Apple Itunes vulnerabilities

CVE-2011-1117 [HIGH] CVE-2011-1117: Google Chrome before 9.0.597.107 does not properly handle XHTML documents, which allows remote attac Google Chrome before 9.0.597.107 does not properly handle XHTML documents, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale nodes."

CVE-2011-1121 [HIGH] CWE-190 CVE-2011-1121: Integer overflow in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of se Integer overflow in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a TEXTAREA element.

CVE-2011-1114 [HIGH] CVE-2011-1114: Google Chrome before 9.0.597.107 does not properly handle tables, which allows remote attackers to c Google Chrome before 9.0.597.107 does not properly handle tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node."

CVE-2011-1115 [HIGH] CVE-2011-1115: Google Chrome before 9.0.597.107 does not properly render tables, which allows remote attackers to c Google Chrome before 9.0.597.107 does not properly render tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

CVE-2011-1109 [HIGH] CWE-20 CVE-2011-1109: Google Chrome before 9.0.597.107 does not properly process nodes in Cascading Style Sheets (CSS) sty Google Chrome before 9.0.597.107 does not properly process nodes in Cascading Style Sheets (CSS) stylesheets, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

CVE-2011-0981 [HIGH] CWE-20 CVE-2011-0981: Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allow Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

CVE-2011-0983 [HIGH] CWE-20 CVE-2011-0983: Google Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attac Google Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

CVE-2010-4494 [HIGH] CWE-415 CVE-2010-4494: Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.5 Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

CVE-2010-4008 [MEDIUM] CWE-119 CVE-2010-4008: libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, an libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.

CVE-2010-1824 [CRITICAL] CWE-416 CVE-2010-1824: Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to SVG styles, the DOM tree, and error messages.

CVE-2010-1823 [CRITICAL] CWE-416 CVE-2010-1823: Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, al Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an inv

CVE-2010-3190 [CRITICAL] CWE-426 CVE-2010-3190: Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Vis Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the curr

CVE-2010-1795 [CRITICAL] CVE-2010-1795: Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, an Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory.

CVE-2010-1768 [MEDIUM] CVE-2010-1768: Unspecified vulnerability in Apple iTunes before 9.1 allows local users to gain console privileges v Unspecified vulnerability in Apple iTunes before 9.1 allows local users to gain console privileges via vectors related to log files, "insecure file operation," and syncing an iPhone, iPad, or iPod touch.

CVE-2010-1777 [CRITICAL] CWE-119 CVE-2010-1777: Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or ca Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL.

CVE-2010-1205 [CRITICAL] CWE-120 CVE-2010-1205: Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.

CVE-2010-2249 [MEDIUM] CWE-401 CVE-2010-2249: Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers t Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.

CVE-2010-1387 [CRITICAL] CWE-399 CVE-2010-1387: Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769.

CVE-2010-1769 [CRITICAL] CVE-2010-1769: WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, a WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, a different vulnerability than CVE-2010-1387 and CVE-2010-1763.

CVE-2010-1763 [CRITICAL] CVE-2010-1763: Unspecified vulnerability in WebKit in Apple iTunes before 9.2 on Windows has unknown impact and att Unspecified vulnerability in WebKit in Apple iTunes before 9.2 on Windows has unknown impact and attack vectors, a different vulnerability than CVE-2010-1387 and CVE-2010-1769.