CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-30848 – webkitgtk: Memory corruption issue leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2021-30848
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code execution. Se abordó un problema de corrupción de memoria con un manejo de memoria mejorado. Este problema es corregido en iOS versión 14.8 y iPadOS versión 14.8, Safari versión 15, iOS versión 15 y iPadOS versión 15. • http://seclists.org/fulldisclosure/2021/Oct/60 http://seclists.org/fulldisclosure/2021/Oct/61 http://www.openwall.com/lists/oss-security/2021/10/26/9 http://www.openwall.com/lists/oss-security/2021/10/27/1 http://www.openwall.com/lists/oss-security/2021/10/27/2 http://www.openwall.com/lists/oss-security/2021/10/27/4 https://support.apple.com/en-us/HT212807 https://support.apple.com/en-us/HT212814 https://support.apple.com/en-us/HT212816 https:/ • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-30819
https://notcve.org/view.php?id=CVE-2021-30819
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 15 and iPadOS 15. Processing a maliciously crafted USD file may disclose memory contents. Se abordó un problema de lectura fuera de los límites con una comprobación de entradas mejorada. Este problema es corregido en iOS versión 15 y iPadOS versión 15. • http://seclists.org/fulldisclosure/2021/Oct/61 https://support.apple.com/en-us/HT212814 https://support.apple.com/kb/HT212804 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2021-30846 – webkitgtk: Memory corruption issue leading to arbitrary code execution
https://notcve.org/view.php?id=CVE-2021-30846
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution. Se abordó un problema de corrupción de memoria con un manejo de memoria mejorado. Este problema es corregido en iOS versión 14.8 y iPadOS versión 14.8, Safari versión 15, tvOS versión 15, iOS versión 15 y iPadOS versión 15, watchOS versión 8. • http://seclists.org/fulldisclosure/2021/Oct/60 http://seclists.org/fulldisclosure/2021/Oct/61 http://seclists.org/fulldisclosure/2021/Oct/62 http://seclists.org/fulldisclosure/2021/Oct/63 http://www.openwall.com/lists/oss-security/2021/10/26/9 http://www.openwall.com/lists/oss-security/2021/10/27/1 http://www.openwall.com/lists/oss-security/2021/10/27/2 http://www.openwall.com/lists/oss-security/2021/10/27/4 https://lists.fedoraproject.org/archives/list&#x • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-30838
https://notcve.org/view.php?id=CVE-2021-30838
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15 and iPadOS 15. A malicious application may be able to execute arbitrary code with system privileges on devices with an Apple Neural Engine. Se abordó un problema de corrupción de memoria con un manejo de memoria mejorado. Este problema es corregido en iOS versión 15 y iPadOS versión 15. • http://seclists.org/fulldisclosure/2021/Oct/61 https://support.apple.com/en-us/HT212814 https://support.apple.com/kb/HT212804 https://support.apple.com/kb/HT212807 •
CVSS: 7.5EPSS: 0%CPEs: 49EXPL: 1CVE-2021-22946 – curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols
https://notcve.org/view.php?id=CVE-2021-22946
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network. Un usuario puede decirle a curl versiones posteriores a 7.20.0 incluyéndola , y versiones anteriores a 7.78.0 incluyéndola, que requiera una actualización con éxito a TLS cuando hable con un servidor IMAP, POP3 o FTP ("--ssl-reqd" en la línea de comandos o "CURLOPT_USE_SSL" configurado como "CURLUSESSL_CONTROL" o "CURLUSESSL_ALL" conlibcurl). Este requisito podría ser omitido si el servidor devolviera una respuesta correctamente diseñada pero perfectamente legítima. Este fallo haría que curl continuara silenciosamente sus operaciones **withoutTLS** en contra de las instrucciones y expectativas, exponiendo posiblemente datos confidenciales en texto sin cifrar a través de la red A flaw was found in curl. • http://seclists.org/fulldisclosure/2022/Mar/29 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://hackerone.com/reports/1334111 https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67 • CWE-319: Cleartext Transmission of Sensitive Information CWE-325: Missing Cryptographic Step •