Apple Itunes vulnerabilities
953 known vulnerabilities affecting apple/itunes.
Total CVEs
953
CISA KEV
2
actively exploited
Public exploits
77
Exploited in wild
3
Severity breakdown
CRITICAL113HIGH487MEDIUM348LOW5
Vulnerabilities
Page 26 of 48
CVE-2015-5930MEDIUMCVSS 6.8≤ 12.3.02015-10-23
CVE-2015-5930 [MEDIUM] CWE-119 CVE-2015-5930: WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remot
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-20
nvdapple
CVE-2015-5874HIGHCVSS 7.5≤ 12.22015-09-18
CVE-2015-5874 [HIGH] CWE-119 CVE-2015-5874: CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary c
CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
nvdapple
CVE-2015-5799MEDIUMCVSS 6.8≤ 12.22015-09-18
CVE-2015-5799 [MEDIUM] CWE-119 CVE-2015-5799: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvdapple
CVE-2015-5790MEDIUMCVSS 6.8≤ 12.22015-09-18
CVE-2015-5790 [MEDIUM] CWE-119 CVE-2015-5790: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvdapple
CVE-2015-5795MEDIUMCVSS 6.8v12.22015-09-18
CVE-2015-5795 [MEDIUM] CWE-119 CVE-2015-5795: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvdapple
CVE-2015-5818MEDIUMCVSS 6.8≤ 12.22015-09-18
CVE-2015-5818 [MEDIUM] CWE-119 CVE-2015-5818: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvdapple
CVE-2015-5789MEDIUMCVSS 6.8≤ 12.22015-09-18
CVE-2015-5789 [MEDIUM] CWE-119 CVE-2015-5789: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvdapple
CVE-2015-5807MEDIUMCVSS 6.8≤ 12.22015-09-18
CVE-2015-5807 [MEDIUM] CWE-119 CVE-2015-5807: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvdapple
CVE-2015-5920MEDIUMCVSS 4.3≤ 12.22015-09-18
CVE-2015-5920 [MEDIUM] CVE-2015-5920: The Software Update component in Apple iTunes before 12.3 does not properly handle redirection, whic
The Software Update component in Apple iTunes before 12.3 does not properly handle redirection, which allows man-in-the-middle attackers to discover encrypted SMB credentials via unspecified vectors.
nvdapple
CVE-2015-5796MEDIUMCVSS 6.8≤ 12.22015-09-18
CVE-2015-5796 [MEDIUM] CWE-119 CVE-2015-5796: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvdapple
CVE-2015-5800MEDIUMCVSS 6.8≤ 12.22015-09-18
CVE-2015-5800 [MEDIUM] CWE-119 CVE-2015-5800: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvdapple
CVE-2015-5812MEDIUMCVSS 6.8≤ 12.22015-09-18
CVE-2015-5812 [MEDIUM] CWE-119 CVE-2015-5812: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvdapple
CVE-2015-5814MEDIUMCVSS 6.8≤ 12.22015-09-18
CVE-2015-5814 [MEDIUM] CWE-119 CVE-2015-5814: WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attack
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvdapple
CVE-2015-5808MEDIUMCVSS 6.8≤ 12.22015-09-18
CVE-2015-5808 [MEDIUM] CWE-119 CVE-2015-5808: WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary
WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3.
nvdapple
CVE-2015-5804MEDIUMCVSS 6.8≤ 12.22015-09-18
CVE-2015-5804 [MEDIUM] CWE-119 CVE-2015-5804: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvdapple
CVE-2015-5798MEDIUMCVSS 6.8≤ 12.22015-09-18
CVE-2015-5798 [MEDIUM] CWE-119 CVE-2015-5798: WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary
WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3.
nvdapple
CVE-2015-5806MEDIUMCVSS 6.8≤ 12.22015-09-18
CVE-2015-5806 [MEDIUM] CWE-119 CVE-2015-5806: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvdapple
CVE-2015-5802MEDIUMCVSS 6.8≤ 12.22015-09-18
CVE-2015-5802 [MEDIUM] CWE-119 CVE-2015-5802: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvdapple
CVE-2015-5819MEDIUMCVSS 6.8≤ 12.22015-09-18
CVE-2015-5819 [MEDIUM] CWE-119 CVE-2015-5819: WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arb
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
nvdapple
CVE-2015-5815MEDIUMCVSS 6.8≤ 12.22015-09-18
CVE-2015-5815 [MEDIUM] CWE-119 CVE-2015-5815: WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary
WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3.
nvdapple