CVSS: 7.6EPSS: 0%CPEs: 59EXPL: 0CVE-2011-3238
https://notcve.org/view.php?id=CVE-2011-3238
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. WebKit, tal como se usa en Apple iTunes en versiones anteriores a 10.5, permite a atacantes "man-in-the-middle" ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de vectores relacionados con la navegación del iTunes Store. Una vulnerabilidad distinta a las de otros CVEs listados en APPLE-SA-2011-10-11-1. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://osvdb.org/76384 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT5000 http://www.securityfocus.com/bid/50066 https://exchange.xforce.ibmcloud.com/vulnerabilities/70515 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17212 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 0%CPEs: 59EXPL: 0CVE-2011-3244
https://notcve.org/view.php?id=CVE-2011-3244
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. WebKit, como el que se utiliza en iTunes de Apple anterior a v10.5, permite a atacantes man-in-the-middle ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de vectores relacionados con la navegación en iTunes Store, una vulnerabilidad diferente a otros CVEs que aparecen en APPLE-SA-2011-10-11-1. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://osvdb.org/76352 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://www.securityfocus.com/bid/50066 https://exchange.xforce.ibmcloud.com/vulnerabilities/70518 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17355 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 5%CPEs: 76EXPL: 0CVE-2011-3219 – Apple QuickTime H264 Stream frame_cropping Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3219
Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding. Desbordamiento de buffer en CoreMedia, tal como se usa en Apple iTunes en versiones anteriores a 10.5, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través de un fichero multimedia codificado con H.264. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles H.264 streams. When parsing the Sequence Parameter Set data for a H.264 stream it reads the frame cropping offset fields. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://osvdb.org/76374 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT5002 http://support.apple.com/kb/HT5016 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17228 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 7%CPEs: 76EXPL: 0CVE-2011-3252 – Apple Quicktime Advanced Audio Codec Frame Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3252
Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Advanced Audio Coding (AAC) stream. Desbordamiento de búfer en CoreAudio, como el que se utiliza en iTunes de Apple anterior a v10.5, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un envío de datos manipulado Advanced Audio Coding (AAC). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. Authentication is not required to exploit this vulnerability. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses an audio stream encoded with the advanced audio codec. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://osvdb.org/76381 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT5130 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16784 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 0%CPEs: 59EXPL: 0CVE-2011-2809
https://notcve.org/view.php?id=CVE-2011-2809
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. WebKit, como el usado en iTunes de Apple anterior a v10.5, permite que atacantes man-in-the-middle ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de vectores relacionados con la navegación en iTunes Store, una vulnerabilidad diferente a otros CVEs que figuran en APPLE-SA -2011-10-11-1. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://support.apple.com/kb/HT5000 http://www.securityfocus.com/bid/50066 https://exchange.xforce.ibmcloud.com/vulnerabilities/70502 https://oval.cisecurity.org/repository/search/definition/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •