CVE-2013-0993
https://notcve.org/view.php?id=CVE-2013-0993
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. WebKit, usado en Apple iTunes anterior a 11.0.3, permite a atacantes man-in-the-middle la ejecución de código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de vectores relacionados con la navegación en la iTunes Store. Vulnerabilidad distinta de otros CVEs listados en APPLE-SA-2013-05-16-1. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html http://lists.apple.com/archives/security-announce/2013/May/msg00000.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5766 http://support.apple.com/kb/HT5785 http://support.apple.com/kb/HT5934 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17009 • CWE-399: Resource Management Errors •
CVE-2013-0992
https://notcve.org/view.php?id=CVE-2013-0992
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. WebKit, usado en Apple iTunes anterior a 11.0.3, permite a atacantes man-in-the-middle la ejecución de código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de vectores relacionados con la navegación en la iTunes Store. Vulnerabilidad distinta de otros CVEs listados en APPLE-SA-2013-05-16-1. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html http://lists.apple.com/archives/security-announce/2013/May/msg00000.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5766 http://support.apple.com/kb/HT5785 http://support.apple.com/kb/HT5934 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17621 • CWE-399: Resource Management Errors •
CVE-2013-1014
https://notcve.org/view.php?id=CVE-2013-1014
Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate. Apple iTunes anterior a 11.0.3 no verifica adecuadamente los certificados X.509, lo que permite a atacantes man-in-the-middle suplantar los servidores HTTPS a través de un certificado arbitrario válido. • http://lists.apple.com/archives/security-announce/2013/May/msg00000.html http://support.apple.com/kb/HT5766 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17605 • CWE-20: Improper Input Validation •
CVE-2012-3614
https://notcve.org/view.php?id=CVE-2012-3614
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. WebKit, como se utiliza en Apple iTunes anterior a v10.7, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web diseñado, una vulnerabilidad diferente a otros WebKit CVE listados en APPLE-SA-2012-09-12-1. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html http://osvdb.org/85408 http://support.apple.com/kb/HT5485 http://support.apple.com/kb/HT5502 http://support.apple.com/kb/HT5503 http://www.securityfocus.com/bid/55534 https://exchange.xforce.ibmcloud.com/vulnerabilities/78513 https://oval.cisecurity.org/repository •
CVE-2012-3707
https://notcve.org/view.php?id=CVE-2012-3707
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. WebKit, tal como se utiliza en el iTunes de Apple anterior a v10.7, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web diseñado, una vulnerabilidad diferente a otros WebKit CVE listados en APPLE-SA-2012-09-12-1. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html http://osvdb.org/85390 http://support.apple.com/kb/HT5485 http://support.apple.com/kb/HT5502 http://www.securityfocus.com/bid/55534 https://exchange.xforce.ibmcloud.com/vulnerabilities/78520 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17064 •