Apple Itunes vulnerabilities
922 known vulnerabilities affecting apple/itunes.
Total CVEs
922
CISA KEV
2
actively exploited
Public exploits
75
Exploited in wild
3
Severity breakdown
CRITICAL112HIGH479MEDIUM326LOW5
Vulnerabilities
Page 25 of 47
CVE-2015-5928MEDIUMCVSS 6.8≤ 12.3.02015-10-23
CVE-2015-5928 [MEDIUM] CWE-119 CVE-2015-5928: WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remot
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-20
nvd
CVE-2015-7014MEDIUMCVSS 6.8≤ 12.3.02015-10-23
CVE-2015-7014 [MEDIUM] CWE-119 CVE-2015-7014: WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remot
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-20
nvd
CVE-2015-5930MEDIUMCVSS 6.8≤ 12.3.02015-10-23
CVE-2015-5930 [MEDIUM] CWE-119 CVE-2015-5930: WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remot
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-20
nvd
CVE-2015-5931MEDIUMCVSS 6.8≤ 12.3.02015-10-23
CVE-2015-5931 [MEDIUM] CWE-119 CVE-2015-5931: WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to ex
WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5.
nvd
CVE-2015-5874HIGHCVSS 7.5≤ 12.22015-09-18
CVE-2015-5874 [HIGH] CWE-119 CVE-2015-5874: CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary c
CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
nvd
CVE-2015-5790MEDIUMCVSS 6.8≤ 12.22015-09-18
CVE-2015-5790 [MEDIUM] CWE-119 CVE-2015-5790: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5789MEDIUMCVSS 6.8≤ 12.22015-09-18
CVE-2015-5789 [MEDIUM] CWE-119 CVE-2015-5789: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5799MEDIUMCVSS 6.8≤ 12.22015-09-18
CVE-2015-5799 [MEDIUM] CWE-119 CVE-2015-5799: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5920MEDIUMCVSS 4.3≤ 12.22015-09-18
CVE-2015-5920 [MEDIUM] CVE-2015-5920: The Software Update component in Apple iTunes before 12.3 does not properly handle redirection, whic
The Software Update component in Apple iTunes before 12.3 does not properly handle redirection, which allows man-in-the-middle attackers to discover encrypted SMB credentials via unspecified vectors.
nvd
CVE-2015-5796MEDIUMCVSS 6.8≤ 12.22015-09-18
CVE-2015-5796 [MEDIUM] CWE-119 CVE-2015-5796: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5812MEDIUMCVSS 6.8≤ 12.22015-09-18
CVE-2015-5812 [MEDIUM] CWE-119 CVE-2015-5812: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5800MEDIUMCVSS 6.8≤ 12.22015-09-18
CVE-2015-5800 [MEDIUM] CWE-119 CVE-2015-5800: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5808MEDIUMCVSS 6.8≤ 12.22015-09-18
CVE-2015-5808 [MEDIUM] CWE-119 CVE-2015-5808: WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary
WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5798MEDIUMCVSS 6.8≤ 12.22015-09-18
CVE-2015-5798 [MEDIUM] CWE-119 CVE-2015-5798: WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary
WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5806MEDIUMCVSS 6.8≤ 12.22015-09-18
CVE-2015-5806 [MEDIUM] CWE-119 CVE-2015-5806: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5802MEDIUMCVSS 6.8≤ 12.22015-09-18
CVE-2015-5802 [MEDIUM] CWE-119 CVE-2015-5802: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5815MEDIUMCVSS 6.8≤ 12.22015-09-18
CVE-2015-5815 [MEDIUM] CWE-119 CVE-2015-5815: WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary
WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5809MEDIUMCVSS 6.8≤ 12.22015-09-18
CVE-2015-5809 [MEDIUM] CWE-119 CVE-2015-5809: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5793MEDIUMCVSS 6.8≤ 12.22015-09-18
CVE-2015-5793 [MEDIUM] CWE-119 CVE-2015-5793: WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attack
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd
CVE-2015-5805MEDIUMCVSS 6.8≤ 12.22015-09-18
CVE-2015-5805 [MEDIUM] CWE-119 CVE-2015-5805: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvd