VYPR

iTunes

by Apple Inc.

CVEs (625)

  • CVE-2011-1109Mar 1, 2011
    risk 0.00cvss epss 0.02

    Google Chrome before 9.0.597.107 does not properly process nodes in Cascading Style Sheets (CSS) stylesheets, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

  • CVE-2011-0983Feb 10, 2011
    risk 0.00cvss epss 0.02

    Google Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

  • CVE-2011-0981Feb 10, 2011
    risk 0.00cvss epss 0.02

    Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

  • CVE-2010-4008Nov 17, 2010
    risk 0.00cvss epss 0.03

    libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service…

  • CVE-2010-1824Sep 24, 2010
    risk 0.00cvss epss 0.04

    Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to SVG styles, the DOM tree, and error…

  • CVE-2010-1823Sep 24, 2010
    risk 0.00cvss epss 0.03

    Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing,…

  • CVE-2010-1795Aug 20, 2010
    risk 0.00cvss epss 0.03

    Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory.

  • CVE-2010-1768Aug 20, 2010
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in Apple iTunes before 9.1 allows local users to gain console privileges via vectors related to log files, "insecure file operation," and syncing an iPhone, iPad, or iPod touch.

  • CVE-2010-1777Jul 30, 2010
    risk 0.00cvss epss 0.05

    Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL.

  • CVE-2010-1763Jun 18, 2010
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in WebKit in Apple iTunes before 9.2 on Windows has unknown impact and attack vectors, a different vulnerability than CVE-2010-1387 and CVE-2010-1769.

  • CVE-2010-1387Jun 18, 2010
    risk 0.00cvss epss 0.06

    Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page…

  • CVE-2010-0532Mar 31, 2010
    risk 0.00cvss epss 0.00

    Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse.

  • CVE-2010-0531Mar 31, 2010
    risk 0.00cvss epss 0.02

    Apple iTunes before 9.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 podcast file.

  • CVE-2010-0043Mar 15, 2010
    risk 0.00cvss epss 0.06

    ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.

  • CVE-2010-0042Mar 15, 2010
    risk 0.00cvss epss 0.03

    ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image.

  • CVE-2010-0041Mar 15, 2010
    risk 0.00cvss epss 0.03

    ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image.

  • CVE-2009-0143Mar 14, 2009
    risk 0.00cvss epss 0.02

    Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication request, which makes it easier for remote podcast servers to trick a user into providing a username and password when subscribing to a crafted podcast.

  • CVE-2009-0016Mar 14, 2009
    risk 0.00cvss epss 0.02

    Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header.

  • CVE-2008-3636Sep 11, 2008
    risk 0.00cvss epss 0.00

    Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver…

  • CVE-2008-3634Sep 11, 2008
    risk 0.00cvss epss 0.02

    Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator…

Page 31 of 32