Itunes Security Vulnerabilities and Issues — Page 14 of Itunes CVE List

Lucene search

AppleItunes

922 matches found

CVE•added 2015/09/18 10:59 a.m.•54 views

CVE-2015-5802

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-S...

6.8CVSS7.8AI score0.01538EPSS

CVE•added 2015/09/18 10:59 a.m.•54 views

CVE-2015-5812

6.8CVSS8.8AI score0.01538EPSS

CVE•added 2017/12/25 9:29 p.m.•54 views

CVE-2017-13864

An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the "APNs Server" component. It allows man-in-the-middle attackers to track users by leveraging mishandling of client certificates.

5.9CVSS5.9AI score0.00399EPSS

CVE•added 2017/07/20 4:29 p.m.•54 views

CVE-2017-7053

An issue was discovered in certain Apple products. iTunes before 12.6.2 on Windows is affected. The issue involves the "iTunes" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.

9.3CVSS7.6AI score0.00188EPSS

CVE•added 2019/04/03 6:29 p.m.•54 views

CVE-2018-4440

A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.

4.3CVSS5.3AI score0.00344EPSS

CVE•added 2011/03/03 8:0 p.m.•53 views

CVE-2011-0149

WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly parse HTML elements associated with document namespaces, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to a "dang...

7.6CVSS9.2AI score0.01709EPSS

CVE•added 2011/10/12 6:55 p.m.•53 views

CVE-2011-0259

CoreFoundation, as used in Apple iTunes before 10.5, does not properly perform string tokenization, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

7.6CVSS8.7AI score0.01392EPSS

CVE•added 2011/10/12 6:55 p.m.•53 views

CVE-2011-2339

WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.

7.6CVSS7.5AI score0.01198EPSS

CVE•added 2011/10/12 6:55 p.m.•53 views

CVE-2011-2341

7.6CVSS7.5AI score0.01224EPSS

CVE•added 2011/10/12 6:55 p.m.•53 views

CVE-2011-2354

7.6CVSS7.5AI score0.01016EPSS

CVE•added 2011/08/03 12:55 a.m.•53 views

CVE-2011-2788

Buffer overflow in the inspector serialization functionality in Google Chrome before 13.0.782.107 allows user-assisted remote attackers to have an unspecified impact via unknown vectors.

6.8CVSS6.5AI score0.03148EPSS

CVE•added 2011/08/03 12:55 a.m.•53 views

CVE-2011-2792

Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to float removal.

6.8CVSS7AI score0.02007EPSS

CVE•added 2012/03/08 10:55 p.m.•53 views

CVE-2011-2833

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

9.3CVSS7.8AI score0.0178EPSS

CVE•added 2012/03/22 4:55 p.m.•53 views

CVE-2011-3050

Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element.

6.8CVSS6.9AI score0.05574EPSS

CVE•added 2012/03/30 10:55 p.m.•53 views

CVE-2011-3059

Google Chrome before 18.0.1025.142 does not properly handle SVG text elements, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

6.8CVSS6.1AI score0.02353EPSS

CVE•added 2011/10/25 7:55 p.m.•53 views

CVE-2011-3885

Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to stale Cascading Style Sheets (CSS) token-sequence data.

7.5CVSS7AI score0.02414EPSS

CVE•added 2012/02/09 4:10 a.m.•53 views

CVE-2011-3966

Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to error handling for Cascading Style Sheets (CSS) token-sequence data.

7.5CVSS9.3AI score0.07118EPSS

CVE•added 2012/02/09 4:10 a.m.•53 views

CVE-2011-3969

6.8CVSS7AI score0.01964EPSS

CVE•added 2012/03/08 10:55 p.m.•53 views

CVE-2012-0592

9.3CVSS7.8AI score0.01837EPSS

CVE•added 2012/03/08 10:55 p.m.•53 views

CVE-2012-0619

9.3CVSS7.8AI score0.01837EPSS

CVE•added 2013/05/20 2:44 p.m.•53 views

CVE-2013-0994

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-0...

6.8CVSS7.5AI score0.00819EPSS

CVE•added 2013/05/20 2:44 p.m.•53 views

CVE-2013-1003

9.3CVSS7.5AI score0.01302EPSS

CVE•added 2013/09/19 10:27 a.m.•53 views

CVE-2013-1037

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8CVSS7.8AI score0.02313EPSS

CVE•added 2014/12/10 9:59 p.m.•53 views

CVE-2014-4469

WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-...

6.8CVSS7.8AI score0.00843EPSS

CVE•added 2014/12/10 9:59 p.m.•53 views

CVE-2014-4473

6.8CVSS7.8AI score0.00843EPSS

CVE•added 2015/08/16 11:59 p.m.•53 views

CVE-2015-3736

WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVE...

6.8CVSS8.4AI score0.01643EPSS

CVE•added 2015/08/16 11:59 p.m.•53 views

CVE-2015-3746

6.8CVSS8.4AI score0.01081EPSS

CVE•added 2015/08/17 12:0 a.m.•53 views

CVE-2015-5755

CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5761.

6.8CVSS8.7AI score0.0281EPSS

CVE•added 2015/09/18 10:59 a.m.•53 views

CVE-2015-5795

6.8CVSS8.8AI score0.01538EPSS

CVE•added 2015/09/18 10:59 a.m.•53 views

CVE-2015-5807

6.8CVSS8.8AI score0.01009EPSS

CVE•added 2015/09/18 10:59 a.m.•53 views

CVE-2015-5815

WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-...

6.8CVSS8.6AI score0.00651EPSS

CVE•added 2008/09/11 1:13 a.m.•52 views

CVE-2008-3634

Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator were given better i...

2.6CVSS5.9AI score0.00283EPSS

CVE•added 2010/03/31 6:30 p.m.•52 views

CVE-2010-0531

Apple iTunes before 9.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 podcast file.

4.3CVSS6AI score0.00686EPSS

CVE•added 2010/06/18 4:30 p.m.•52 views

CVE-2010-1769

WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, a dif...

10CVSS8.4AI score0.08537EPSS

CVE•added 2011/03/03 8:0 p.m.•52 views

CVE-2011-0122

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011...

7.6CVSS9.2AI score0.00937EPSS

CVE•added 2011/03/03 8:0 p.m.•52 views

CVE-2011-0164

7.6CVSS9.1AI score0.00937EPSS

CVE•added 2011/10/12 6:55 p.m.•52 views

CVE-2011-2356

7.6CVSS7.5AI score0.01016EPSS

CVE•added 2011/10/12 6:55 p.m.•52 views

CVE-2011-2831

7.6CVSS7.5AI score0.01198EPSS

CVE•added 2012/03/08 10:55 p.m.•52 views

CVE-2011-2868

9.3CVSS7.8AI score0.01849EPSS

CVE•added 2012/03/08 10:55 p.m.•52 views

CVE-2012-0600

9.3CVSS7.8AI score0.01997EPSS

CVE•added 2012/09/13 10:30 a.m.•52 views

CVE-2012-3606

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

9.3CVSS7.8AI score0.01247EPSS

CVE•added 2012/09/13 10:30 a.m.•52 views

CVE-2012-3671

6.8CVSS7.8AI score0.01106EPSS

CVE•added 2013/05/20 2:44 p.m.•52 views

CVE-2013-0992

6.8CVSS7.5AI score0.20673EPSS

CVE•added 2013/05/20 2:44 p.m.•52 views

CVE-2013-1001

9.3CVSS7.5AI score0.01302EPSS

CVE•added 2013/12/18 4:4 p.m.•52 views

CVE-2013-5197

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.

6.8CVSS7.8AI score0.02121EPSS

CVE•added 2014/11/18 11:59 a.m.•52 views

CVE-2014-4452

WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462.

5.4CVSS7.7AI score0.01266EPSS

CVE•added 2015/03/18 10:59 p.m.•52 views

CVE-2015-1072

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03...

6.8CVSS8.8AI score0.00787EPSS

CVE•added 2015/04/10 2:59 p.m.•52 views

CVE-2015-1124

WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerabi...

6.8CVSS8.9AI score0.00913EPSS

CVE•added 2015/09/18 10:59 a.m.•52 views

CVE-2015-5792

6.8CVSS7.8AI score0.01538EPSS

CVE•added 2015/10/23 9:59 p.m.•52 views

CVE-2015-7002

WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-S...

6.8CVSS8.9AI score0.01009EPSS

Total number of security vulnerabilities922