CVE-2011-2339
https://notcve.org/view.php?id=CVE-2011-2339
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. WebKit, tal como se usa en Apple iTunes en versiones anteriores a 10.5, permite a atacantes "man-in-the-middle" ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de vectores relacionados con la navegación en el iTunes Store. Una vulnerabilidad distinta a las de otros CVEs listados en APPLE-SA-2011-10-11-1. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://support.apple.com/kb/HT5000 http://www.securityfocus.com/bid/50066 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17020 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-2352
https://notcve.org/view.php?id=CVE-2011-2352
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. WebKit, tal como se usa en Apple iTunes en versiones anteriores a 10.5, permite a atacantes "man-in-the-middle" ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de vectores relacionados con la navegación en el iTunes Store. Una vulnerabilidad distinta a las de otros CVEs listados en APPLE-SA-2011-10-11-1. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://osvdb.org/76339 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://support.apple.com/kb/HT5000 http://www.securityfocus.com/bid/50066 https://exchange.xforce.ibmcloud.com/vulnerabilities/70496 https://oval.cisecurity.org • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-3238
https://notcve.org/view.php?id=CVE-2011-3238
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. WebKit, tal como se usa en Apple iTunes en versiones anteriores a 10.5, permite a atacantes "man-in-the-middle" ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de vectores relacionados con la navegación del iTunes Store. Una vulnerabilidad distinta a las de otros CVEs listados en APPLE-SA-2011-10-11-1. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://osvdb.org/76384 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT5000 http://www.securityfocus.com/bid/50066 https://exchange.xforce.ibmcloud.com/vulnerabilities/70515 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17212 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-3244
https://notcve.org/view.php?id=CVE-2011-3244
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. WebKit, como el que se utiliza en iTunes de Apple anterior a v10.5, permite a atacantes man-in-the-middle ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de vectores relacionados con la navegación en iTunes Store, una vulnerabilidad diferente a otros CVEs que aparecen en APPLE-SA-2011-10-11-1. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://osvdb.org/76352 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://www.securityfocus.com/bid/50066 https://exchange.xforce.ibmcloud.com/vulnerabilities/70518 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17355 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-3219 – Apple QuickTime H264 Stream frame_cropping Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3219
Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding. Desbordamiento de buffer en CoreMedia, tal como se usa en Apple iTunes en versiones anteriores a 10.5, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través de un fichero multimedia codificado con H.264. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles H.264 streams. When parsing the Sequence Parameter Set data for a H.264 stream it reads the frame cropping offset fields. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://osvdb.org/76374 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT5002 http://support.apple.com/kb/HT5016 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17228 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •