Apple Itunes vulnerabilities

953 known vulnerabilities affecting apple/itunes.

Total CVEs

953

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL114HIGH486MEDIUM348LOW5

Vulnerabilities

Page 35 of 48

CVE-2012-3688MEDIUMCVSS 6.8≤ 10.6.3v4.0.0+76 more2012-09-13

CVE-2012-3688 [MEDIUM] CVE-2012-3688: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or ca WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

nvd

CVE-2012-3612MEDIUMCVSS 6.8≤ 10.6.3v4.0.0+76 more2012-09-13

CVE-2012-3612 [MEDIUM] CVE-2012-3612: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or ca WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

nvd

CVE-2012-3649MEDIUMCVSS 6.8≤ 10.6.3v4.0.0+76 more2012-09-13

CVE-2012-3649 [MEDIUM] CVE-2012-3649: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or ca WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

nvd

CVE-2012-3657MEDIUMCVSS 6.8≤ 10.6.3v4.0.0+76 more2012-09-13

CVE-2012-3657 [MEDIUM] CVE-2012-3657: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or ca WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

nvd

CVE-2012-3702MEDIUMCVSS 6.8≤ 10.6.3v4.0.0+76 more2012-09-13

CVE-2012-3702 [MEDIUM] CVE-2012-3702: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or ca WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

nvd

CVE-2012-3704MEDIUMCVSS 6.8≤ 10.6.3v4.0.0+76 more2012-09-13

CVE-2012-3704 [MEDIUM] CVE-2012-3704: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or ca WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

nvd

CVE-2012-3712MEDIUMCVSS 6.8≤ 10.6.3v4.0.0+76 more2012-09-13

CVE-2012-3712 [MEDIUM] CVE-2012-3712: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or ca WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

nvd

CVE-2012-3710MEDIUMCVSS 6.8≤ 10.6.3v4.0.0+76 more2012-09-13

CVE-2012-3710 [MEDIUM] CVE-2012-3710: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or ca WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

nvd

CVE-2012-3692MEDIUMCVSS 6.8≤ 10.6.3v4.0.0+76 more2012-09-13

CVE-2012-3692 [MEDIUM] CVE-2012-3692: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or ca WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

nvd

CVE-2012-3616MEDIUMCVSS 6.8≤ 10.6.3v4.0.0+76 more2012-09-13

CVE-2012-3616 [MEDIUM] CVE-2012-3616: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or ca WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

nvd

CVE-2012-3647MEDIUMCVSS 6.8≤ 10.6.3v4.0.0+76 more2012-09-13

CVE-2012-3647 [MEDIUM] CVE-2012-3647: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or ca WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

nvd

CVE-2012-3652MEDIUMCVSS 6.8≤ 10.6.3v4.0.0+76 more2012-09-13

CVE-2012-3652 [MEDIUM] CVE-2012-3652: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or ca WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

nvd

CVE-2012-0677CRITICALCVSS 9.3PoC≤ 10.6.1v10.0+19 more2012-06-12

CVE-2012-0677 [CRITICAL] CWE-119 CVE-2012-0677: Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrar Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist.

nvd

CVE-2011-3081CRITICALCVSS 9.3fixed in 10.72012-05-01

CVE-2011-3081 [CRITICAL] CVE-2011-3081: Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3078.

nvd

CVE-2012-1521MEDIUMCVSS 6.8fixed in 10.72012-05-01

CVE-2012-1521 [MEDIUM] CWE-416 CVE-2012-1521: Use-after-free vulnerability in the XML parser in Google Chrome before 18.0.1025.168 allows remote a Use-after-free vulnerability in the XML parser in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

nvd

CVE-2011-3078MEDIUMCVSS 6.8fixed in 10.72012-05-01

CVE-2011-3078 [MEDIUM] CWE-416 CVE-2011-3078: Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3081.

nvd

CVE-2011-3071MEDIUMCVSS 6.8fixed in 10.72012-04-05

CVE-2011-3071 [MEDIUM] CWE-416 CVE-2011-3071: Use-after-free vulnerability in the HTMLMediaElement implementation in Google Chrome before 18.0.102 Use-after-free vulnerability in the HTMLMediaElement implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

nvd

CVE-2011-3068MEDIUMCVSS 6.8fixed in 10.72012-04-05

CVE-2011-3068 [MEDIUM] CWE-416 CVE-2011-3068: Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome bef Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to run-in boxes.

nvd

CVE-2011-3076MEDIUMCVSS 6.8fixed in 10.72012-04-05

CVE-2011-3076 [MEDIUM] CWE-416 CVE-2011-3076: Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to focus handling.

nvd

CVE-2011-3075MEDIUMCVSS 6.8fixed in 10.72012-04-05

CVE-2011-3075 [MEDIUM] CWE-416 CVE-2011-3075: Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style-application commands.

nvd

← Previous35 / 48Next →