curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
|
Configuration 10 (hide)
|
Configuration 11 (hide)
|
History
21 Nov 2024, 05:38
Type | Values Removed | Values Added |
---|---|---|
References | () http://seclists.org/fulldisclosure/2021/Apr/50 - Mailing List, Third Party Advisory | |
References | () http://seclists.org/fulldisclosure/2021/Apr/51 - Mailing List, Third Party Advisory | |
References | () http://seclists.org/fulldisclosure/2021/Apr/54 - Mailing List, Third Party Advisory | |
References | () https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf - Third Party Advisory | |
References | () https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf - Patch, Third Party Advisory | |
References | () https://curl.se/docs/CVE-2020-8286.html - Vendor Advisory | |
References | () https://hackerone.com/reports/1048457 - Exploit, Patch, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/ - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/ - Mailing List, Third Party Advisory | |
References | () https://security.gentoo.org/glsa/202012-14 - Third Party Advisory | |
References | () https://security.netapp.com/advisory/ntap-20210122-0007/ - Third Party Advisory | |
References | () https://support.apple.com/kb/HT212325 - Third Party Advisory | |
References | () https://support.apple.com/kb/HT212326 - Third Party Advisory | |
References | () https://support.apple.com/kb/HT212327 - Third Party Advisory | |
References | () https://www.debian.org/security/2021/dsa-4881 - Third Party Advisory | |
References | () https://www.oracle.com//security-alerts/cpujul2021.html - Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpuApr2021.html - Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory |
27 Mar 2024, 15:47
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:* cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:* |
|
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/ - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/ - Mailing List, Third Party Advisory | |
First Time |
Splunk universal Forwarder
Splunk |
13 May 2022, 20:50
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:* |
20 Apr 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Apr 2022, 16:22
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:* |
|
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Third Party Advisory | |
References | (N/A) https://www.oracle.com//security-alerts/cpujul2021.html - Third Party Advisory |
10 Mar 2022, 17:41
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jun 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Jun 2021, 20:01
Type | Values Removed | Values Added |
---|---|---|
References | (FULLDISC) http://seclists.org/fulldisclosure/2021/Apr/54 - Mailing List, Third Party Advisory | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2021/Apr/50 - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf - Third Party Advisory | |
CPE | cpe:2.3:h:siemens:simatic_tim_1531_irc:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_tim_1531_irc_firmware:*:*:*:*:*:*:*:* |
08 Jun 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-12-14 20:15
Updated : 2024-11-21 05:38
NVD link : CVE-2020-8286
Mitre link : CVE-2020-8286
CVE.ORG link : CVE-2020-8286
JSON object : View
Products Affected
siemens
- simatic_tim_1531_irc
- sinec_infrastructure_network_services
- simatic_tim_1531_irc_firmware
apple
- macos
- mac_os_x
oracle
- communications_billing_and_revenue_management
- communications_cloud_native_core_policy
- peoplesoft_enterprise_peopletools
- essbase
fedoraproject
- fedora
netapp
- hci_storage_node_firmware
- hci_bootstrap_os
- solidfire
- clustered_data_ontap
- hci_management_node
- hci_storage_node
- hci_compute_node
debian
- debian_linux
haxx
- libcurl
splunk
- universal_forwarder
CWE
CWE-295
Improper Certificate Validation