Yelp OSXCollector Improper Certificate Validation

🗓️ 13 May 2022 01:47:48Reported by GitHub Advisory DatabaseType

Yelp OSXCollector improper certificate validation allows execution of malicious unsigned cod

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 11
prion	Code injection	13 Jun 201822:29	–	prion
veracode	Improper Certificate Validation	30 Apr 202406:49	–	veracode
osv	Yelp OSXCollector Improper Certificate Validation	13 May 202201:48	–	osv
osv	PYSEC-2018-95	13 Jun 201822:29	–	osv
osv	CVE-2018-10406	13 Jun 201822:29	–	osv
cve	CVE-2018-10406	13 Jun 201822:29	–	cve
cvelist	CVE-2018-10406	13 Jun 201822:00	–	cvelist
nvd	CVE-2018-10406	13 Jun 201822:29	–	nvd
threatpost	Bypass Glitch Allows Malware to Masquerade as Legit Apple Files	12 Jun 201817:26	–	threatpost
myhack58	Apple's code signing vulnerability will allow malicious software to bypass the many Mac security products-vulnerability warning-the black bar safety net	23 Jun 201800:00	–	myhack58

Vulners

Node

yelp osxcollectorRange<1.10

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2018-10406
github	www.github.com/Yelp/osxcollector/pull/160
thehackernews	www.thehackernews.com/2018/06/apple-mac-code-signing.html
okta	www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks
github	www.github.com/pypa/advisory-database/tree/main/vulns/osxcollector/PYSEC-2018-95.yaml
github	www.github.com/advisories/GHSA-g3cc-pvjj-9xq9

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

13 May 2022 01:48Current

7.6High risk

Vulners AI Score7.6

CVSS26.8

CVSS37.8

EPSS0.00224

CWE-295