Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusTenable6831.PRM
HistoryMay 19, 2013 - 12:00 a.m.

iTunes < 11.0.3 Multiple Vulnerabilities

2013-05-1900:00:00
Tenable
www.tenable.com
15

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.547 Medium

EPSS

Percentile

97.7%

JSON

Versions of iTunes earlier than 11.0.3 are reportedly affected by several vulnerabilities:

  • An error exists related to certificate validation that could allow disclosure of sensitive information and could allow the application to trust data from untrusted sources. (CVE-2013-1014)

  • The included version of WebKit contains several errors that could lead to memory corruption and possibly arbitrary code execution. The vendor notes one possible attack vector is a man-in-the-middle attack while the application browses the ‘iTunes Store’. (CVE-2012-2824, CVE-2012-2857, CVE-2012-3748, CVE-2012-5112, CVE-2013-0879, CVE-2013-0912, CVE-2013-0948, CVE-2013-0949, CVE-2013-0950, CVE-2013-0951, CVE-2013-0952, CVE-2013-0953, CVE-2013-0954, CVE-2013-0955, CVE-2013-0956, CVE-2013-0958, CVE-2013-0959, CVE-2013-0960, CVE-2013-0961, CVE-2013-0991, CVE-2013-0992, CVE-2013-0993, CVE-2013-0994, CVE-2013-0995, CVE-2013-0996, CVE-2013-0997, CVE-2013-0998, CVE-2013-0999, CVE-2013-1000, CVE-2013-1001, CVE-2013-1002, CVE-2013-1003, CVE-2013-1004, CVE-2013-1005, CVE-2013-1006, CVE-2013-1007, CVE-2013-1008, CVE-2013-1010, CVE-2013-1011)

Binary data 6831.prm
VendorProductVersionCPE
appleitunescpe:/a:apple:itunes

References

Related

openvas 13
nessus 20
securityvulns 18
kaspersky 1
threatpost 1
ubuntucve 26
cvelist 25
prion 26
cve 26
nvd 27
debiancve 5
chrome 2
freebsd 2
seebug 1
zdi 4
exploitpack 1
checkpoint_advisories 1
openvas
openvas
Apple iTunes Multiple Vulnerabilities - June13 (Mac OS X)
2013-06-06 00:00:00
Apple iTunes Multiple Vulnerabilities - June13 (Windows)
2013-06-06 00:00:00
Apple iTunes Multiple Vulnerabilities (Jun 2013) - Mac OS X
2013-06-06 00:00:00
nessus
nessus
Apple iTunes < 11.0.3 Multiple Vulnerabilities (credentialed check)
2013-05-17 00:00:00
Apple iTunes < 11.0.3 Multiple Vulnerabilities (uncredentialed check)
2013-05-17 00:00:00
Safari < 6.0.5 Multiple Security Vulnerabilities
2013-06-05 00:00:00
securityvulns
securityvulns
Apple iTunes multiple security vulnerabilities
2013-05-27 00:00:00
APPLE-SA-2013-05-16-1 iTunes 11.0.3
2013-05-27 00:00:00
APPLE-SA-2013-03-14-2 Safari 6.0.3
2013-03-24 00:00:00
kaspersky
kaspersky
KLA10076 Multiple vulnerabilities in Apple iTunes
2013-05-22 00:00:00
threatpost
threatpost
Apple Releases iOS 6.1 With Fixes for More Than 20 Vulnerabilities
2013-01-29 14:25:53
ubuntucve
ubuntucve
CVE-2013-0961
2013-03-15 00:00:00
CVE-2013-0960
2013-03-15 00:00:00
CVE-2013-0950
2013-01-29 00:00:00
cvelist
cvelist
CVE-2013-0961
2022-10-03 16:15:05
CVE-2013-0960
2022-10-03 16:15:05
CVE-2012-5112
2012-10-11 10:00:00
prion
prion
Memory corruption
2013-03-15 20:55:00
Memory corruption
2013-03-15 20:55:00
Design/Logic Flaw
2012-06-27 10:18:00
cve
cve
CVE-2013-0961
2022-10-03 16:15:05
CVE-2013-0960
2022-10-03 16:15:05
CVE-2012-5112
2012-10-11 10:51:57
nvd
nvd
CVE-2013-0960
2013-03-15 20:55:10
CVE-2013-0961
2013-03-15 20:55:10
CVE-2012-5112
2012-10-11 10:51:57
debiancve
debiancve
CVE-2012-5112
2012-10-11 10:51:00
CVE-2012-2824
2012-06-27 10:18:00
CVE-2012-2857
2012-08-06 15:55:00
chrome
chrome
Stable Channel Update
2012-10-10 00:00:00
Stable Channel Update for Chrome OS
2012-10-11 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2012-10-10 00:00:00
chromium -- WebKit vulnerability
2013-03-07 00:00:00
seebug
seebug
Apple Safari 6.0.1 for iOS 6.0 and OS X 10.7/8 - Heap Buffer Overflow
2014-07-01 00:00:00
zdi
zdi
(Mobile Pwn2Own) Apple Safari shiftCount/splice Remote Code Execution Vulnerability
2013-02-01 00:00:00
Webkit.org Webkit string.concat() Remote Code Execution Vulnerability
2013-05-30 00:00:00
(Pwn2Own) Google Chrome Type Confusion Remote Code Execution Vulnerability
2013-05-10 00:00:00
exploitpack
exploitpack
Apple Safari 6.0.1 for iOS 6.0 Apple Mac OSX 10.78 - Heap Buffer Overflow
2013-09-04 00:00:00
checkpoint_advisories
checkpoint_advisories
Apple Safari Heap Buffer Overflow (CVE-2012-3748)
2013-10-13 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.547 Medium

EPSS

Percentile

97.7%

JSON
Related for 6831.PRM
openvas13nessus20securityvulns18kaspersky1threatpost1ubuntucve26cvelist25prion26cve26nvd27debiancve5chrome2freebsd2seebug1zdi4exploitpack1checkpoint_advisories1