Mac Os X
Monthly
An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An integer overflow was addressed through improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Multiple out-of-bounds write issues were addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A race condition was addressed with improved state handling. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.
An inherited permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An input validation issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A type confusion issue was addressed with improved state handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An integer overflow was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A type confusion issue was addressed with improved state handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A race condition was addressed with improved locking. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.
A validation issue existed in the handling of symlinks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved state management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A race condition was addressed with additional validation. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.
An out-of-bounds write was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
The issue was addressed with improved permissions logic. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read issue existed that led to the disclosure of kernel memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A type confusion issue was addressed with improved state handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A use after free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple issues were addressed with improved logic. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An access issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A race condition was addressed with improved locking. Rated high severity (CVSS 7.0). No vendor patch available.
A privacy issue existed in the handling of Contact cards. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A logic error in kext loading was addressed with improved state handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read issue existed in the curl. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds write issue was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed by removing the vulnerable code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A stack overflow was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved checks. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved iframe sandbox enforcement. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A use after free issue was addressed with improved memory management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A buffer overflow was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A memory corruption issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Multiple issues were addressed with improved logic. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds write was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds write was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds write was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds write was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
This issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A path handling issue was addressed with improved validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A type confusion issue was addressed with improved state handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A memory corruption issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds write was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A memory corruption issue was addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A use after free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The issue was addressed with improved deletion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
The issue was addressed with improved deletion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A use after free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A validation issue existed in the entitlement verification. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An integer overflow was addressed through improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Multiple out-of-bounds write issues were addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A race condition was addressed with improved state handling. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.
An inherited permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An input validation issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A type confusion issue was addressed with improved state handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An integer overflow was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A type confusion issue was addressed with improved state handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A race condition was addressed with improved locking. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.
A validation issue existed in the handling of symlinks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved state management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A race condition was addressed with additional validation. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.
An out-of-bounds write was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
The issue was addressed with improved permissions logic. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read issue existed that led to the disclosure of kernel memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A type confusion issue was addressed with improved state handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A use after free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple issues were addressed with improved logic. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An access issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A race condition was addressed with improved locking. Rated high severity (CVSS 7.0). No vendor patch available.
A privacy issue existed in the handling of Contact cards. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A logic error in kext loading was addressed with improved state handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read issue existed in the curl. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds write issue was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed by removing the vulnerable code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A stack overflow was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved checks. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved iframe sandbox enforcement. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A use after free issue was addressed with improved memory management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A buffer overflow was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A memory corruption issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Multiple issues were addressed with improved logic. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds write was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds write was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds write was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds write was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
This issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A path handling issue was addressed with improved validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A type confusion issue was addressed with improved state handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A memory corruption issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds write was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A memory corruption issue was addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A use after free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The issue was addressed with improved deletion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
The issue was addressed with improved deletion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A use after free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A validation issue existed in the entitlement verification. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.