CVSS: 6.1EPSS: 0%CPEs: 46EXPL: 1CVE-2021-22947 – curl: Server responses received before STARTTLS processed after TLS handshake
https://notcve.org/view.php?id=CVE-2021-22947
15 Sep 2021 — When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-thro... • http://seclists.org/fulldisclosure/2022/Mar/29 • CWE-310: Cryptographic Issues CWE-319: Cleartext Transmission of Sensitive Information CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-31013
https://notcve.org/view.php?id=CVE-2021-31013
24 Aug 2021 — An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2. Processing a maliciously crafted font may result in the disclosure of process memory. Se ha solucionado una lectura fuera de límites con una comprobación de límites mejorada. Este problema se ha solucionado en macOS Monterey 12.1, iOS 15.2 y iPadOS 15.2, macOS Big Sur 11.6.2. • https://support.apple.com/en-us/HT212976 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-31009
https://notcve.org/view.php?id=CVE-2021-31009
24 Aug 2021 — Multiple issues were addressed by removing HDF5. This issue is fixed in iOS 15.2 and iPadOS 15.2, macOS Monterey 12.1. Multiple issues in HDF5. Se han solucionado múltiples problemas al eliminar HDF5. Este problema se ha solucionado en iOS 15.2 y iPadOS 15.2, macOS Monterey 12.1. • https://support.apple.com/en-us/HT212976 •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-31008
https://notcve.org/view.php?id=CVE-2021-31008
24 Aug 2021 — A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 15.1, tvOS 15.1, iOS 15 and iPadOS 15, macOS Monterey 12.0.1, watchOS 8.1. Processing maliciously crafted web content may lead to code execution. Se ha solucionado un problema de confusión de tipos con un mejor manejo de la memoria. Este problema se ha solucionado en Safari 15.1, tvOS 15.1, iOS 15 y iPadOS 15, macOS Monterey 12.0.1, watchOS 8.1. • https://support.apple.com/en-us/HT212814 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-31007
https://notcve.org/view.php?id=CVE-2021-31007
24 Aug 2021 — Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, tvOS 15.1, macOS Big Sur 11.6.2, watchOS 8.1, macOS Monterey 12.1. A malicious application may be able to bypass Privacy preferences. Descripción: Se ha solucionado un problema de permisos con una validación mejorada. Este problema se ha solucionado en iOS 15.1 y iPadOS 15.1, tvOS 15.1, macOS Big Sur 11.6.2, watchOS 8.1, macOS Monterey 12.1. • https://support.apple.com/en-us/HT212867 • CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-31005
https://notcve.org/view.php?id=CVE-2021-31005
24 Aug 2021 — Description: A logic issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15, macOS Monterey 12.0.1. Turning off "Block all remote content" may not apply to all remote content types. Descripción: Se ha solucionado un problema de lógica con la mejora de la gestión de estados. Este problema se ha solucionado en iOS 15 y iPadOS 15, macOS Monterey 12.0.1. • https://support.apple.com/en-us/HT212814 •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-31004
https://notcve.org/view.php?id=CVE-2021-31004
24 Aug 2021 — A race condition was addressed with improved locking. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.5. An application may be able to gain elevated privileges. Se ha solucionado una condición de carrera con un bloqueo mejorado. Este problema se ha solucionado en macOS Monterey 12.0.1, macOS Big Sur 11.5. • https://support.apple.com/en-us/HT212602 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-31002
https://notcve.org/view.php?id=CVE-2021-31002
24 Aug 2021 — An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.6.2. A malicious application may be able to execute arbitrary code with system privileges. Se ha solucionado una lectura fuera de los límites con una validación de entrada mejorada. Este problema se ha solucionado en macOS Monterey 12.0.1, macOS Big Sur 11.6.2. • https://support.apple.com/en-us/HT212869 • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-31000
https://notcve.org/view.php?id=CVE-2021-31000
24 Aug 2021 — A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2, watchOS 8.3, macOS Monterey 12.1, tvOS 15.2. A malicious application may be able to read sensitive contact information. Se ha solucionado un problema de permisos con una validación mejorada. Este problema se ha solucionado en iOS 15.2 y iPadOS 15.2, watchOS 8.3, macOS Monterey 12.1, tvOS 15.2. • https://support.apple.com/en-us/HT212975 • CWE-276: Incorrect Default Permissions •
CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0CVE-2021-30996
https://notcve.org/view.php?id=CVE-2021-30996
24 Aug 2021 — A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2. A malicious application may be able to execute arbitrary code with kernel privileges. Se solucionó una condición de carrera con un manejo de estado mejorado. Este problema se solucionó en macOS Monterey versión 12.1, iOS versión 15.2 e iPadOS versión 15.2. • https://support.apple.com/en-us/HT212976 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •