CVE-2010-1383

CVE-2010-1383 affects CFNetwork in Apple Safari prior to 5.0.6 on Windows. The vulnerability arises from a credential reflection (NTLM replay) flaw that could allow a remote attacker to execute arbitrary code by replaying NTLM credentials to a malicious website. Multiple vulnerability trackers co...

CVE-2010-1420

Apple Safari (CFNetwork) is affected by CVE-2010-1420: an XSS vulnerability in CFNetwork could allow remote attackers to inject arbitrary script or HTML via a crafted text/plain file. Affects Safari before 5.0.6; mitigation involved updates in Safari 5.0.6/5.1 addressing this issue. Root cause: i...

CVE-2011-0214

CVE-2011-0214 affects CFNetwork in Apple Safari on Windows prior to 5.0.6. The root cause is improper handling/validation of an untrusted system root certificate attribute, allowing a certificate signed by a blacklisted CA to bypass SSL restrictions by remote servers. Per accompanying advisories,...

CVE-2007-2403

CVE-2007-2403 affects CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10. The flaw arises from improper validation of ftp: URIs, allowing a remote attacker to cause the client to transmit arbitrary FTP commands to arbitrary FTP servers. Impact is described as partial confidentiality, integrity, and a...

CVE-2010-1800

CVE-2010-1800 affects CFNetwork in Apple Mac OS X 10.6.3 and 10.6.4. It allows man-in-the-middle attackers to redirect connections and obtain sensitive information via crafted SSL/TLS responses due to support for anonymous connections. The root cause is the handling of anonymous SSL/TLS in CFNetw...