Download
| Alert*
oval:org.secpod.oval:def:41464
The host is installed with Apple Mac OS X or Server 10.12.5 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to have unspecified impact. oval:org.secpod.oval:def:41490 The host is missing a security update according to Apple advisory, APPLE-SA-2017-07-19-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary ... oval:org.secpod.oval:def:1800486 libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate . libcurl s ... oval:org.secpod.oval:def:1800487 There were two bugs in curl"s parser for the command line option --write-out that would skip the end of string zero byte if the string ended in a % or \ , and it would read beyond that buffer in the heap memory and it could then potentially output pieces of that memory to the terminal or the targe ... oval:org.secpod.oval:def:1800587 A coding mistake was found in TLS Certificate Status Request extension feature that asks for a fresh proof of the server"s certificate"s validity in the code that checks for a test success or failure. It ends up always thinking there"s valid proof, even when there is none or if the server does not s ... |