Apple Itunes vulnerabilities
953 known vulnerabilities affecting apple/itunes.
Total CVEs
953
CISA KEV
2
actively exploited
Public exploits
77
Exploited in wild
3
Severity breakdown
CRITICAL114HIGH486MEDIUM348LOW5
Vulnerabilities
Page 43 of 48
CVE-2011-1451HIGHCVSS 7.5fixed in 10.52011-05-03
CVE-2011-1451 [HIGH] CWE-20 CVE-2011-1451: Google Chrome before 11.0.696.57 does not properly handle DOM id maps, which allows remote attackers
Google Chrome before 11.0.696.57 does not properly handle DOM id maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "dangling pointers."
nvd
CVE-2011-1440MEDIUMCVSS 6.8fixed in 10.52011-05-03
CVE-2011-1440 [MEDIUM] CWE-416 CVE-2011-1440: Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a
Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences.
nvd
CVE-2011-1449MEDIUMCVSS 6.8fixed in 10.52011-05-03
CVE-2011-1449 [MEDIUM] CWE-416 CVE-2011-1449: Use-after-free vulnerability in the WebSockets implementation in Google Chrome before 11.0.696.57 al
Use-after-free vulnerability in the WebSockets implementation in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
nvd
CVE-2011-1293HIGHCVSS 7.5fixed in 10.52011-03-25
CVE-2011-1293 [HIGH] CWE-416 CVE-2011-1293: Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome before 10.0.648.2
Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
nvd
CVE-2011-1296HIGHCVSS 7.5fixed in 10.52011-03-25
CVE-2011-1296 [HIGH] CWE-20 CVE-2011-1296: Google Chrome before 10.0.648.204 does not properly handle SVG text, which allows remote attackers t
Google Chrome before 10.0.648.204 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
nvd
CVE-2011-1188HIGHCVSS 7.5fixed in 10.52011-03-11
CVE-2011-1188 [HIGH] CVE-2011-1188: Google Chrome before 10.0.648.127 does not properly handle counter nodes, which allows remote attack
Google Chrome before 10.0.648.127 does not properly handle counter nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
nvd
CVE-2011-1203HIGHCVSS 7.5fixed in 10.52011-03-11
CVE-2011-1203 [HIGH] CVE-2011-1203: Google Chrome before 10.0.648.127 does not properly handle SVG cursors, which allows remote attacker
Google Chrome before 10.0.648.127 does not properly handle SVG cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
nvd
CVE-2011-1204MEDIUMCVSS 6.8fixed in 10.52011-03-11
CVE-2011-1204 [MEDIUM] CWE-20 CVE-2011-1204: Google Chrome before 10.0.648.127 does not properly handle attributes, which allows remote attackers
Google Chrome before 10.0.648.127 does not properly handle attributes, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via a crafted document.
nvd
CVE-2011-0191CRITICALCVSS 9.3≤ 10.1.2v4.0.0+63 more2011-03-03
CVE-2011-0191 [CRITICAL] CWE-119 CVE-2011-0191: Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes bef
Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.
nvd
CVE-2011-0192CRITICALCVSS 9.3≤ 10.1.2v4.0.0+63 more2011-03-03
CVE-2011-0192 [CRITICAL] CWE-119 CVE-2011-0192: Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Ap
Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding,
nvd
CVE-2011-0170CRITICALCVSS 9.3≤ 10.1.2v4.0.0+63 more2011-03-03
CVE-2011-0170 [CRITICAL] CWE-119 CVE-2011-0170: Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes before 10.2 on Windows allows
Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes before 10.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted International Color Consortium (ICC) profile in a JPEG image.
nvd
CVE-2011-0114HIGHCVSS 7.6≤ 10.1.2v4.0.0+63 more2011-03-03
CVE-2011-0114 [HIGH] CWE-119 CVE-2011-0114: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execut
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
nvd
CVE-2011-0116HIGHCVSS 7.6≤ 10.1.2v4.0.0+63 more2011-03-03
CVE-2011-0116 [HIGH] CWE-399 CVE-2011-0116: Use-after-free vulnerability in the setOuterText method in the htmlelement library in WebKit, as use
Use-after-free vulnerability in the setOuterText method in the htmlelement library in WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to DOM manipulations during iTunes Store browsing, a differen
nvd
CVE-2011-0134HIGHCVSS 7.6≤ 10.1.2v4.0.0+63 more2011-03-03
CVE-2011-0134 [HIGH] CWE-119 CVE-2011-0134: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execut
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
nvd
CVE-2011-0148HIGHCVSS 7.6≤ 10.1.2v4.0.0+63 more2011-03-03
CVE-2011-0148 [HIGH] CWE-119 CVE-2011-0148: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execut
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
nvd
CVE-2011-0140HIGHCVSS 7.6≤ 10.1.2v4.0.0+63 more2011-03-03
CVE-2011-0140 [HIGH] CWE-119 CVE-2011-0140: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execut
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
nvd
CVE-2011-0145HIGHCVSS 7.6≤ 10.1.2v4.0.0+63 more2011-03-03
CVE-2011-0145 [HIGH] CWE-119 CVE-2011-0145: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execut
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
nvd
CVE-2011-0141HIGHCVSS 7.6≤ 10.1.2v4.0.0+63 more2011-03-03
CVE-2011-0141 [HIGH] CWE-119 CVE-2011-0141: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execut
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
nvd
CVE-2011-0122HIGHCVSS 7.6≤ 10.1.2v4.0.0+63 more2011-03-03
CVE-2011-0122 [HIGH] CWE-119 CVE-2011-0122: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execut
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
nvd
CVE-2011-0142HIGHCVSS 7.6≤ 10.1.2v4.0.0+63 more2011-03-03
CVE-2011-0142 [HIGH] CWE-119 CVE-2011-0142: WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execut
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
nvd