Summary
| Detail | |||
|---|---|---|---|
| Vendor | Apple | First view | 2005-05-02 |
| Product | Itunes | Last view | 2021-09-08 |
| Version | Type | Application | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 6.5 | 2021-09-08 | CVE-2021-1857 | A memory initialization issue was addressed with improved memory handling. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may disclose sensitive user information. |
| 6.1 | 2021-09-08 | CVE-2021-1825 | An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site scripting attack. |
| 6.5 | 2021-09-08 | CVE-2021-1811 | A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted font may result in the disclosure of process memory. |
| 5.5 | 2021-03-26 | CVE-2020-7463 | In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-free situation may result in unintended kernel behaviour including a kernel panic. |
| 7.8 | 2020-12-08 | CVE-2020-9999 | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iTunes for Windows 12.10.9. Processing a maliciously crafted text file may lead to arbitrary code execution. |
| 7.8 | 2020-12-08 | CVE-2020-9981 | A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted file may lead to arbitrary code execution. |
| 8.8 | 2020-12-08 | CVE-2020-9947 | A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. |
| 6.5 | 2020-12-08 | CVE-2020-9849 | An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0. A remote attacker may be able to leak memory. |
| 7.8 | 2020-12-08 | CVE-2020-27932 | A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to execute arbitrary code with kernel privileges. |
| 7.8 | 2020-12-08 | CVE-2020-27918 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. |
| 7.8 | 2020-12-08 | CVE-2020-27917 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to code execution. |
| 7.8 | 2020-12-08 | CVE-2020-27912 | An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution. |
| 7.8 | 2020-12-08 | CVE-2020-27911 | An integer overflow was addressed through improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. |
| 3.3 | 2020-12-08 | CVE-2020-27895 | An information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling. This issue is fixed in iTunes 12.11 for Windows. A malicious application may be able to access local users Apple IDs. |
| 5.5 | 2020-12-08 | CVE-2020-10002 | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A local user may be able to read arbitrary files. |
| 7.8 | 2020-10-27 | CVE-2020-3864 | A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin. |
| 4.3 | 2020-10-27 | CVE-2019-8898 | An information disclosure issue existed in the handling of the Storage Access API. This issue was addressed with improved logic. This issue is fixed in iOS 13.3 and iPadOS 13.3, tvOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows. Visiting a maliciously crafted website may reveal sites a user has visited. |
| 7.8 | 2020-10-27 | CVE-2019-8848 | This issue was addressed with improved checks. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An application may be able to gain elevated privileges. |
| 8.8 | 2020-10-27 | CVE-2019-8846 | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. |
| 8.8 | 2020-10-27 | CVE-2019-8844 | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. |
| 8.8 | 2020-10-27 | CVE-2019-8835 | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution. |
| 4.3 | 2020-10-27 | CVE-2019-8834 | A configuration issue was addressed with additional restrictions. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An attacker in a privileged network position may be able to bypass HSTS for a limited number of specific top-level domains previously not in the HSTS preload list. |
| 4.3 | 2020-10-27 | CVE-2019-8827 | The HTTP referrer header may be used to leak browsing history. The issue was resolved by downgrading all third party referrers to their origin. This issue is fixed in Safari 13.0.3, iTunes 12.10.2 for Windows, iCloud for Windows 10.9.2, tvOS 13.2, iOS 13.2 and iPadOS 13.2, iCloud for Windows 7.15. Visiting a maliciously crafted website may reveal the sites a user has visited. |
| 8.8 | 2020-10-27 | CVE-2019-8825 | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 10.7, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, iCloud for Windows 7.14, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. |
| 8.8 | 2020-10-27 | CVE-2019-8773 | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, iCloud for Windows 7.14, tvOS 13, watchOS 6, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 46% (281) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 17% (105) | CWE-787 | Out-of-bounds Write |
| 12% (74) | CWE-416 | Use After Free |
| 7% (43) | CWE-399 | Resource Management Errors |
| 2% (18) | CWE-125 | Out-of-bounds Read |
| 2% (16) | CWE-20 | Improper Input Validation |
| 2% (14) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 1% (10) | CWE-200 | Information Exposure |
| 1% (7) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
| 0% (4) | CWE-190 | Integer Overflow or Wraparound |
| 0% (3) | CWE-704 | Incorrect Type Conversion or Cast |
| 0% (3) | CWE-264 | Permissions, Privileges, and Access Controls |
| 0% (3) | CWE-189 | Numeric Errors |
| 0% (2) | CWE-426 | Untrusted Search Path |
| 0% (2) | CWE-362 | Race Condition |
| 0% (2) | CWE-346 | Origin Validation Error |
| 0% (2) | CWE-310 | Cryptographic Issues |
| 0% (1) | CWE-670 | Always-Incorrect Control Flow Implementation |
| 0% (1) | CWE-665 | Improper Initialization |
| 0% (1) | CWE-552 | Files or Directories Accessible to External Parties |
| 0% (1) | CWE-415 | Double Free |
| 0% (1) | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory L... |
| 0% (1) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
| 0% (1) | CWE-284 | Access Control (Authorization) Issues |
| 0% (1) | CWE-134 | Uncontrolled Format String |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-38 | Leveraging/Manipulating Configuration File Search Paths |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:17304 | Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute... |
| oval:org.mitre.oval:def:16978 | Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of... |
| oval:org.mitre.oval:def:17303 | Heap-based buffer overflow in Apple iTunes before 7.4 allows remote attackers... |
| oval:org.mitre.oval:def:17136 | Apple iTunes before 10.5.1 does not properly verify the authenticity of updat... |
| oval:org.mitre.oval:def:6035 | Apple iTunes Local Privilege Escalation Vulnerability |
| oval:org.mitre.oval:def:7995 | Apple iTunes Filetype Remote Off-By-One Stack Buffer Overflow Vulnerability |
| oval:org.mitre.oval:def:6113 | Apple iTunes Filetype Remote Off-By-One Stack Buffer Overflow Vulnerability |
| oval:org.mitre.oval:def:5936 | Apple QuickTime Filetype Remote Off-By-One Stack Buffer Overflow Vulnerability |
| oval:org.mitre.oval:def:6001 | Apple iTunes Denial of Service Vulnerability |
| oval:org.mitre.oval:def:5336 | Apple iTunes Information Disclosure Vulnerability |
| oval:org.mitre.oval:def:17099 | Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attacker... |
| oval:org.mitre.oval:def:6290 | Apple iTunes '.pls' File Buffer Overflow Vulnerability |
| oval:org.mitre.oval:def:7427 | Apple iTunes MP4 File Processing Denial of Service Vulnerability |
| oval:org.mitre.oval:def:7110 | Apple iTunes Install or Update Privilege Escalation Vulnerability |
| oval:org.mitre.oval:def:7061 | Apple iTunes JavaScriptCore Page Transitions Denial Of Service Vulnerability |
| oval:org.mitre.oval:def:7221 | Apple iTunes Webkit Unspecified Vulnerability |
| oval:org.mitre.oval:def:7178 | Apple iTunes Crafted itpc: URL Buffer Overflow Vulnerability |
| oval:org.mitre.oval:def:11851 | Mozilla Firefox/Thunderbird/SeaMonkey 'libpng' Buffer Overflow Vulnerability |
| oval:org.mitre.oval:def:22383 | RHSA-2010:0534: libpng security update (Important) |
| oval:org.mitre.oval:def:13405 | USN-960-1 -- libpng vulnerabilities |
| oval:org.mitre.oval:def:13338 | DSA-2072-1 libpng -- several |
| oval:org.mitre.oval:def:11512 | DSA-2072 libpng -- several vulnerabilities |
| oval:org.mitre.oval:def:23184 | ELSA-2010:0534: libpng security update (Important) |
| oval:org.mitre.oval:def:6988 | Apple iTunes Crafted itpc: URL Buffer Overflow Vulnerability |
| oval:org.mitre.oval:def:7604 | Apple iTunes Log File Insecure File Operation Local Privilege Escalation Vuln... |
SAINT Exploits
| Description | Link |
|---|---|
| Apple iTunes itms: URL buffer overflow | More info here |
| iTunes m3u Playlist Overflow | More info here |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 78547 | Google Chrome Tree Builder Remote Overflow |
| 78544 | Google Chrome Use-after-free DOM Selections Unspecified Remote DoS |
| 77715 | Google Chrome Range Handling Use-after-free Remote Code Execution |
| 77711 | Google Chrome CSS Property Array Unspecified Remote Memory Corruption |
| 77710 | Google Chrome SVG Parsing Out-of-bounds Read Remote DoS |
| 77037 | Google Chrome Editing Unspecified Use-after-free Remote Issue |
| 76559 | Google Chrome Use-after-free Plug-ins and Editing Remote Code Execution |
| 76556 | Google Chrome Multiple Use-after-free Stale Style Sheet Handling Remote Code ... |
| 76387 | Apple iTunes WebKit Store Browsing MitM Weakness Memory Corruption (2011-3241) |
| 76386 | Apple iTunes WebKit Store Browsing MitM Weakness Memory Corruption (2011-3239) |
| 76385 | Apple iTunes WebKit Store Browsing MitM Weakness Memory Corruption (2011-2811) |
| 76384 | Apple iTunes WebKit Store Browsing MitM Weakness Memory Corruption (2011-3238) |
| 76383 | Apple iTunes WebKit Store Browsing MitM Weakness Memory Corruption (2011-3233) |
| 76382 | Apple iTunes WebKit Store Browsing MitM Weakness Memory Corruption (2011-2815) |
| 76381 | Apple iTunes CoreAudio Audio Stream Handling Overflow |
| 76374 | Apple Mac OS X QuickTime H.264 Movie File Handling Overflow |
| 76352 | Apple iOS WebKit Website Handling Unspecified Remote Memory Corruption (2011-... |
| 76351 | Apple iOS WebKit Website Handling Unspecified Remote Memory Corruption (2011-... |
| 76350 | Apple iOS WebKit Website Handling Unspecified Remote Memory Corruption (2011-... |
| 76349 | Apple iOS WebKit Website Handling Unspecified Remote Memory Corruption (2011-... |
| 76348 | Apple iOS WebKit Website Handling Unspecified Remote Memory Corruption (2011-... |
| 76347 | Apple iOS WebKit Website Handling Unspecified Remote Memory Corruption (2011-... |
| 76346 | Apple iOS WebKit Website Handling Unspecified Remote Memory Corruption (2011-... |
| 76345 | Apple iOS WebKit Website Handling Unspecified Remote Memory Corruption (2011-... |
| 76344 | Apple iOS WebKit Website Handling Unspecified Remote Memory Corruption (2011-... |
ExploitDB Exploits
| id | Description |
|---|---|
| 19322 | Apple iTunes <= 10.6.1.7 Extended m3u Stack Buffer Overflow |
| 19098 | Apple iTunes 10.6.1.7 M3U Playlist File Walking Heap Buffer Overflow |
| 14422 | libpng <= 1.4.2 Denial of Service Vulnerability |
| 11491 | iTunes 9.0.1 .pls File Handling Buffer Overflow |
| 11138 | Apple iTunes 8.1.x (daap) Buffer overflow remote exploit (CVE-2009-0950) |
| 8934 | Apple iTunes 8.1.1.10 (itms/itcp) Remote Buffer Overflow Exploit (win) |
| 8861 | Apple iTunes 8.1.1 (ITMS) Multiple Protocol Handler BOF Exploit (meta) |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-12-13 | Name : SuSE Update for update openSUSE-SU-2012:0374-1 (update) File : nvt/gb_suse_2012_0374_1.nasl |
| 2012-12-13 | Name : SuSE Update for update openSUSE-SU-2012:0466-1 (update) File : nvt/gb_suse_2012_0466_1.nasl |
| 2012-10-26 | Name : Ubuntu Update for webkit USN-1617-1 File : nvt/gb_ubuntu_USN_1617_1.nasl |
| 2012-10-01 | Name : Apple Safari Multiple Vulnerabilities - Oct 2012 (Mac OS X) File : nvt/gb_apple_safari_mult_vuln_oct12_macosx.nasl |
| 2012-09-26 | Name : Gentoo Security Advisory GLSA 201209-02 (tiff) File : nvt/glsa_201209_02.nasl |
| 2012-09-17 | Name : Apple iTunes Multiple Vulnerabilities - Sep 12 (Windows) File : nvt/gb_apple_itunes_mult_vuln_sep12_win.nasl |
| 2012-08-09 | Name : Ubuntu Update for webkit USN-1524-1 File : nvt/gb_ubuntu_USN_1524_1.nasl |
| 2012-08-01 | Name : Apple Safari Multiple Vulnerabilities - Aug 2012 (Windows) File : nvt/gb_apple_safari_mult_vuln_aug12_win.nasl |
| 2012-07-30 | Name : CentOS Update for libtiff CESA-2011:0318 centos5 x86_64 File : nvt/gb_CESA-2011_0318_libtiff_centos5_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for libtiff CESA-2011:0392 centos5 x86_64 File : nvt/gb_CESA-2011_0392_libtiff_centos5_x86_64.nasl |
| 2012-07-30 | Name : CentOS Update for libxml2 CESA-2012:0017 centos5 File : nvt/gb_CESA-2012_0017_libxml2_centos5.nasl |
| 2012-07-30 | Name : Apple Safari Multiple Vulnerabilities - July 2012 (Mac OS X) File : nvt/gb_apple_safari_mult_vuln_jul12_macosx.nasl |
| 2012-07-13 | Name : VMSA-2012-0012 VMware ESXi update addresses several security issues. File : nvt/gb_VMSA-2012-0012.nasl |
| 2012-07-09 | Name : RedHat Update for libxml2 RHSA-2011:1749-03 File : nvt/gb_RHSA-2011_1749-03_libxml2.nasl |
| 2012-06-12 | Name : Apple iTunes '.m3u' Playlist Code Execution Vulnerability (Mac OS X) File : nvt/gb_apple_itunes_playlist_code_exec_vuln_macosx.nasl |
| 2012-06-12 | Name : Apple iTunes '.m3u' Playlist Code Execution Vulnerabilities (Win) File : nvt/gb_apple_itunes_playlist_code_exec_vuln_win.nasl |
| 2012-05-31 | Name : FreeBSD Ports: chromium File : nvt/freebsd_chromium13.nasl |
| 2012-05-31 | Name : Gentoo Security Advisory GLSA 201205-01 (chromium) File : nvt/glsa_201205_01.nasl |
| 2012-05-24 | Name : Apple Safari Multiple Vulnerabilities - Oct 2011 (Windows) File : nvt/secpod_apple_safari_mult_vuln_win_oct11.nasl |
| 2012-05-07 | Name : Google Chrome Multiple Denial of Service Vulnerabilities - May 12 (Linux) File : nvt/gb_google_chrome_mult_dos_vuln_may12_lin.nasl |
| 2012-05-07 | Name : Google Chrome Multiple Denial of Service Vulnerabilities - May 12 (Mac OS X) File : nvt/gb_google_chrome_mult_dos_vuln_may12_macosx.nasl |
| 2012-05-07 | Name : Google Chrome Multiple Denial of Service Vulnerabilities - May 12 (Windows) File : nvt/gb_google_chrome_mult_dos_vuln_may12_win.nasl |
| 2012-04-30 | Name : FreeBSD Ports: chromium File : nvt/freebsd_chromium10.nasl |
| 2012-04-30 | Name : FreeBSD Ports: chromium File : nvt/freebsd_chromium8.nasl |
| 2012-04-30 | Name : FreeBSD Ports: chromium File : nvt/freebsd_chromium9.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2015-A-0222 | Multiple Security Vulnerabilities in Apple iOS Severity: Category I - VMSKEY: V0061471 |
| 2015-A-0199 | Multiple Vulnerabilities in Apple Mac OS X Severity: Category I - VMSKEY: V0061337 |
| 2014-B-0024 | Multiple Security Vulnerabilities in Apple iOS Severity: Category I - VMSKEY: V0046157 |
| 2012-A-0153 | Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0 Severity: Category I - VMSKEY: V0033884 |
| 2012-A-0073 | Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1 Severity: Category I - VMSKEY: V0032171 |
| 2011-B-0046 | Remote Code Execution Vulnerability in Microsoft Foundation Class (MFC) Library Severity: Category II - VMSKEY: V0026512 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Apple QuickTime fpx file SectNumMiniFAT overflow attempt RuleID : 6505 - Type : FILE-IMAGE - Revision : 14 |
| 2020-10-22 | Apple Safari WebKit HTMLFrameElementBase isURLAllowed Subframe exploit attempt RuleID : 55799 - Type : FILE-OTHER - Revision : 1 |
| 2020-10-22 | Apple Safari WebKit HTMLFrameElementBase isURLAllowed Subframe exploit attempt RuleID : 55798 - Type : FILE-OTHER - Revision : 1 |
| 2020-10-06 | WebKit AudioArray allocate out of bounds access attempt RuleID : 55013 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-10-06 | WebKit AudioArray allocate out of bounds access attempt RuleID : 55012 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-09-02 | WebKit JIT compiler common subexpression elimination out of bounds access att... RuleID : 54666 - Type : BROWSER-WEBKIT - Revision : 2 |
| 2020-09-02 | WebKit JIT compiler common subexpression elimination out of bounds access att... RuleID : 54665 - Type : BROWSER-WEBKIT - Revision : 2 |
| 2020-04-21 | Apple Safari WebKit JavaScript engine type confusion attempt RuleID : 53474 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-04-21 | Apple Safari WebKit JavaScript engine type confusion attempt RuleID : 53473 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-03-19 | Apple Safari WebKit cached page memory corruption attempt RuleID : 53122 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-03-19 | Apple Safari WebKit cached page memory corruption attempt RuleID : 53121 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-02-13 | Apple Safari Webkit css title memory corruption attempt RuleID : 52598 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-02-13 | Apple Safari Webkit css title memory corruption attempt RuleID : 52597 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit out-of-bounds read attempt RuleID : 52342 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2020-01-03 | Apple Safari WebKit out-of-bounds read attempt RuleID : 52341 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-12-24 | Mutiple products libpng extra row heap overflow attempt RuleID : 52307 - Type : FILE-IMAGE - Revision : 1 |
| 2019-12-24 | Mutiple products libpng extra row heap overflow attempt RuleID : 52306 - Type : FILE-IMAGE - Revision : 1 |
| 2019-11-15 | WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt RuleID : 51832 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-11-15 | WebKit JavaScriptCore emitEqualityOpImpl memory corruption attempt RuleID : 51831 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-11-12 | WebKit JavaScriptCore JSValue use after free attempt RuleID : 51824 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-11-12 | WebKit JavaScriptCore JSValue use after free attempt RuleID : 51823 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-11-12 | WebKit JavaScriptCore AIR optimization memory corruption attempt RuleID : 51822 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-11-12 | WebKit JavaScriptCore AIR optimization memory corruption attempt RuleID : 51821 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-10-01 | Apple Safari JSValues type confusion attempt RuleID : 51389 - Type : BROWSER-WEBKIT - Revision : 1 |
| 2019-10-01 | Apple Safari JSValues type confusion attempt RuleID : 51388 - Type : BROWSER-WEBKIT - Revision : 1 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2019-01-11 | Name: The remote device is missing a vendor-supplied security patch. File: juniper_jsa10916.nasl - Type: ACT_GATHER_INFO |
| 2018-12-03 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201812-04.nasl - Type: ACT_GATHER_INFO |
| 2018-10-02 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: itunes_12_9.nasl - Type: ACT_GATHER_INFO |
| 2018-10-02 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: itunes_12_9_banner.nasl - Type: ACT_GATHER_INFO |
| 2018-09-20 | Name: A web browser installed on the remote macOS or Mac OS X host is affected by m... File: macosx_safari12.nasl - Type: ACT_GATHER_INFO |
| 2017-11-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-1268.nasl - Type: ACT_GATHER_INFO |
| 2017-11-07 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2017-2933-1.nasl - Type: ACT_GATHER_INFO |
| 2017-11-03 | Name: The remote Apple TV device is affected by multiple vulnerabilities. File: appletv_11_1.nasl - Type: ACT_GATHER_INFO |
| 2017-11-02 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: itunes_12_7_1.nasl - Type: ACT_GATHER_INFO |
| 2017-11-02 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: itunes_12_7_1_banner.nasl - Type: ACT_GATHER_INFO |
| 2017-11-02 | Name: A web browser installed on the remote macOS or Mac OS X host is affected by m... File: macosx_Safari11_1.nasl - Type: ACT_GATHER_INFO |
| 2017-10-16 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201710-14.nasl - Type: ACT_GATHER_INFO |
| 2017-09-27 | Name: The remote host contains an application that is affected by an insecure permi... File: macosx_itunes_12_7.nasl - Type: ACT_GATHER_INFO |
| 2017-09-06 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-1011.nasl - Type: ACT_GATHER_INFO |
| 2017-09-01 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2017-2318-1.nasl - Type: ACT_GATHER_INFO |
| 2017-08-11 | Name: The remote Fedora host is missing a security update. File: fedora_2017-9d572cc64a.nasl - Type: ACT_GATHER_INFO |
| 2017-08-03 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-3376-1.nasl - Type: ACT_GATHER_INFO |
| 2017-07-31 | Name: The remote Fedora host is missing a security update. File: fedora_2017-73d6a0dfbb.nasl - Type: ACT_GATHER_INFO |
| 2017-07-28 | Name: The remote Fedora host is missing a security update. File: fedora_2017-24bddb96b5.nasl - Type: ACT_GATHER_INFO |
| 2017-07-26 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_0f66b901715c11e7ad1fbcaec565249c.nasl - Type: ACT_GATHER_INFO |
| 2017-07-25 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: itunes_12_6_2.nasl - Type: ACT_GATHER_INFO |
| 2017-07-25 | Name: An application running on the remote host is affected by multiple vulnerabili... File: itunes_12_6_2_banner.nasl - Type: ACT_GATHER_INFO |
| 2017-07-25 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: macos_itunes_12_6_2.nasl - Type: ACT_GATHER_INFO |
| 2017-07-25 | Name: The remote host is missing a macOS or Mac OS X security update that fixes mul... File: macosx_SecUpd2017-003.nasl - Type: ACT_GATHER_INFO |
| 2017-07-24 | Name: A web browser installed on the remote macOS or Mac OS X host is affected by m... File: macosx_Safari10_1_2.nasl - Type: ACT_GATHER_INFO |
