Apple Itunes vulnerabilities
953 known vulnerabilities affecting apple/itunes.
Total CVEs
953
CISA KEV
2
actively exploited
Public exploits
77
Exploited in wild
3
Severity breakdown
CRITICAL114HIGH486MEDIUM348LOW5
Vulnerabilities
Page 39 of 48
CVE-2012-0638HIGHCVSS 7.6≤ 10.5.3v4.0.0+60 more2012-03-08
CVE-2012-0638 [HIGH] CWE-119 CVE-2012-0638: WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
nvd
CVE-2012-0637HIGHCVSS 7.6≤ 10.5.3v4.0.0+60 more2012-03-08
CVE-2012-0637 [HIGH] CWE-119 CVE-2012-0637: WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
nvd
CVE-2012-0639HIGHCVSS 7.6≤ 10.5.3v4.0.0+60 more2012-03-08
CVE-2012-0639 [HIGH] CWE-119 CVE-2012-0639: WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
nvd
CVE-2012-0634HIGHCVSS 7.6≤ 10.5.3v4.0.0+60 more2012-03-08
CVE-2012-0634 [HIGH] CWE-119 CVE-2012-0634: WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
nvd
CVE-2012-0648HIGHCVSS 7.6≤ 10.5.3v4.0.0+60 more2012-03-08
CVE-2012-0648 [HIGH] CWE-119 CVE-2012-0648: WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
nvd
CVE-2011-2866HIGHCVSS 7.6≤ 10.5.3v4.0.0+60 more2012-03-08
CVE-2011-2866 [HIGH] CWE-119 CVE-2011-2866: WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1.
nvd
CVE-2012-0608MEDIUMCVSS 6.8fixed in 10.62012-03-08
CVE-2012-0608 [MEDIUM] CWE-119 CVE-2012-0608: WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute a
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
nvd
CVE-2011-3041MEDIUMCVSS 6.8fixed in 10.72012-03-05
CVE-2011-3041 [MEDIUM] CWE-416 CVE-2011-3041: Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of class attributes.
nvd
CVE-2011-3039MEDIUMCVSS 6.8fixed in 10.72012-03-05
CVE-2011-3039 [MEDIUM] CWE-416 CVE-2011-3039: Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to quote handling.
nvd
CVE-2011-3043MEDIUMCVSS 6.8fixed in 10.72012-03-05
CVE-2011-3043 [MEDIUM] CWE-416 CVE-2011-3043: Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a flexbox (aka flexible box) in conjunction with the floating of elements.
nvd
CVE-2011-3032MEDIUMCVSS 6.8fixed in 10.72012-03-05
CVE-2011-3032 [MEDIUM] CWE-416 CVE-2011-3032: Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG values.
nvd
CVE-2011-3036MEDIUMCVSS 6.8fixed in 10.72012-03-05
CVE-2011-3036 [MEDIUM] CWE-704 CVE-2011-3036: Google Chrome before 17.0.963.65 does not properly perform a cast of an unspecified variable during
Google Chrome before 17.0.963.65 does not properly perform a cast of an unspecified variable during handling of line boxes, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
nvd
CVE-2011-3038MEDIUMCVSS 6.8fixed in 10.72012-03-05
CVE-2011-3038 [MEDIUM] CWE-416 CVE-2011-3038: Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to multi-column handling.
nvd
CVE-2011-3044MEDIUMCVSS 6.8fixed in 10.72012-03-05
CVE-2011-3044 [MEDIUM] CWE-416 CVE-2011-3044: Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animation elements.
nvd
CVE-2011-3035MEDIUMCVSS 6.8fixed in 10.72012-03-05
CVE-2011-3035 [MEDIUM] CWE-416 CVE-2011-3035: Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements.
nvd
CVE-2011-3042MEDIUMCVSS 6.8fixed in 10.72012-03-05
CVE-2011-3042 [MEDIUM] CWE-416 CVE-2011-3042: Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of table sections.
nvd
CVE-2011-3040MEDIUMCVSS 4.3fixed in 10.72012-03-05
CVE-2011-3040 [MEDIUM] CWE-125 CVE-2011-3040: Google Chrome before 17.0.963.65 does not properly handle text, which allows remote attackers to cau
Google Chrome before 17.0.963.65 does not properly handle text, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.
nvd
CVE-2011-3034MEDIUMCVSS 6.8fixed in 10.72012-03-05
CVE-2011-3034 [MEDIUM] CWE-416 CVE-2011-3034: Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG document.
nvd
CVE-2011-3037MEDIUMCVSS 6.8fixed in 10.72012-03-05
CVE-2011-3037 [MEDIUM] CWE-704 CVE-2011-3037: Google Chrome before 17.0.963.65 does not properly perform casts of unspecified variables during the
Google Chrome before 17.0.963.65 does not properly perform casts of unspecified variables during the splitting of anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
nvd
CVE-2011-3021HIGHCVSS 7.5fixed in 10.72012-02-16
CVE-2011-3021 [HIGH] CWE-416 CVE-2011-3021: Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to subframe loading.
nvd