Apple Itunes vulnerabilities
953 known vulnerabilities affecting apple/itunes.
Total CVEs
953
CISA KEV
2
actively exploited
Public exploits
77
Exploited in wild
3
Severity breakdown
CRITICAL113HIGH487MEDIUM348LOW5
Vulnerabilities
Page 25 of 48
CVE-2016-4616CRITICALCVSS 9.8fixed in 12.4.22016-07-22
CVE-2016-4616 [CRITICAL] CVE-2016-4616: libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud befo
libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4614, CVE-2016-461
nvd
CVE-2016-4615CRITICALCVSS 9.8fixed in 12.4.22016-07-22
CVE-2016-4615 [CRITICAL] CVE-2016-4615: libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud befo
libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4614, CVE-2016-461
nvd
CVE-2016-4607CRITICALCVSS 9.8fixed in 12.4.22016-07-22
CVE-2016-4607 [CRITICAL] CWE-119 CVE-2016-4607: libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud befo
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-
nvd
CVE-2016-4614CRITICALCVSS 9.8fixed in 12.4.22016-07-22
CVE-2016-4614 [CRITICAL] CWE-787 CVE-2016-4614: libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud befo
libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4615, CVE-
nvd
CVE-2016-4608CRITICALCVSS 9.8fixed in 12.4.22016-07-22
CVE-2016-4608 [CRITICAL] CVE-2016-4608: libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud befo
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-460
nvd
CVE-2016-4609CRITICALCVSS 9.8fixed in 12.4.22016-07-22
CVE-2016-4609 [CRITICAL] CVE-2016-4609: libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud befo
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-460
nvd
CVE-2016-4448CRITICALCVSS 9.8≤ 12.4.12016-06-09
CVE-2016-4448 [CRITICAL] CWE-134 CVE-2016-4448: Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
nvd
CVE-2016-4447HIGHCVSS 7.5v12.4.12016-06-09
CVE-2016-4447 [HIGH] CWE-119 CVE-2016-4447: The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attack
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
nvd
CVE-2016-1742HIGHCVSS 7.8≤ 12.3.12016-05-20
CVE-2016-1742 [HIGH] CWE-264 CVE-2016-1742: Untrusted search path vulnerability in the installer in Apple iTunes before 12.4 allows local users
Untrusted search path vulnerability in the installer in Apple iTunes before 12.4 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
nvdapple
CVE-2015-6992HIGHCVSS 7.5≤ 12.3.02015-10-23
CVE-2015-6992 [HIGH] CVE-2015-6992: CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attack
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-7017.
nvdapple
CVE-2015-6975HIGHCVSS 7.5≤ 12.3.02015-10-23
CVE-2015-6975 [HIGH] CWE-119 CVE-2015-6975: CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attack
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6992 and CVE-2015-7017.
nvdapple
CVE-2015-7017HIGHCVSS 7.5≤ 12.3.02015-10-23
CVE-2015-7017 [HIGH] CVE-2015-7017: CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attack
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-6992.
nvdapple
CVE-2015-7013MEDIUMCVSS 6.8≤ 12.3.02015-10-23
CVE-2015-7013 [MEDIUM] CWE-119 CVE-2015-7013: WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to ex
WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5.
nvdapple
CVE-2015-7002MEDIUMCVSS 6.8≤ 12.3.02015-10-23
CVE-2015-7002 [MEDIUM] CWE-119 CVE-2015-7002: WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remot
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-20
nvdapple
CVE-2015-7011MEDIUMCVSS 6.8≤ 12.3.02015-10-23
CVE-2015-7011 [MEDIUM] CWE-119 CVE-2015-7011: WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to ex
WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5.
nvdapple
CVE-2015-5931MEDIUMCVSS 6.8≤ 12.3.02015-10-23
CVE-2015-5931 [MEDIUM] CWE-119 CVE-2015-5931: WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to ex
WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5.
nvdapple
CVE-2015-7012MEDIUMCVSS 6.8≤ 12.3.02015-10-23
CVE-2015-7012 [MEDIUM] CWE-119 CVE-2015-7012: WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remot
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-20
nvdapple
CVE-2015-5929MEDIUMCVSS 6.8≤ 12.3.02015-10-23
CVE-2015-5929 [MEDIUM] CWE-119 CVE-2015-5929: WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remot
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-20
nvdapple
CVE-2015-5928MEDIUMCVSS 6.8≤ 12.3.02015-10-23
CVE-2015-5928 [MEDIUM] CWE-119 CVE-2015-5928: WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remot
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-20
nvdapple
CVE-2015-7014MEDIUMCVSS 6.8≤ 12.3.02015-10-23
CVE-2015-7014 [MEDIUM] CWE-119 CVE-2015-7014: WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remot
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-20
nvdapple