CVSS: 7.6EPSS: 0%CPEs: 73EXPL: 0CVE-2011-0131
https://notcve.org/view.php?id=CVE-2011-0131
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. WebKit, tal como se utiliza en el iTunes de Apple antes de v10.2 para Windows, permite a los atacantes "man-in-the-middle" ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria y caída de la aplicación)a través de vectores relacionados con la navegación de la tienda iTunes, una vulnerabilidad diferente a los CVE listados en APPLE-SA-2011-03-02-1. • http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html http://support.apple.com/kb/HT4554 http://support.apple.com/kb/HT4564 http://support.apple.com/kb/HT4566 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17094 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 0%CPEs: 73EXPL: 0CVE-2011-0141
https://notcve.org/view.php?id=CVE-2011-0141
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. WebKit, tal como se utiliza en el iTunes de Apple antes de v10.2 para Windows, permite a los atacantes "man-in-the-middle" ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria y caída de la aplicación)a través de vectores relacionados con la navegación de la tienda iTunes, una vulnerabilidad diferente a los CVE listados en APPLE-SA-2011-03-02-1. • http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html http://support.apple.com/kb/HT4554 http://support.apple.com/kb/HT4564 http://support.apple.com/kb/HT4566 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16730 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 0%CPEs: 73EXPL: 0CVE-2011-0120
https://notcve.org/view.php?id=CVE-2011-0120
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. WebKit, tal como se utiliza en el iTunes de Apple antes de v10.2 para Windows, permite a los atacantes "man-in-the-middle" ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria y caída de la aplicación)a través de vectores relacionados con la navegación de la tienda iTunes, una vulnerabilidad diferente a los CVE listados en APPLE-SA-2011-03-02-1. • http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html http://support.apple.com/kb/HT4554 http://support.apple.com/kb/HT4564 http://support.apple.com/kb/HT4566 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17373 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 0%CPEs: 73EXPL: 0CVE-2011-0113
https://notcve.org/view.php?id=CVE-2011-0113
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. WebKit, tal como se utiliza en el Apple iTunes anterior a v10.2 en Windows, permite a atacantes de hombre en medio (man-in-the-middle) ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de vectores relacionados con la navegación por la iTunes Store, una vulnerabilidad diferente a otros CVEs listados en APPLE-SA-2011-03-02-1. • http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html http://support.apple.com/kb/HT4554 http://support.apple.com/kb/HT4564 http://support.apple.com/kb/HT4566 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17070 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 1%CPEs: 73EXPL: 0CVE-2011-0149 – Apple Webkit Root HTMLBRElement Style Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0149
WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly parse HTML elements associated with document namespaces, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to a "dangling pointer" and iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. WebKit, tal como se utiliza en el iTunes de Apple antes de v10.2 para Windows, no implementa correctamente el análisis de elementos HTML asociados con los nombres de espacio de documentos, lo que permite a los atacantes "man-in-the-middle" ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria y bloqueo de la aplicación)a través de vectores relacionados con un "dangling pointer" y la navegación de la tienda iTunes, una vulnerabilidad diferente a los CVE listados en APPLE-SA-2011-03-02-1. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a specially formatted HTML file. When parsing a particular element that also defines the namespace of the document, the library will call a dangling pointer which is consistent but unmapped. • http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html http://support.apple.com/kb/HT4554 http://support.apple.com/kb/HT4564 http://support.apple.com/kb/HT4566 http://www.zerodayinitiative.com/advisories/ZDI-11-100 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17241 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •