Input validation

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response...

CVE-2020-8286

The CVE-2020-8286 issue affects curl/libcurl where OCSP responses were not verified correctly against the certificate, leaving room for fraudulent OCSP responses to appear valid and potentially bypass revocation checks. Reported range: curl versions 7.41.0 through 7.73.0. Impact phrasing in cited...

CVE-2020-8286

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response...

CVE-2020-8286

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response...

CVE-2020-8286

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response...

Vulnerability fixed in OpenSSL

A vulnerability has been fixed in OpenSSL. When a remote malicious party manages to provide a rogue certificate and a rogue certificate-revocation-list manages to offer them to an ssl server or ssl client, a denial-of-service can be caused by doing so. OpenSSL has released updates to fix the...

CVE-2020-26957

OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. This could result in a failure to enforce some certificate revocations. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox...

UBUNTU-CVE-2020-26957

OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. This could result in a failure to enforce some certificate revocations. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox...

CVE-2020-26957

CVE-2020-26957 : OneCRL was non-functional in the new Firefox for Android due to a missing service initialization, potentially causing failure to enforce certain certificate revocations. Affected product/variant: Firefox on Android (Firefox

CVE-2020-26957

OneCRL was non-functional in the new Firefox for Android due to a missing service initialization. This could result in a failure to enforce some certificate revocations. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox...

CVE-2020-8286

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response...

UBUNTU-CVE-2020-8286

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response...

DEBIAN-CVE-2020-1971

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERALNAMEcmp which compares different instances of a GENERALNAME to see if they are equal or not. This function behaves incorrect...

LibreSSL -- NULL pointer dereference

The LibreSSL project reports: Malformed ASN.1 in a certificate revocation list or a timestamp response token can lead to a NULL pointer dereference...

curl: CVE-2020-8286: Inferior OCSP verification

cURL in /lib/vtls/openssl.c does not check that the certificate serial number in the stapled OCSP response matches the serial number of the certificate it is trying to validate the peer certificate. This results in a passed validity challenge even when connecting to a site that has had its...

Mozilla Firefox for Android 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Android Firefox that stems from a lack of service initialization and OneCRL being non-functional in the new Android Firefox. This may result in the inability to enfor...

Unbreakable Enterprise kernel-container security update

4.14.35-2025.402.2.1.el7 - powercap: restrict energy meter to root access Kanth Ghatraju Orabug: 32040805 CVE-2020-8694 CVE-2020-8695 4.14.35-2025.402.2.el7 - ocfs2: fix remounting needed after setfacl command Gang He - Fix multiple variable definition with syzkaller Hans Westgaard Ry Orabug:...

Unbreakable Enterprise kernel security update

5.4.17-2036.100.6.1.el8uek - powercap: restrict energy meter to root access Kanth Ghatraju Orabug: 32040802 CVE-2020-8694 CVE-2020-8695 - KVM: ioapic: break infinite recursion on lazy EOI Vitaly Kuznetsov Orabug: 32066585 CVE-2020-27152 CVE-2020-27152 - x86/mitigations: Restore paranoid checks fo...

CVE-2020-15950

Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout...

puppet-agent: Puppet Agent does not properly verify SSL connection when downloading a CRL

A flaw was found in Puppet, where the Puppet Agent did not verify the peer in the SSL connection before downloading to the Certificate Revocation List CRL. The primary risk is the availability of communications to computing systems and not Puppet itself. This flaw allows an attacker to submit a...