Page 73 of 694 results (0.013 seconds)

CVSS: 7.5EPSS: 0%CPEs: 40EXPL: 1

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. curl versiones 7.41.0 hasta 7.73.0, es vulnerable a una comprobación inapropiada para la revocación del certificado debido a una verificación insuficiente de la respuesta OCSP Libcurl offers "OCSP stapling" via the CURLOPT_SSL_VERIFYSTATUS option. When set, libcurl verifies the OCSP response that a server responds with as part of the TLS handshake. It then aborts the TLS negotiation if something is wrong with the response. The same feature can be enabled with --cert-status using the curl tool. As part of the OCSP response verification, a client should verify that the response is indeed set out for the correct certificate. • http://seclists.org/fulldisclosure/2021/Apr/50 http://seclists.org/fulldisclosure/2021/Apr/51 http://seclists.org/fulldisclosure/2021/Apr/54 https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://curl.se/docs/CVE-2020-8286.html https://hackerone.com/reports/1048457 https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fe • CWE-295: Improper Certificate Validation •

CVSS: 9.3EPSS: 0%CPEs: 16EXPL: 0

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges. Se abordó un problema de escritura fuera de límites con una comprobación de límites mejorada. Este problema es corregido en macOS Big Sur versión 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur versión 11.0.1. • https://support.apple.com/en-us/HT211931 https://support.apple.com/en-us/HT212011 • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 0

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted font file may lead to arbitrary code execution. Se abordó una lectura fuera de límites con una comprobación de la entrada mejorada. Este problema es corregido en macOS Big Sur versión 11.0.1, tvOS versión 14.0, macOS Big Sur versión 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS versión 14.0 y iPadOS versión 14.0. • https://support.apple.com/en-us/HT211843 https://support.apple.com/en-us/HT211844 https://support.apple.com/en-us/HT211850 https://support.apple.com/en-us/HT211931 https://support.apple.com/en-us/HT212011 • CWE-125: Out-of-bounds Read •

CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0

A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1. A remote attacker may be able to modify the file system. Se abordó un problema de manejo de rutas con una comprobación mejorada. Este problema se corrigió en macOS Big Sur versión 11.0.1. • http://seclists.org/fulldisclosure/2020/Dec/26 http://seclists.org/fulldisclosure/2020/Dec/32 https://support.apple.com/en-us/HT211931 https://support.apple.com/kb/HT212011 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.3EPSS: 0%CPEs: 18EXPL: 0

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to break out of its sandbox. Se abordó un problema de análisis en el manejo de rutas de directorio con una comprobación de rutas mejorada. Este problema se corrigió en macOS Big Sur versión 11.0.1. • http://seclists.org/fulldisclosure/2020/Dec/26 http://seclists.org/fulldisclosure/2020/Dec/32 https://support.apple.com/en-us/HT211931 https://support.apple.com/kb/HT212011 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •