Apple Itunes vulnerabilities

CVE-2014-4459 [MEDIUM] CVE-2014-4459: Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attacker Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.

CVE-2014-3192 [HIGH] CWE-416 CVE-2014-3192: Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/Pro Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVE-2014-1347 [MEDIUM] CWE-264 CVE-2014-1347: Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared duri Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary user accounts, via standard filesystem operations.

CVE-2014-1301 [MEDIUM] CWE-119 CVE-2014-1301: WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execut WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.

CVE-2014-1242 [MEDIUM] CWE-310 CVE-2014-1242: Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, which allows man-in-the-middle Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, which allows man-in-the-middle attackers to spoof content by gaining control over the client-server data stream.

CVE-2013-5196 [MEDIUM] CWE-119 CVE-2013-5196: WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execut WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.

CVE-2013-5199 [MEDIUM] CWE-119 CVE-2013-5199: WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execut WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.

CVE-2013-5195 [MEDIUM] CWE-119 CVE-2013-5195: WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execut WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.

CVE-2013-5198 [MEDIUM] CWE-119 CVE-2013-5198: WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execut WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.

CVE-2013-5197 [MEDIUM] CWE-119 CVE-2013-5197: WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execut WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.

CVE-2013-5228 [MEDIUM] CWE-119 CVE-2013-5228: WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execut WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.

CVE-2013-5225 [MEDIUM] CWE-119 CVE-2013-5225: WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execut WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.

CVE-2013-1035 [CRITICAL] CWE-119 CVE-2013-1035: The iTunes ActiveX control in Apple iTunes before 11.1 allows remote attackers to execute arbitrary The iTunes ActiveX control in Apple iTunes before 11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

CVE-2013-1041 [MEDIUM] CWE-119 CVE-2013-1041: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

CVE-2013-1047 [MEDIUM] CWE-119 CVE-2013-1047: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

CVE-2013-1039 [MEDIUM] CWE-119 CVE-2013-1039: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

CVE-2013-1037 [MEDIUM] CWE-119 CVE-2013-1037: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

CVE-2013-1040 [MEDIUM] CWE-119 CVE-2013-1040: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

CVE-2013-1038 [MEDIUM] CWE-119 CVE-2013-1038: WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

CVE-2011-2391 [MEDIUM] CWE-20 CVE-2011-2391: The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denia The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.