Design/Logic Flaw

CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection" issue...

Code injection

CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority...

Cross site scripting

Cross-site scripting XSS vulnerability in CFNetwork in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted text/plain file...

CVE-2010-1383

CVE-2010-1383 affects CFNetwork in Apple Safari prior to 5.0.6 on Windows. The vulnerability arises from a credential reflection (NTLM replay) flaw that could allow a remote attacker to execute arbitrary code by replaying NTLM credentials to a malicious website. Multiple vulnerability trackers co...

CVE-2010-1383

CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection" issue...

CVE-2011-0214

CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority...

CVE-2011-0214

CVE-2011-0214 affects CFNetwork in Apple Safari on Windows prior to 5.0.6. The root cause is improper handling/validation of an untrusted system root certificate attribute, allowing a certificate signed by a blacklisted CA to bypass SSL restrictions by remote servers. Per accompanying advisories,...

CVE-2010-1420

Apple Safari (CFNetwork) is affected by CVE-2010-1420: an XSS vulnerability in CFNetwork could allow remote attackers to inject arbitrary script or HTML via a crafted text/plain file. Affects Safari before 5.0.6; mitigation involved updates in Safari 5.0.6/5.1 addressing this issue. Root cause: i...

Apple Safari Update Fixes 58 Bugs, Adds Sandboxing

Along with the release of their new Lion OS X, Apple has issued a new version of its Safari browser for Mac and Windows users, pushing version 5.1 and 5.0.6 to patch a boatload of security holes, some of which are critical. Fifty-eight security vulnerabilities in total are addressed in the update...

CVE-2010-1834

CFNetwork in Apple Mac OS X 10.6.x before 10.6.5 does not properly validate the domains of cookies, which makes it easier for remote web servers to track users by setting a cookie that is associated with a partial IP address...

Code injection

CFNetwork in Apple Mac OS X 10.6.x before 10.6.5 does not properly validate the domains of cookies, which makes it easier for remote web servers to track users by setting a cookie that is associated with a partial IP address...

CVE-2010-1834

The CVE-2010-1834 issue affects Apple Mac OS X 10.6.x prior to 10.6.5 where CFNetwork does not properly validate cookie domains, allowing a cookie set for a partial IP address to be sent to third-party sites. Root cause: an implementation flaw in CFNetwork’s handling of domain specifications in c...

CVE-2010-1834

CFNetwork in Apple Mac OS X 10.6.x before 10.6.5 does not properly validate the domains of cookies, which makes it easier for remote web servers to track users by setting a cookie that is associated with a partial IP address...

Mac OS X 10.6 < 10.6.5 Multiple Vulnerabilities

Versions of Mac OS X 10.6 earlier than 10.6.5 are potentially affected by multiple vulnerabilities. Mac OS X 10.6.5 contains security fixes for the following products : - AFP Server - Apache modperl - Apache - AppKit - ATS - CFNetwork - CoreGraphics - CoreText - CUPS - Directory Services -...

Mac OS X Multiple Vulnerabilities (Security Update 2010-007)

The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2010-007 applied. This security update contains fixes for the following products : - AFP Server - Apache modperl - ATS - CFNetwork - CoreGraphics - CoreText - CUPS - Directory Services - diskdevcmds - Disk...

CVE-2010-1800

CFNetwork in Apple Mac OS X 10.6.3 and 10.6.4 supports anonymous SSL and TLS connections, which allows man-in-the-middle attackers to redirect a connection and obtain sensitive information via crafted responses...

Design/Logic Flaw

CFNetwork in Apple Mac OS X 10.6.3 and 10.6.4 supports anonymous SSL and TLS connections, which allows man-in-the-middle attackers to redirect a connection and obtain sensitive information via crafted responses...

CVE-2010-1800

CFNetwork in Apple Mac OS X 10.6.3 and 10.6.4 supports anonymous SSL and TLS connections, which allows man-in-the-middle attackers to redirect a connection and obtain sensitive information via crafted responses...

CVE-2010-1800

CVE-2010-1800 affects CFNetwork in Apple Mac OS X 10.6.3 and 10.6.4. It allows man-in-the-middle attackers to redirect connections and obtain sensitive information via crafted SSL/TLS responses due to support for anonymous connections. The root cause is the handling of anonymous SSL/TLS in CFNetw...

Apple Fixes 13 Bugs in Major OS X Patch Release

Apple released a patch Tuesday that fixes more than a dozen bugs, including a critical remote code-execution flaw in Apple Type Services. The patch release also includes a fix for a flaw in CFNetwork that enabled an attacker to intercept user credentials and other sensitive data silently on a...