NotCVE - vendor:"Apple" product:"Itunes"

Page 3 of 923 results (0.019 seconds)

CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 1

CVE-2021-30862 – Apple Security Advisory 2021-09-20-9

https://notcve.org/view.php?id=CVE-2021-30862

24 Aug 2021 — A validation issue was addressed with improved input sanitization. This issue is fixed in iTunes U 3.8.3. Processing a maliciously crafted URL may lead to arbitrary javascript code execution. Se abordó un problema de comprobación con un saneamiento de entrada mejorada. Este problema se corrigió en iTunes U versión 3.8.3. • https://github.com/Umarovm/CVE-2021-30862 • CWE-20: Improper Input Validation •

CVSS: 6.5EPSS: 0%CPEs: 36EXPL: 0

CVE-2021-1811 – Apple Security Advisory 2021-04-26-2

https://notcve.org/view.php?id=CVE-2021-1811

28 Apr 2021 — A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted font may result in the disclosure of process memory. Se abordó un problema lógico con una administración de estado mejorada. Este problema se corrigió en iTunes versión 12.11.3 para Windows, Security Updat... • https://support.apple.com/en-us/HT212317 •

CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 0

CVE-2021-1825 – webkitgtk: Input validation issue leading to cross site scripting attack

https://notcve.org/view.php?id=CVE-2021-1825

28 Apr 2021 — An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site scripting attack. Se abordó un problema de comprobación de entradas con una comprobación de entrada mejorada. Este problema se corrigió en iTunes versión 12.11.3 para Windows, iCloud para Windows versión 12.3, mac... • https://support.apple.com/en-us/HT212317 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 48EXPL: 0

CVE-2021-1857 – Apple Security Advisory 2021-04-26-2

https://notcve.org/view.php?id=CVE-2021-1857

28 Apr 2021 — A memory initialization issue was addressed with improved memory handling. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may disclose sensitive user information. Se abordó un problema de inicialización de memoria con un manejo de la memoria mejorada. Este problema se corrigió en iTunes versión 12.11.... • https://support.apple.com/en-us/HT212317 • CWE-665: Improper Initialization •

CVSS: 5.5EPSS: 0%CPEs: 34EXPL: 0

CVE-2020-7463 – Apple Security Advisory 2021-04-26-2

https://notcve.org/view.php?id=CVE-2020-7463

26 Mar 2021 — In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-free situation may result in unintended kernel behaviour including a kernel panic. En FreeBSD versiones 12.1-STABLE anteriores a r364644, 11.4-STABLE anteriores a r364651, 12.1-RELEASE anteriores a p9, 11.4-RELEASE a... • http://seclists.org/fulldisclosure/2021/Apr/49 • CWE-416: Use After Free •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-27895

https://notcve.org/view.php?id=CVE-2020-27895

08 Dec 2020 — An information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling. This issue is fixed in iTunes 12.11 for Windows. A malicious application may be able to access local users Apple IDs. Se presentó un problema de divulgación de información en la transición del estado del programa. • https://support.apple.com/en-us/HT211933 •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

CVE-2020-9999 – Apple macOS CoreText MorxLigatureSubtableBuilder TTF Parsing Out-of-Bounds Write Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2020-9999

08 Dec 2020 — A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iTunes for Windows 12.10.9. Processing a maliciously crafted text file may lead to arbitrary code execution. Se abordó un problema de corrupción de la memoria con una administración de estado mejorada. Este problema se corrigió en MacOS Big Sur versión 11.0.1, iTunes para Windows versión 12.10.9. • http://seclists.org/fulldisclosure/2020/Dec/32 • CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0

CVE-2020-9947 – Apple Safari RenderObject Use-After-Free Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2020-9947

13 Nov 2020 — A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de uso de la memoria previamente liberada con una administración de la memoria mejorada. Este problema se corrigió en watchOS versión 7.0, iOS versión 14.0 e iPadOS versión 14.0, iTunes para Windows v... • http://www.openwall.com/lists/oss-security/2021/03/22/1 • CWE-416: Use After Free •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2020-9849 – Apple Security Advisory 2020-11-13-3

https://notcve.org/view.php?id=CVE-2020-9849

13 Nov 2020 — An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0. A remote attacker may be able to leak memory. Se abordó un problema de divulgación de información con una administración de estado mejorada. Este problema se corrigió en macOS Big Sur versión 11.0.1, watchOS versión 7.0, iOS versión 14.0 y iPadOS versión 14.0, iTunes para Windows versi... • http://seclists.org/fulldisclosure/2020/Dec/32 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 0

CVE-2020-9981 – Apple Security Advisory 2020-11-13-3

https://notcve.org/view.php?id=CVE-2020-9981

13 Nov 2020 — A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted file may lead to arbitrary code execution. Se abordó un uso de la memoria previamente liberada con una administración de la memoria mejorada. Este problema se corrigió en watchOS versión 7... • https://support.apple.com/en-us/HT211843 • CWE-416: Use After Free •

1 2 3 4 5