CVSS: 6.1EPSS: 0%CPEs: 46EXPL: 1CVE-2021-22947 – curl: Server responses received before STARTTLS processed after TLS handshake
https://notcve.org/view.php?id=CVE-2021-22947
15 Sep 2021 — When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-thro... • http://seclists.org/fulldisclosure/2022/Mar/29 • CWE-310: Cryptographic Issues CWE-319: Cleartext Transmission of Sensitive Information CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.5EPSS: 0%CPEs: 49EXPL: 1CVE-2021-22946 – curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols
https://notcve.org/view.php?id=CVE-2021-22946
15 Sep 2021 — A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitiv... • http://seclists.org/fulldisclosure/2022/Mar/29 • CWE-319: Cleartext Transmission of Sensitive Information CWE-325: Missing Cryptographic Step •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-30756
https://notcve.org/view.php?id=CVE-2021-30756
08 Sep 2021 — A local attacker may be able to view Now Playing information from the lock screen. This issue is fixed in macOS Big Sur 11.4, iOS 14.6 and iPadOS 14.6. A privacy issue in Now Playing was addressed with improved permissions. Un atacante local podría visualizar la información de Now Playing desde la pantalla de bloqueo. Este problema se corrigió en macOS Big Sur versión 11.4, iOS versión 14.6 e iPadOS versión 14.6. • https://support.apple.com/en-us/HT212528 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-30751
https://notcve.org/view.php?id=CVE-2021-30751
08 Sep 2021 — This issue was addressed with improved data protection. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass certain Privacy preferences. Se abordó este problema con una protección de datos mejorada. Este problema se corrigió en macOS Big Sur versión 11.4. • https://support.apple.com/en-us/HT212529 •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-30755
https://notcve.org/view.php?id=CVE-2021-30755
08 Sep 2021 — Processing a maliciously crafted font may result in the disclosure of process memory. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5. An out-of-bounds read was addressed with improved input validation. El procesamiento de una fuente diseñada maliciosamente puede resultar en una divulgación de la memoria del proceso. Este problema se corrigió en macOS Big Sur versión 11.4, tvOS versión 14.6 y watchOS versión 7.5. • https://support.apple.com/en-us/HT212529 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-30753
https://notcve.org/view.php?id=CVE-2021-30753
08 Sep 2021 — Processing a maliciously crafted font may result in the disclosure of process memory. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. An out-of-bounds read was addressed with improved input validation. El procesamiento de una fuente maliciosamente diseñada puede resultar en una divulgación de la memoria del proceso. Este problema se corrigió en macOS Big Sur versión 11.4, tvOS versión 14.6, watchOS versión 7.5, iOS versión 14.6 e iPadOS versión 14.6. • https://support.apple.com/en-us/HT212528 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-31013
https://notcve.org/view.php?id=CVE-2021-31013
24 Aug 2021 — An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2. Processing a maliciously crafted font may result in the disclosure of process memory. Se ha solucionado una lectura fuera de límites con una comprobación de límites mejorada. Este problema se ha solucionado en macOS Monterey 12.1, iOS 15.2 y iPadOS 15.2, macOS Big Sur 11.6.2. • https://support.apple.com/en-us/HT212976 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 22EXPL: 0CVE-2021-31010 – Apple iOS, macOS, watchOS Sandbox Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-31010
24 Aug 2021 — A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that this issue may have been actively exploited at the time of release.. Se ha solucionado un problema de deserialización mediante una validación mejorada. • https://support.apple.com/en-us/HT212804 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-31007
https://notcve.org/view.php?id=CVE-2021-31007
24 Aug 2021 — Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, tvOS 15.1, macOS Big Sur 11.6.2, watchOS 8.1, macOS Monterey 12.1. A malicious application may be able to bypass Privacy preferences. Descripción: Se ha solucionado un problema de permisos con una validación mejorada. Este problema se ha solucionado en iOS 15.1 y iPadOS 15.1, tvOS 15.1, macOS Big Sur 11.6.2, watchOS 8.1, macOS Monterey 12.1. • https://support.apple.com/en-us/HT212867 • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-31006
https://notcve.org/view.php?id=CVE-2021-31006
24 Aug 2021 — Description: A permissions issue was addressed with improved validation. This issue is fixed in watchOS 7.6, tvOS 14.7, macOS Big Sur 11.5. A malicious application may be able to bypass certain Privacy preferences. Descripción: Se ha solucionado un problema de permisos con una validación mejorada. Este problema se ha solucionado en watchOS 7.6, tvOS 14.7 y macOS Big Sur 11.5. • https://support.apple.com/en-us/HT212602 • CWE-276: Incorrect Default Permissions •