Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:apple:itunes:7.0.2:-:windows
There are 864 matching records.
Displaying matches 841 through 860.
Vuln ID Summary CVSS Severity
CVE-2011-1109

Google Chrome before 9.0.597.107 does not properly process nodes in Cascading Style Sheets (CSS) stylesheets, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

Published: March 01, 2011; 6:00:03 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-0983

Google Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

Published: February 10, 2011; 2:00:02 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2011-0981

Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

Published: February 10, 2011; 2:00:02 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-4494

Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

Published: December 07, 2010; 4:00:09 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-4008

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.

Published: November 16, 2010; 8:00:02 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-1824

Use-after-free vulnerability in WebKit, as used in Apple iTunes before 10.2 on Windows, Apple Safari, and Google Chrome before 6.0.472.59, allows remote attackers to execute arbitrary code or cause a denial of service via vectors related to SVG styles, the DOM tree, and error messages.

Published: September 24, 2010; 3:00:04 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1823

Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098.

Published: September 24, 2010; 3:00:04 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1795

Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory.

Published: August 20, 2010; 4:00:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1777

Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL.

Published: July 30, 2010; 9:26:13 AM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-2249

Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.

Published: June 30, 2010; 2:30:01 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2010-1205

Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.

Published: June 30, 2010; 2:30:01 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2010-1769

WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, accesses out-of-bounds memory during the handling of tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, a different vulnerability than CVE-2010-1387 and CVE-2010-1763.

Published: June 18, 2010; 12:30:01 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2010-1763

Unspecified vulnerability in WebKit in Apple iTunes before 9.2 on Windows has unknown impact and attack vectors, a different vulnerability than CVE-2010-1387 and CVE-2010-1769.

Published: June 18, 2010; 12:30:01 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2010-1387

Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769.

Published: June 18, 2010; 12:30:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-0532

Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse.

Published: March 31, 2010; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2010-0531

Apple iTunes before 9.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 podcast file.

Published: March 31, 2010; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-2817

Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .pls file.

Published: September 24, 2009; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2009-0950

Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon.

Published: June 02, 2009; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2009-0143

Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication request, which makes it easier for remote podcast servers to trick a user into providing a username and password when subscribing to a crafted podcast.

Published: March 14, 2009; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-0016

Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header.

Published: March 14, 2009; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM