Vulnerabilities > Apple > Itunes > 11.0.5

DATE CVE VULNERABILITY TITLE RISK
2014-12-10 CVE-2014-4469 Resource Management Errors vulnerability in Apple products
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
network
apple CWE-399
6.8
2014-12-10 CVE-2014-4468 Resource Management Errors vulnerability in Apple products
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
network
apple CWE-399
6.8
2014-12-10 CVE-2014-4466 Resource Management Errors vulnerability in Apple products
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
network
low complexity
apple CWE-399
7.5
2014-11-18 CVE-2014-4459 Memory Corruption vulnerability in WebKit
Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.
network
apple
6.8
2014-11-18 CVE-2014-4452 Resource Management Errors vulnerability in Apple products
WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462.
5.4
2014-05-18 CVE-2014-1347 Permissions, Privileges, and Access Controls vulnerability in Apple Itunes
Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary user accounts, via standard filesystem operations.
local
apple CWE-264
4.4
2014-04-02 CVE-2014-1301 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes and Safari
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-04-01-1.
network
apple CWE-119
6.8
2014-01-23 CVE-2014-1242 Cryptographic Issues vulnerability in Apple Itunes
Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, which allows man-in-the-middle attackers to spoof content by gaining control over the client-server data stream.
network
apple CWE-310
5.8
2013-12-18 CVE-2013-5228 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
network
apple CWE-119
6.8
2013-12-18 CVE-2013-5225 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
network
apple CWE-119
6.8