Vulnerabilities > Apple > Itunes > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-10-23 | CVE-2015-6975 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and mac OS X CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6992 and CVE-2015-7017. | 7.5 |
| 2015-09-18 | CVE-2015-5874 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. | 7.5 |
| 2015-05-28 | CVE-2015-1157 | Code vulnerability in Apple Iphone OS, Itunes and mac OS X CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2) a WhatsApp message. | 7.8 |
| 2015-05-25 | CVE-2014-8146 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text. | 7.5 |
| 2014-12-10 | CVE-2014-4466 | Resource Management Errors vulnerability in Apple products WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1. | 7.5 |
| 2012-09-13 | CVE-2012-3703 | Memory Corruption vulnerability in WebKit WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. network apple | 8.3 |
| 2012-03-30 | CVE-2011-3064 | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG clipping. | 7.5 |
| 2012-03-08 | CVE-2012-0648 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes and Webkit WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. | 7.6 |
| 2012-03-08 | CVE-2012-0639 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes and Webkit WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. | 7.6 |
| 2012-03-08 | CVE-2012-0638 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes and Webkit WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. | 7.6 |