Itunes@4.7 Security Vulnerabilities and Issues — Page 2 of Itunes@4.7 CVE List

CVE-2011-0138

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011...

7.6CVSS9.2AI score0.00861EPSS

CVE-2011-0139

CVE-2011-0155

9.3CVSS7.4AI score0.08698EPSS

CVE-2011-0170

Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes before 10.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted International Color Consortium (ICC) profile in a JPEG image.

CVE•added 2012/09/13 10:30 a.m.•47 views

CVE-2012-3703

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

8.3CVSS7.8AI score0.01054EPSS

CVE•added 2013/05/20 2:44 p.m.•47 views

CVE-2013-1010

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-0...

CVE-2012-3614

9.3CVSS7.8AI score0.01247EPSS

CVE-2012-3621

CVE-2012-3658

CVE-2012-3673

CVE-2013-0991

CVE-2013-0996

CVE-2013-0998

CVE-2013-1000

CVE-2013-1007

CVE-2011-0114

7.6CVSS9.2AI score0.01538EPSS

CVE-2011-0115

The DOM level 2 implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, does not properly handle DOM manipulations associated with event listeners during processing of range objects, which allows man-in-the-middle attackers to execute arbitrary code or cause a den...

CVE-2011-0128

CVE-2011-0135

CVE-2011-0148

CVE-2012-3613

CVE-2012-3672

9.3CVSS7.8AI score0.01247EPSS

CVE-2012-3687

CVE-2012-3699

CVE•added 2013/05/20 2:44 p.m.•45 views

CVE-2013-1006

CVE•added 2013/05/20 2:44 p.m.•45 views

CVE-2013-1011

6.8CVSS7.5AI score0.00834EPSS

CVE•added 2009/09/24 6:30 p.m.•44 views

CVE-2009-2817

Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .pls file.

9.3CVSS7.5AI score0.19849EPSS

CVE•added 2011/03/03 8:0 p.m.•44 views

CVE-2011-0116

Use-after-free vulnerability in the setOuterText method in the htmlelement library in WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to DO...

7.6CVSS9.2AI score0.01691EPSS

CVE•added 2011/03/03 8:0 p.m.•44 views

CVE-2011-0141

CVE•added 2011/03/03 8:0 p.m.•44 views

CVE-2011-0156

CVE-2012-3602

CVE-2012-3643

CVE-2012-3654

CVE-2012-3657

CVE-2012-3677

CVE-2012-3688

9.3CVSS7.8AI score0.01247EPSS

CVE-2012-3701

CVE-2012-3709

CVE•added 2013/05/20 2:44 p.m.•44 views

CVE-2013-0995

CVE•added 2013/05/20 2:44 p.m.•44 views

CVE-2013-1014

Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.

4.3CVSS5.9AI score0.00047EPSS

7.6CVSS9.2AI score0.00876EPSS

CVE-2011-0111

CVE-2011-0113

CVE-2011-0129

CVE-2011-0153

CVE•added 2011/10/12 6:55 p.m.•43 views

CVE-2011-3252

Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Advanced Audio Coding (AAC) stream.

9.3CVSS6.9AI score0.06693EPSS

CVE-2012-3622

6.8CVSS7.8AI score0.00796EPSS

CVE-2012-3647

CVE-2012-3660