Itunes@6.0.4.2 Security Vulnerabilities and Issues — Itunes@6.0.4.2 CVE List

Lucene search

AppleItunes6.0.4.2

66 matches found

CVE•added 2008/08/01 2:41 p.m.•211 views

CVE-2008-3434

Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

7.5CVSS7AI score0.00698EPSS

CVE•added 2011/03/03 8:0 p.m.•78 views

CVE-2011-0191

Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.

9.3CVSS7.5AI score0.0907EPSS

CVE•added 2011/03/03 8:0 p.m.•67 views

CVE-2011-0192

Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file tha...

9.3CVSS7.2AI score0.05606EPSS

CVE•added 2009/03/14 6:30 p.m.•65 views

CVE-2009-0016

Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header.

5CVSS6.1AI score0.01435EPSS

CVE•added 2010/07/30 1:26 p.m.•64 views

CVE-2010-1777

Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL.

9.3CVSS7.9AI score0.02843EPSS

CVE•added 2010/06/18 4:30 p.m.•63 views

CVE-2010-1387

Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a differen...

9.3CVSS9AI score0.08537EPSS

CVE•added 2011/10/12 6:55 p.m.•61 views

CVE-2011-3219

Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.

9.3CVSS8.7AI score0.04261EPSS

CVE•added 2008/09/11 1:13 a.m.•60 views

CVE-2008-3636

Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as us...

7.2CVSS6.1AI score0.00123EPSS

CVE•added 2010/08/20 8:0 p.m.•58 views

CVE-2010-1795

Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory.

9.3CVSS6.4AI score0.0254EPSS

CVE•added 2011/10/12 6:55 p.m.•58 views

CVE-2011-2338

WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.

7.6CVSS7.5AI score0.01224EPSS

CVE•added 2010/08/20 8:0 p.m.•56 views

CVE-2010-1768

Unspecified vulnerability in Apple iTunes before 9.1 allows local users to gain console privileges via vectors related to log files, "insecure file operation," and syncing an iPhone, iPad, or iPod touch.

6.9CVSS6.2AI score0.00045EPSS

CVE•added 2009/06/02 6:30 p.m.•55 views

CVE-2009-0950

Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon.

9.3CVSS7.9AI score0.82109EPSS

CVE•added 2011/03/03 8:0 p.m.•53 views

CVE-2011-0149

WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly parse HTML elements associated with document namespaces, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to a "dang...

7.6CVSS9.2AI score0.01709EPSS

CVE•added 2011/10/12 6:55 p.m.•53 views

CVE-2011-0259

CoreFoundation, as used in Apple iTunes before 10.5, does not properly perform string tokenization, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

7.6CVSS8.7AI score0.01392EPSS

CVE•added 2011/10/12 6:55 p.m.•53 views

CVE-2011-2339

7.6CVSS7.5AI score0.01198EPSS

CVE•added 2008/09/11 1:13 a.m.•52 views

CVE-2008-3634

Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator were given better i...

2.6CVSS5.9AI score0.00283EPSS

CVE•added 2011/03/03 8:0 p.m.•52 views

CVE-2011-0122

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011...