Page 88 of 596 results (0.014 seconds)

CVSS: 6.1EPSS: 0%CPEs: 46EXPL: 1

CVE-2021-22947 – curl: Server responses received before STARTTLS processed after TLS handshake

https://notcve.org/view.php?id=CVE-2021-22947

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server. Cuando en curl versiones posteriores a 7.20.0 incluyéndola, y versiones anteriores a 7.78.0 incluyéndola, se conecta a un servidor IMAP o POP3 para recuperar datos usando STARTTLS para actualizar a la seguridad TLS, el servidor puede responder y enviar múltiples respuestas a la vez que curl almacena en caché. curl entonces actualizaría a TLS pero no vaciaría la cola de respuestas almacenadas en caché, sino que continuaría usando y confiando en las respuestas que obtuvo *antes* del protocolo de enlace TLS como si estuvieran autenticadas. Usando este fallo, permite a un atacante de tipo Man-In-The-Middle inyectar primero las respuestas falsas, luego pasar mediante el tráfico TLS del servidor legítimo y engañar a curl para que envíe datos de vuelta al usuario pensando que los datos inyectados por el atacante provienen del servidor protegido por TLS A flaw was found in curl. The flaw lies in how curl handles cached or pipelined responses that it receives from either a IMAP, POP3, SMTP or FTP server before the TLS upgrade using STARTTLS. In such a scenario curl even after upgrading to TLS would trust these cached responses treating them as valid and authenticated and use them. • http://seclists.org/fulldisclosure/2022/Mar/29 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://hackerone.com/reports/1334763 https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67 • CWE-310: Cryptographic Issues CWE-319: Cleartext Transmission of Sensitive Information CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0

CVE-2021-30713 – Apple macOS Unspecified Vulnerability

https://notcve.org/view.php?id=CVE-2021-30713

A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.. Se abordó un problema de permisos con una comprobación mejorada. • http://seclists.org/fulldisclosure/2021/Sep/40 https://support.apple.com/en-us/HT212529 https://support.apple.com/kb/HT212805 • CWE-20: Improper Input Validation •

CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0

CVE-2021-30996

https://notcve.org/view.php?id=CVE-2021-30996

A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2. A malicious application may be able to execute arbitrary code with kernel privileges. Se solucionó una condición de carrera con un manejo de estado mejorado.&#xa0;Este problema se solucionó en macOS Monterey versión 12.1, iOS versión 15.2 e iPadOS versión 15.2. • https://support.apple.com/en-us/HT212976 https://support.apple.com/en-us/HT212978 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0

CVE-2021-30984 – webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution

https://notcve.org/view.php?id=CVE-2021-30984

A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. Se solucionó una condición de carrera con un manejo de estado mejorado.&#xa0;Este problema se solucionó en tvOS versión 15.2, macOS Monterey versión 12.1, Safari versión 15.2, iOS versión 15.2 e iPadOS versión 15.2, watchOS versión 8.3. • http://www.openwall.com/lists/oss-security/2022/01/21/2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V https://support.apple.com/en-us/HT212975 https://support.apple.com/en-us/HT212976 https://support.apple.com/en-us/HT212978 https://support.apple.com/en-us/HT212980 https://support.apple.com/en-us • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2021-30966

https://notcve.org/view.php?id=CVE-2021-30966

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. User traffic might unexpectedly be leaked to a proxy server despite PAC configurations. Se abordó un problema lógico con una administración de estado mejorada.&#xa0;Este problema es corregido en macOS Monterey versión 12.1, watchOS versión 8.3, iOS versión 15.2 e iPadOS versión 15.2, tvOS versión 15.2. • https://support.apple.com/en-us/HT212975 https://support.apple.com/en-us/HT212976 https://support.apple.com/en-us/HT212978 https://support.apple.com/en-us/HT212980 •