Vulnerabilities > Apple > Itunes > 6.0.4.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-03-14 | CVE-2009-0016 | Improper Input Validation vulnerability in Apple Itunes Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header. | 5.0 |
2008-09-11 | CVE-2008-3636 | Numeric Errors vulnerability in Apple Itunes Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. | 7.2 |
2008-09-11 | CVE-2008-3634 | Information Exposure vulnerability in Apple Itunes Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator were given better information. | 2.6 |
2008-08-01 | CVE-2008-3434 | Code Injection vulnerability in Apple Itunes Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | 7.5 |