Vulnerabilities > Apple
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-10-12 | CVE-2011-3236 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes and Webkit WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. | 7.6 |
| 2011-10-12 | CVE-2011-3235 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes and Webkit WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. | 7.6 |
| 2011-10-12 | CVE-2011-3233 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes and Webkit WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. | 7.6 |
| 2011-10-12 | CVE-2011-3219 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding. | 9.3 |
| 2011-10-12 | CVE-2011-0259 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes CoreFoundation, as used in Apple iTunes before 10.5, does not properly perform string tokenization, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | 7.6 |
| 2011-09-22 | CVE-2011-2444 | Cross-Site Scripting vulnerability in Adobe Flash Player Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as exploited in the wild in September 2011. | 4.3 |
| 2011-09-22 | CVE-2011-2430 | Improper Input Validation vulnerability in Adobe Flash Player Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to execute arbitrary code via crafted streaming media, related to a "logic error vulnerability." | 9.3 |
| 2011-09-22 | CVE-2011-2429 | Permissions, Privileges, and Access Controls vulnerability in Adobe Flash Player Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, related to a "security control bypass." | 5.0 |
| 2011-09-22 | CVE-2011-2428 | Improper Input Validation vulnerability in Adobe Flash Player Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service (browser crash) via unspecified vectors, related to a "logic error issue." | 9.3 |
| 2011-09-22 | CVE-2011-2427 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Flash Player Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) component in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service via unspecified vectors. | 9.3 |