CVE-2011-2356
https://notcve.org/view.php?id=CVE-2011-2356
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. WebKit, tal como se usa en Apple iTunes en versiones anteriores a 10.5, permite a atacantes "man-in-the-middle" ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de vectores relacionados con la navegación en el iTunes Store. Una vulnerabilidad distinta a las de otros CVEs listados en APPLE-SA-2011-10-11-1. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://osvdb.org/76341 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://support.apple.com/kb/HT5000 http://www.securityfocus.com/bid/50066 https://exchange.xforce.ibmcloud.com/vulnerabilities/70500 https://oval.cisecurity.org • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-2831
https://notcve.org/view.php?id=CVE-2011-2831
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. WebKit, como el usado en iTunes de Apple anterior a v10.5, permite que atacantes de man-in-the-middle ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de vectores relacionados con la navegación en iTunes Store, una vulnerabilidad diferente a otros CVEa que figuran en APPLE-SA -2011-10-11-1. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://support.apple.com/kb/HT5000 http://www.securityfocus.com/bid/50066 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17317 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-2820
https://notcve.org/view.php?id=CVE-2011-2820
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. WebKit, como el usado en iTunes de Apple anterior a v10.5, permite que atacantes de man-in-the-middle ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de vectores relacionados con la navegación en iTunes Store, una vulnerabilidad diferente a otros CVEa que figuran en APPLE-SA -2011-10-11-1. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://support.apple.com/kb/HT5000 http://www.securityfocus.com/bid/50066 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17211 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-3235
https://notcve.org/view.php?id=CVE-2011-3235
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. WebKit, como el usado en iTunes de Apple anterior a v10.5, permite que atacantes de man-in-the-middle ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de vectores relacionados con la navegación en iTunes Store, una vulnerabilidad diferente a otros CVEa que figuran en APPLE-SA -2011-10-11-1. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html http://osvdb.org/76349 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT4999 http://support.apple.com/kb/HT5000 http://www.securityfocus.com/bid/50066 https://exchange.xforce.ibmcloud.com/vulnerabilities/70512 https://oval.cisecurity.org • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-3252 – Apple Quicktime Advanced Audio Codec Frame Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3252
Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Advanced Audio Coding (AAC) stream. Desbordamiento de búfer en CoreAudio, como el que se utiliza en iTunes de Apple anterior a v10.5, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un envío de datos manipulado Advanced Audio Coding (AAC). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. Authentication is not required to exploit this vulnerability. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses an audio stream encoded with the advanced audio codec. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://osvdb.org/76381 http://support.apple.com/kb/HT4981 http://support.apple.com/kb/HT5130 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16784 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •