Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apple cfnetwork vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2015-5841
The CFNetwork Proxies component in Apple iOS prior to 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response.
Apple Mac Os X
Apple Iphone Os
Apple Watchos 1.0
5
CVSSv2
CVE-2015-5858
The CFNetwork HTTPProtocol component in Apple iOS prior to 9 allows remote malicious users to bypass the HSTS protection mechanism, and consequently obtain sensitive information, via a crafted URL.
Apple Iphone Os
Apple Watchos 1.0
4.3
CVSSv2
CVE-2009-1723
CFNetwork in Apple Mac OS X 10.5 prior to 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote malicious users to trick a user into visiting an arbitrary https web site by leveraging an open redirect vulner...
Apple Mac Os X 10.5.0
Apple Mac Os X 10.5.1
Apple Mac Os X Server 10.5
Apple Mac Os X Server 10.5.0
Apple Mac Os X Server 10.5.7
Apple Mac Os X 10.5.3
Apple Mac Os X 10.5.4
Apple Mac Os X Server 10.5.4
Apple Mac Os X Server 10.5.5
Apple Mac Os X 10.5.6
Apple Mac Os X 10.5
Apple Mac Os X 10.5.5
Apple Mac Os X Server 10.5.6
Apple Mac Os X 10.5.7
Apple Mac Os X 10.5.2
Apple Mac Os X Server 10.5.1
Apple Mac Os X Server 10.5.2
Apple Mac Os X Server 10.5.3
5
CVSSv2
CVE-2015-5912
The CFNetwork FTPProtocol component in Apple iOS prior to 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses.
Apple Mac Os X
Apple Iphone Os
4.3
CVSSv2
CVE-2016-7579
An issue exists in certain Apple products. iOS prior to 10.1 is affected. macOS prior to 10.12.1 is affected. tvOS prior to 10.0.1 is affected. The issue involves the "CFNetwork Proxies" component, which allows man-in-the-middle malicious users to spoof a proxy password...
Apple Iphone Os
Apple Mac Os X
Apple Tvos
4.3
CVSSv2
CVE-2015-5824
The NSURL implementation in the CFNetwork SSL component in Apple iOS prior to 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted ...
Apple Watchos 1.0
Apple Mac Os X
Apple Iphone Os
2.1
CVSSv2
CVE-2015-5898
CFNetwork in Apple iOS prior to 9 relies on the hardware UID for its cache encryption key, which makes it easier for physically proximate malicious users to obtain sensitive information by obtaining this UID.
Apple Iphone Os
Apple Watchos 1.0
5
CVSSv2
CVE-2015-5860
The CFNetwork HTTPProtocol component in Apple iOS prior to 9 mishandles HSTS state, which allows remote malicious users to bypass the Safari private-browsing protection mechanism and track users via a crafted web site.
Apple Iphone Os
Apple Watchos 1.0
2.6
CVSSv2
CVE-2015-7094
CFNetwork HTTPProtocol in Apple iOS prior to 9.2 and OS X prior to 10.11.2 allows man-in-the-middle malicious users to bypass the HSTS protection mechanism via a crafted URL.
Apple Iphone Os
Apple Mac Os X
5.8
CVSSv2
CVE-2015-7023
CFNetwork in Apple iOS prior to 9.1 and OS X prior to 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors.
Apple Mac Os X
Apple Iphone Os
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »