Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.
CVSS Information
N/A
Vulnerability Type
加密问题
Vulnerability Title
Migration Toolkit For Containers 数据伪造问题漏洞
Vulnerability Description
Red Hat Migration Toolkit For Containers(Mtc)是美国红帽(Red Hat)公司的一个容器迁移工具包。用于提供基于 Kubernetes 自定义资源的 Web 控制台和 Api,以帮助控制迁移并最大程度地减少应用程序停机时间。 Migration Toolkit For Containers 存在数据伪造问题漏洞。该漏洞源于不正确的命名空间处理可能导致未授权。
CVSS Information
N/A
Vulnerability Type
N/A