Vulnerabilities > Apple > Cfnetwork

DATE CVE VULNERABILITY TITLE RISK
2011-07-21 CVE-2011-0214 Cryptographic Issues vulnerability in Apple Cfnetwork and Safari
CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority.
network
low complexity
apple microsoft CWE-310
5.0
2011-07-21 CVE-2010-1420 Cross-Site Scripting vulnerability in Apple Cfnetwork and Safari
Cross-site scripting (XSS) vulnerability in CFNetwork in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted text/plain file.
4.3
2011-07-21 CVE-2010-1383 Credentials Management vulnerability in Apple Cfnetwork and Safari
CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection" issue.
network
apple microsoft CWE-255
critical
9.3
2010-08-25 CVE-2010-1800 Information Exposure vulnerability in Apple Cfnetwork, mac OS X and mac OS X Server
CFNetwork in Apple Mac OS X 10.6.3 and 10.6.4 supports anonymous SSL and TLS connections, which allows man-in-the-middle attackers to redirect a connection and obtain sensitive information via crafted responses.
network
low complexity
apple CWE-200
5.0
2007-08-03 CVE-2007-2403 Multiple Security vulnerability in Apple Mac OS X 2007-007
CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 does not properly validate ftp: URIs, which allows remote attackers to trigger the transmission of arbitrary FTP commands to arbitrary FTP servers.
network
apple
6.8