Log

CVE-2021-21143 edited at 02 Feb 2021 20:11:48
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ A heap buffer overflow security issue was found in the Extensions component of the Chromium browser before version 88.0.4324.146.
References
+ https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html
+ https://crbug.com/1163504
Notes
AVG-1525 edited at 02 Feb 2021 20:10:38
Severity
- Unknown
+ Critical
CVE-2021-21142 edited at 02 Feb 2021 20:10:38
Severity
- Unknown
+ Critical
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ A use after free security issue was found in the Payments component of the Chromium browser before version 88.0.4324.146.
References
+ https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html
+ https://crbug.com/1169317
Notes
AVG-1525 created at 02 Feb 2021 20:09:06
Packages
+ chromium
Issues
+ CVE-2021-21142
+ CVE-2021-21143
+ CVE-2021-21144
+ CVE-2021-21145
+ CVE-2021-21146
+ CVE-2021-21147
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 88.0.4324.96-2
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-21145 created at 02 Feb 2021 20:09:06
AVG-1525 created at 02 Feb 2021 20:09:06
Packages
+ chromium
Issues
+ CVE-2021-21142
+ CVE-2021-21143
+ CVE-2021-21144
+ CVE-2021-21145
+ CVE-2021-21146
+ CVE-2021-21147
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 88.0.4324.96-2
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-21147 created at 02 Feb 2021 20:09:06
AVG-1525 created at 02 Feb 2021 20:09:06
Packages
+ chromium
Issues
+ CVE-2021-21142
+ CVE-2021-21143
+ CVE-2021-21144
+ CVE-2021-21145
+ CVE-2021-21146
+ CVE-2021-21147
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 88.0.4324.96-2
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-21143 created at 02 Feb 2021 20:09:06
AVG-1525 created at 02 Feb 2021 20:09:06
Packages
+ chromium
Issues
+ CVE-2021-21142
+ CVE-2021-21143
+ CVE-2021-21144
+ CVE-2021-21145
+ CVE-2021-21146
+ CVE-2021-21147
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 88.0.4324.96-2
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-21142 created at 02 Feb 2021 20:09:06
AVG-1525 created at 02 Feb 2021 20:09:06
Packages
+ chromium
Issues
+ CVE-2021-21142
+ CVE-2021-21143
+ CVE-2021-21144
+ CVE-2021-21145
+ CVE-2021-21146
+ CVE-2021-21147
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 88.0.4324.96-2
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-21144 created at 02 Feb 2021 20:09:06
AVG-1525 created at 02 Feb 2021 20:09:06
Packages
+ chromium
Issues
+ CVE-2021-21142
+ CVE-2021-21143
+ CVE-2021-21144
+ CVE-2021-21145
+ CVE-2021-21146
+ CVE-2021-21147
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 88.0.4324.96-2
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-21146 created at 02 Feb 2021 20:09:06
CVE-2021-3392 edited at 02 Feb 2021 13:26:34
Description
- A use after-free-issue was found in the Megaraid emulator of the QEMU. It occurs while processing SCSI I/O requests because in case of an error mptsas_free_request() does not dequeue request object 'req' from a pending requests' queue. Which later gets processed resulting in the said use-after-free issue. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in a denial of service scenario.
+ A use-after-free issue was found in the Megaraid emulator of the QEMU. It occurs while processing SCSI I/O requests because in case of an error mptsas_free_request() does not dequeue request object 'req' from a pending requests' queue. Which later gets processed resulting in the said use-after-free issue. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in a denial of service scenario.
CVE-2021-3392 edited at 02 Feb 2021 13:25:52
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Arbitrary code execution
Description
+ A use after-free-issue was found in the Megaraid emulator of the QEMU. It occurs while processing SCSI I/O requests because in case of an error mptsas_free_request() does not dequeue request object 'req' from a pending requests' queue. Which later gets processed resulting in the said use-after-free issue. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in a denial of service scenario.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=1924042
+ https://bugs.launchpad.net/qemu/+bug/1914236