicious web content. The documented fixes show updates across Apple platforms: iOS 13.3.1 an...

9.3CVSS8.6AI score0.02633EPSS
CVE
CVE
added 2020/10/16 4:56 p.m.343 views

CVE-2020-9983

CVE-2020-9983 is a WebKit-related out-of-bounds write vulnerability addressed by multiple vendors. Apple security entries show CVE-2020-9983 as part of the WebKit set fixed in iOS/tvOS/watchOS/macOS updates, with impact noted as arbitrary code execution when processing malicious web content. Fedo...

8.8CVSS7.8AI score0.02083EPSS
CVE
CVE
added 2021/09/08 2:55 p.m.339 views

CVE-2021-1825

CVE-2021-1825 is a WebKit/WebKit-related input validation issue that could enable cross-site scripting when processing malicious web content. Apple’s security content for Safari 14.1 and related WebKit components lists this CVE under WebKit’s input validation and notes it is fixed in Safari 14.1 ...

6.1CVSS6.4AI score0.01358EPSS
CVE
CVE
added 2020/06/09 4:6 p.m.338 views

CVE-2020-9805

CVE-2020-9805 is a WebKit/Web content handling issue reported by an anonymous researcher, fixed in Apple platforms. The connected Apple security entries show a logic issue in WebKit that could lead to universal cross-site scripting when processing maliciously crafted web content. Apple patch refe...

7.1CVSS7AI score0.01128EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.331 views

CVE-2019-8820

CVE-2019-8820 is a WebKit vulnerability described as multiple memory corruption issues that could allow arbitrary code execution when processing malicious web content. The connected notes confirm the issue is present in WebKit components and was fixed in a range of Apple platforms/releases: iOS 1...

8.8CVSS8.6AI score0.09543EPSS
CVE
CVE
added 2020/04/01 5:49 p.m.330 views

CVE-2020-3899

CVE-2020-3899 affects WebKitGTK/WebKit2GTK (webkitgtk4) up to upstream 2.28.2. A memory consumption issue may allow a remote attacker to execute arbitrary code via crafted web content. Public advisories confirm upgrade requirements: Arch Linux ASA-202004-23 (webkit2gtk before 2.28.2-1), Debian DS...

9.3CVSS8.5AI score0.04017EPSS
CVE
CVE
added 2010/06/30 6:0 p.m.329 views

CVE-2010-1205

CVE-2010-1205 is a buffer overflow in libpng (pngpread.c) that could allow remote code execution via a crafted PNG image. Affected libpng versions are prior to 1.2.44 and prior to 1.4.3. The overflow is tied to the internal copy in pngpread.c and is described across advisories mentioning memory c...

9.8CVSS9.9AI score0.43382EPSS
CVE
CVE
added 2019/04/03 5:50 p.m.328 views

CVE-2018-20506

CVE-2018-20506 concerns SQLite before 3.25.3 when FTS3 is enabled. The vulnerability is an integer overflow (leading to a buffer overflow) in an FTS3 merge operation after crafted changes to FTS3 shadow tables, enabling a remote attacker to execute arbitrary SQL statements (e.g., via WebSQL use c...

8.1CVSS8.4AI score0.07531EPSS
CVE
CVE
added 2019/07/01 1:27 a.m.324 views

CVE-2019-13118

CVE-2019-13118 affects libxslt 1.1.33, where a too-narrow type holding grouping characters in xsl:number can pass an invalid character/length to xsltNumberFormatDecimal, causing a read of uninitialized stack data (stack overflow vulnerability). Connected Apple advisories (HT210351, HT210346, HT21...

5.3CVSS6.1AI score0.05147EPSS
CVE
CVE
added 2020/06/09 4:7 p.m.324 views

CVE-2020-9806

CVE-2020-9806 is a WebKit memory-corruption defect reported in multiple Apple security advisories. The issue affects WebKit components underlying Safari and system web content handling, with impact described as arbitrary code execution when processing maliciously crafted web content. Remediation ...

8.8CVSS9.1AI score0.01731EPSS
CVE
CVE
added 2020/06/09 4:6 p.m.321 views

CVE-2020-9803

CVE-2020-9803 is a memory corruption flaw disclosed as affecting processing of malicious web content, leading to arbitrary code execution. The Connected documents confirm it is addressed by an upstream WebKit fix and by Apple platform updates. Specifically: Apple pages (iOS 13.5/iPadOS 13.5, tvOS...

8.8CVSS9.2AI score0.01785EPSS
CVE
CVE
added 2020/10/16 4:53 p.m.319 views

CVE-2020-9951

CVE-2020-9951 is a WebKit use-after-free vulnerability in Safari (WebKit GTK also mirrors related WebKit issues). Exploitation requires a victim to visit a specially crafted web site, potentially enabling arbitrary code execution on affected Apple platforms. The issue is addressed in Safari/WebKi...

8.8CVSS8.2AI score0.02333EPSS
CVE
CVE
added 2020/06/09 4:18 p.m.318 views

CVE-2020-9850

CVE-2020-9850 is a WebKit logic issue that allowed arbitrary code execution in affected Apple products (iOS 13.5, iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes/iCloud Windows) and upstream WebKit/WebKitGTK. The issue was fixed in WebKit/WebKitGTK versions released around 2020 (Ap...

9.8CVSS8.8AI score0.77246EPSS
CVE
CVE
added 2021/10/19 1:11 p.m.318 views

CVE-2021-30849

CVE-2021-30849 is a WebKit/WebKitGTK family issue reporting multiple memory corruption defects that could allow arbitrary code execution when processing malicious web content. Publicly documented fixes cover WebKitGTK/WebKit in Apple platforms (iOS 14.8/iPadOS 14.8, watchOS 8, Safari 15, tvOS 15,...

7.8CVSS8.5AI score0.01786EPSS
CVE
CVE
added 2020/10/27 8:7 p.m.314 views

CVE-2019-8846

CVE-2019-8846 is a use-after-free vulnerability in WebKit-related components that can lead to arbitrary code execution when handling malicious web content. The issue was addressed with improved memory management and is fixed in several Apple platforms: tvOS 13.3, iOS/iPadOS 13.3, Safari 13.0.4, a...

9.3CVSS8.3AI score0.02238EPSS
CVE
CVE
added 2020/10/16 4:49 p.m.313 views

CVE-2020-9925

CVE-2020-9925 concerns a logic issue in WebKit that affects Safari/WebKit components across Apple platforms. The vulnerability could allow universal cross-site scripting when processing malicious web content. Apple patched this by updating to iOS 13.6/iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safa...

6.1CVSS6.4AI score0.01135EPSS
CVE
CVE
added 2020/02/27 8:45 p.m.312 views

CVE-2020-3867

CVE-2020-3867 is a WebKitGTK/WebKit vulnerability categorized as a logic issue in state management that could enable universal cross-site scripting when processing malicious web content. According to the documents, the issue affects WebKitGTK/WebKit components (notably webkitgtk4) and was fixed i...

6.1CVSS6.2AI score0.01352EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.311 views

CVE-2019-8690

CVE-2019-8690 is a WebKit/WebKitGTK4 logic issue where document load handling could lead to universal cross-site scripting. The vulnerability is addressed by a state-management fix and is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, and corresponding WebKitGTK/WebKit compone...

6.1CVSS6.1AI score0.04541EPSS
CVE
CVE
added 2020/06/09 4:18 p.m.308 views

CVE-2020-9843

CVE-2020-9843 is a WebKit/WebKitGTK issue described as an input validation weakness that may lead to cross-site scripting when processing malicious web content. The vulnerability is documented across multiple platforms: Apple: WebKit-related entries in iOS 13.5/iPadOS 13.5/watchOS 6.2.5/Safari 13...

7.1CVSS6.9AI score0.01083EPSS
CVE
CVE
added 2020/10/16 4:40 p.m.307 views

CVE-2020-9895

CVE-2020-9895 is a use-after-free in memory management that Apple fixed across multiple platforms. Fixed in iOS 13.6, iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, and iCloud for Windows 11.3/7.20. The issue could allow remote code execution or cause arbitrar...

9.8CVSS9.1AI score0.04316EPSS
CVE
CVE
added 2020/10/16 4:47 p.m.307 views

CVE-2020-9915

CVE-2020-9915 is an access issue in WebKit related to Content Security Policy enforcement. The description notes that processing malicious web content may prevent CSP from being enforced. Public details in connected Apple advisories show the vulnerability affecting WebKit components and being mit...

6.5CVSS6.8AI score0.01444EPSS
CVE
CVE
added 2020/10/16 4:40 p.m.305 views

CVE-2020-9894

CVE-2020-9894 affects WebKit in Windows 10+ (via Microsoft Store) with an out-of-bounds read addressed by improved input validation. Impact: remote termination or arbitrary code execution. Remediation: apply the relevant Apple/Safari security updates (Safari 13.1.2; iOS 13.6/iPadOS 13.6; Safari m...

4.3CVSS6.7AI score0.02686EPSS
CVE
CVE
added 2020/10/16 4:32 p.m.302 views

CVE-2020-9862

The CVE-2020-9862 entry concerns a command injection vulnerability in Web Inspector (WebKit Web Inspector). The root cause is inadequate escaping when copying a URL from Web Inspector, enabling a potential command injection path. Affected components: Web Inspector/WebKit implementations used in A...

7.8CVSS8AI score0.01757EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.301 views

CVE-2019-8812

CVE-2019-8812 involves multiple memory corruption issues that Apple fixed by addressing memory handling in WebKit-related components. The advisory states that these issues could allow arbitrary code execution when processing maliciously crafted web content. Affected software includes iOS 13.2 and...

8.8CVSS8.6AI score0.0189EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.297 views

CVE-2019-8815

CVE-2019-8815 is a WebKit memory-corruption issue affecting Apple’s WebKit-derived components. It could enable arbitrary code execution after processing malicious web content. Apple tied fixes to iOS 13.2/iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0 (...

9.3CVSS8.6AI score0.02291EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.297 views

CVE-2019-8816

CVE-2019-8816 refers to multiple memory corruption issues in WebKit-related components that could lead to arbitrary code execution when processing malicious web content. Public details indicate fixes across Apple platforms: iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, and rele...

9.3CVSS8.6AI score0.02583EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.297 views

CVE-2019-8819

CVE-2019-8819 is a WebKit/WebKit-related memory corruption issue that could be triggered by processing malicious web content, potentially enabling arbitrary code execution. The initial entry notes a fix in iOS 13.2/iPadOS 13.2, tvOS 13.2, Safari 13.0.3, and related Apple components. Connected sou...

8.8CVSS8.6AI score0.0192EPSS
CVE
CVE
added 2019/04/03 5:51 p.m.296 views

CVE-2018-20505

CVE-2018-20505 affects SQLite 3.25.2 and is caused by queries on a table with a malformed PRIMARY KEY, allowing remote attackers to cause an application crash (DoS) by running arbitrary SQL statements (e.g., in WebSQL use cases). Public-connected documents confirm the issue and note related mitig...

7.5CVSS8.2AI score0.06766EPSS
CVE
CVE
added 2020/10/27 7:55 p.m.296 views

CVE-2019-8844

CVE-2019-8844 is a memory corruption issue reported across Apple/WebKit components. The connected advisory confirms the vulnerability was addressed in tvOS 13.3, iOS/iPadOS 13.3, watchOS 6.1.1, Safari 13.0.4, and related macOS/iCloud/iTunes releases, indicating improved memory handling fixed the ...

9.3CVSS8.6AI score0.02091EPSS
CVE
CVE
added 2020/02/27 8:45 p.m.296 views

CVE-2020-3865

CVE-2020-3865 is a WebKit-related memory-corruption issue that affects WebKit and WebKitGTK/WebKitGTK4 components. The initial entry notes memory corruption issues addressed by improved memory handling and fixes in iOS 13.3.1/iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, and related Windows/macOS co...

8.8CVSS8.6AI score0.01812EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.294 views

CVE-2019-8783

CVE-2019-8783 is a memory corruption issue in WebKit/WebKitGTK3 contexts that Apple docs attribute to multiple memory corruption vulnerabilities resolved in iOS 13.2 / iPadOS 13.2 / macOS Catalina 10.15.x / tvOS 13.2 and Safari 13.0.3. The connected materials also show WebKitGTK/WebKit entries li...

8.8CVSS8.6AI score0.01952EPSS
CVE
CVE
added 2020/04/14 10:41 p.m.294 views

CVE-2020-11763

OpenEXR has a CVE-2020-11763 vulnerability affecting versions before 2.4.1 due to an std::vector out-of-bounds read and write, demonstrated in ImfTileOffsets.cpp. Amazon Linux 2 and Red Hat advisories confirm the issue and list related OpenEXR problems (11761, 11763, 11764). The fixed version is ...

5.5CVSS5.5AI score0.01793EPSS
CVE
CVE
added 2020/10/27 7:53 p.m.292 views

CVE-2019-8835

CVE-2019-8835 involves multiple memory corruption issues in WebKit components. The public description states exploitation could occur by processing malicious web content, with fixed versions including tvOS 13.3, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windo...

9.3CVSS8.6AI score0.02018EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.291 views

CVE-2019-8811

CVE-2019-8811 is a memory corruption vulnerability in WebKit that affected WebKit components used by Apple and related Windows apps (e.g., iCloud for Windows) and could be triggered by processing malicious web content to achieve arbitrary code execution. The vulnerability is addressed in the Appl...

8.8CVSS8.6AI score0.01997EPSS
CVE
CVE
added 2020/06/09 4:8 p.m.290 views

CVE-2020-9807

CVE-2020-9807 is a memory corruption issue in WebKit components that can occur when processing maliciously crafted web content, potentially enabling arbitrary code execution. The vulnerability affects WebKitGTK and related WebKit builds prior to the fixed version, with upstream fix in WebKit 2.28...

8.8CVSS9.1AI score0.01802EPSS
Total number of security vulnerabilities922