Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Itunes
(Apple)| Repositories | https://github.com/WebKit/webkit |
| #Vulnerabilities | 913 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2010-08-20 | CVE-2010-1768 | Unspecified vulnerability in Apple iTunes before 9.1 allows local users to gain console privileges via vectors related to log files, "insecure file operation," and syncing an iPhone, iPad, or iPod touch. | Itunes | N/A | ||
| 2010-06-18 | CVE-2010-1763 | Unspecified vulnerability in WebKit in Apple iTunes before 9.2 on Windows has unknown impact and attack vectors, a different vulnerability than CVE-2010-1387 and CVE-2010-1769. | Itunes | N/A | ||
| 2010-03-31 | CVE-2010-0532 | Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse. | Itunes | N/A | ||
| 2010-03-31 | CVE-2010-0531 | Apple iTunes before 9.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 podcast file. | Itunes | N/A | ||
| 2009-09-24 | CVE-2009-2817 | Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .pls file. | Itunes | N/A | ||
| 2009-06-02 | CVE-2009-0950 | Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon. | Itunes | N/A | ||
| 2009-03-14 | CVE-2009-0143 | Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication request, which makes it easier for remote podcast servers to trick a user into providing a username and password when subscribing to a crafted podcast. | Itunes | N/A | ||
| 2009-03-14 | CVE-2009-0016 | Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header. | Itunes | N/A | ||
| 2008-12-10 | CVE-2008-5406 | Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with "long arguments," related to an "off by one overflow." | Itunes, Quicktime | N/A | ||
| 2008-09-18 | CVE-2008-4116 | Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 or (3) .mov file, possibly related to the Check_stack_cookie function and an off-by-one error that leads to a heap-based buffer overflow. | Itunes, Quicktime | N/A |