Download
| Alert*
|
oval:org.secpod.oval:def:41465
The host is installed with Apple Mac OS X or Server 10.12.5 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle memory. Successful exploitation could allow attackers to gain kernel privileges. oval:org.secpod.oval:def:703567 curl: HTTP, HTTPS, and FTP client and client libraries Applications using curl could allow unintended access over the network. oval:org.secpod.oval:def:41490 The host is missing a security update according to Apple advisory, APPLE-SA-2017-07-19-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary ... oval:org.secpod.oval:def:1800139 libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate . libcurl s ... oval:org.secpod.oval:def:1800486 libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate . libcurl s ... oval:org.secpod.oval:def:1800487 There were two bugs in curl"s parser for the command line option --write-out that would skip the end of string zero byte if the string ended in a % or \ , and it would read beyond that buffer in the heap memory and it could then potentially output pieces of that memory to the terminal or the targe ... oval:org.secpod.oval:def:1800587 A coding mistake was found in TLS Certificate Status Request extension feature that asks for a fresh proof of the server"s certificate"s validity in the code that checks for a test success or failure. It ends up always thinking there"s valid proof, even when there is none or if the server does not s ... oval:org.secpod.oval:def:1800613 There were two bugs in curl"s parser for the command line option --write-out that would skip the end of string zero byte if the string ended in a % or \ , and it would read beyond that buffer in the heap memory and it could then potentially output pieces of that memory to the terminal or the targe ... |
