CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Itunes » 6.0.4.2 : Security Vulnerabilities

Cpe Name:cpe:/a:apple:itunes:6.0.4.2
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2011-3252 119 DoS Exec Code Overflow 2011-10-12 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Advanced Audio Coding (AAC) stream.
2 CVE-2011-3219 119 DoS Exec Code Overflow 2011-10-12 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.
3 CVE-2011-2339 119 DoS Exec Code Overflow Mem. Corr. 2011-10-12 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
4 CVE-2011-2338 119 DoS Exec Code Overflow Mem. Corr. 2011-10-12 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
5 CVE-2011-0259 119 DoS Exec Code Overflow Mem. Corr. 2011-10-12 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
CoreFoundation, as used in Apple iTunes before 10.5, does not properly perform string tokenization, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
6 CVE-2011-0192 119 DoS Exec Code Overflow 2011-03-03 2014-02-20
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information.
7 CVE-2011-0191 119 DoS Exec Code Overflow 2011-03-03 2014-02-20
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.
8 CVE-2011-0170 119 DoS Exec Code Overflow 2011-03-03 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes before 10.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted International Color Consortium (ICC) profile in a JPEG image.
9 CVE-2011-0168 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
10 CVE-2011-0165 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
11 CVE-2011-0164 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
12 CVE-2011-0156 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
13 CVE-2011-0155 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
14 CVE-2011-0154 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, does not properly implement the .sort function for JavaScript arrays, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
15 CVE-2011-0153 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
16 CVE-2011-0152 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
17 CVE-2011-0151 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
18 CVE-2011-0150 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
19 CVE-2011-0149 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly parse HTML elements associated with document namespaces, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to a "dangling pointer" and iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
20 CVE-2011-0148 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
21 CVE-2011-0147 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
22 CVE-2011-0146 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
23 CVE-2011-0145 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
24 CVE-2011-0144 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
25 CVE-2011-0143 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
26 CVE-2011-0142 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
27 CVE-2011-0141 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
28 CVE-2011-0140 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
29 CVE-2011-0139 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
30 CVE-2011-0138 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
31 CVE-2011-0137 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
32 CVE-2011-0136 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
33 CVE-2011-0135 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
34 CVE-2011-0134 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
35 CVE-2011-0133 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly access glyph data during layout actions for floating blocks associated with pseudo-elements, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
36 CVE-2011-0132 399 DoS Exec Code Mem. Corr. 2011-03-03 2011-03-17
7.6
None Remote High Not required Complete Complete Complete
Use-after-free vulnerability in the Runin box functionality in the Cascading Style Sheets (CSS) 2.1 Visual Formatting Model implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
37 CVE-2011-0131 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
38 CVE-2011-0130 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
39 CVE-2011-0129 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
40 CVE-2011-0128 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
41 CVE-2011-0127 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
42 CVE-2011-0126 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
43 CVE-2011-0125 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
44 CVE-2011-0124 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
45 CVE-2011-0123 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
46 CVE-2011-0122 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
47 CVE-2011-0121 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
48 CVE-2011-0120 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
49 CVE-2011-0119 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
50 CVE-2011-0118 119 DoS Exec Code Overflow Mem. Corr. 2011-03-03 2017-09-18
7.6
None Remote High Not required Complete Complete Complete
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Total number of vulnerabilities : 62   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.