Itunes Security Vulnerabilities and Issues — Page 17 of Itunes CVE List

7.6CVSS9.2AI score0.01137EPSS

CVE-2011-0115

The DOM level 2 implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, does not properly handle DOM manipulations associated with event listeners during processing of range objects, which allows man-in-the-middle attackers to execute arbitrary code or cause a den...

CVE-2011-0128

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011...

CVE-2011-0135

CVE-2011-0148

CVE•added 2011/10/12 6:55 p.m.•46 views

CVE-2011-2816

WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.

7.6CVSS7.5AI score0.01198EPSS

CVE•added 2011/10/12 6:55 p.m.•46 views

CVE-2011-2817

7.6CVSS7.5AI score0.01198EPSS

CVE•added 2012/03/08 10:55 p.m.•46 views

CVE-2012-0591

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

CVE•added 2012/03/08 10:55 p.m.•46 views

CVE-2012-0610

CVE•added 2012/03/08 10:55 p.m.•46 views

CVE-2012-0631

CVE-2012-3613

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

CVE-2012-3672

9.3CVSS7.8AI score0.01664EPSS

CVE-2012-3687

9.3CVSS7.8AI score0.01664EPSS

CVE-2012-3701

CVE•added 2013/05/20 2:44 p.m.•46 views

CVE-2013-1006

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-0...

9.3CVSS7.5AI score0.01302EPSS

CVE•added 2013/05/20 2:44 p.m.•46 views

CVE-2013-1011

6.8CVSS7.5AI score0.00834EPSS

CVE•added 2013/12/18 4:4 p.m.•46 views

CVE-2013-5195

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.

6.8CVSS7.9AI score0.01314EPSS

CVE•added 2013/12/18 4:4 p.m.•46 views

CVE-2013-5196

6.8CVSS7.8AI score0.02121EPSS

CVE•added 2014/04/02 4:17 p.m.•46 views

CVE-2014-1301

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.

6.8CVSS7.9AI score0.01307EPSS

CVE•added 2009/09/24 6:30 p.m.•45 views

CVE-2009-2817

Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .pls file.

9.3CVSS7.5AI score0.19849EPSS

CVE•added 2011/03/03 8:0 p.m.•45 views

CVE-2011-0116

Use-after-free vulnerability in the setOuterText method in the htmlelement library in WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to DO...

7.6CVSS9.2AI score0.01251EPSS

CVE•added 2011/03/03 8:0 p.m.•45 views

CVE-2011-0141

CVE•added 2011/03/03 8:0 p.m.•45 views

CVE-2011-0156

9.3CVSS7.8AI score0.01849EPSS

CVE-2011-2873

CVE-2012-0609

CVE-2012-0617

CVE-2012-0618

CVE-2012-0621

CVE-2012-0625

CVE-2012-0629

CVE-2012-0635

CVE-2012-3602

CVE-2012-3643

CVE-2012-3654

CVE-2012-3657

CVE-2012-3677

CVE-2012-3688

CVE-2012-3709

CVE•added 2013/05/20 2:44 p.m.•45 views

CVE-2013-0995

6.8CVSS7.5AI score0.00819EPSS

CVE•added 2013/05/20 2:44 p.m.•45 views

CVE-2013-1014

Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.

4.3CVSS5.9AI score0.00047EPSS

CVE•added 2006/03/19 1:2 a.m.•44 views

CVE-2006-1249

Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field that specifies a large number of blocks.

6.8CVSS7.5AI score0.27209EPSS

CVE-2011-0111

CVE-2011-0113

CVE-2011-0129

CVE-2011-0153

CVE-2011-0168

7.6CVSS7.5AI score0.01363EPSS

CVE-2011-3233

7.6CVSS7.5AI score0.01392EPSS

CVE-2011-3238

7.6CVSS7.5AI score0.01363EPSS

CVE-2011-3241

9.3CVSS6.9AI score0.06048EPSS

CVE-2011-3252

Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Advanced Audio Coding (AAC) stream.

CVE•added 2012/03/08 10:55 p.m.•44 views

CVE-2012-0603