CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32351
https://notcve.org/view.php?id=CVE-2023-32351
A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to gain elevated privileges. • https://support.apple.com/en-us/HT213763 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-32353
https://notcve.org/view.php?id=CVE-2023-32353
A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to elevate privileges. • https://github.com/86x/CVE-2023-32353-PoC https://support.apple.com/en-us/HT213763 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26774
https://notcve.org/view.php?id=CVE-2022-26774
A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges. Se abordó un problema de lógica con una administración de estados mejorada. Este problema es corregido en iTunes versión 12.12.4 para Windows. • https://support.apple.com/en-us/HT213259 •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2022-26773 – Apple iTunes Incorrect Permission Assignment Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-26773
A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application may be able to delete files for which it does not have permission. Se abordó un problema lógico con una administración de estados mejorada. Este problema es corregido en iTunes versión 12.12.4 para Windows. • https://support.apple.com/en-us/HT213259 •
CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0CVE-2022-26711 – Apple macOS ImageIO WebP File Parsing Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-26711
An integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5, iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. Se abordó un problema de desbordamiento de enteros con una comprobación de entradas mejorada. Este problema es corregido en tvOS versión 15.5, iTunes versión 12.12.4 para Windows, iOS versión 15.5 y iPadOS versión 15.5, watchOS versión 8.6, macOS Monterey versión 12.4. • https://support.apple.com/en-us/HT213253 https://support.apple.com/en-us/HT213254 https://support.apple.com/en-us/HT213257 https://support.apple.com/en-us/HT213258 https://support.apple.com/en-us/HT213259 • CWE-190: Integer Overflow or Wraparound •