Log

CVE-2021-3281 edited at 02 Feb 2021 08:27:58
Description
- The django.utils.archive.extract() function, used by startapp --template and startproject --template, allowed directory-traversal via an archive with absolute paths or relative paths with dot segments.
+ In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by "startapp --template" and "startproject --template") allows directory traversal via an archive with absolute paths or relative paths with dot segments.
AVG-1523 edited at 01 Feb 2021 22:53:42
Severity
- Unknown
+ Low
CVE-2020-28493 edited at 01 Feb 2021 22:53:42
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ A security issue was found in python-jinja before version 2.11.3. The regular expression denial of service vulnerability is mainly due to the sub-pattern [a-zA-Z0-9._-]+.[a-zA-Z0-9._-]+ This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory.
References
+ https://snyk.io/vuln/SNYK-PYTHON-JINJA2-1012994
+ https://github.com/pallets/jinja/pull/1343
+ https://github.com/pallets/jinja/commit/ef658dc3b6389b091d608e710a810ce8b87995b3
Notes
+ Workaround
+ ==========
+
+ This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory.
AVG-1523 created at 01 Feb 2021 22:50:36
Packages
+ python-jinja
+ python2-jinja
Issues
+ CVE-2020-28493
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 2.11.2-4
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2020-28493 created at 01 Feb 2021 22:50:36
CVE-2020-29443 edited at 01 Feb 2021 22:45:22
References
https://www.openwall.com/lists/oss-security/2021/01/18/2
https://bugzilla.redhat.com/show_bug.cgi?id=1917446
- https://git.qemu.org/?p=qemu.git;a=commit;h=b8d7f1bc59276fec85e4d09f1567613a3e14d31e
+ https://git.qemu.org/?p=qemu.git;a=commitdiff;h=b8d7f1bc59276fec85e4d09f1567613a3e14d31e
CVE-2020-27821 edited at 01 Feb 2021 22:45:11
References
https://www.openwall.com/lists/oss-security/2020/12/16/6
https://bugzilla.redhat.com/show_bug.cgi?id=1902651
- https://git.qemu.org/?p=qemu.git;a=commit;h=4bfb024bc76973d40a359476dc0291f46e435442
+ https://git.qemu.org/?p=qemu.git;a=commitdiff;h=4bfb024bc76973d40a359476dc0291f46e435442
CVE-2021-20181 edited at 01 Feb 2021 22:44:03
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Privilege escalation
Description
+ A security issue was found in QEMU 5.2.0. A race condition in the Plan 9 file system component could allow privilege escalation.
References
+ https://bugs.launchpad.net/qemu/+bug/1911666
+ https://git.qemu.org/?p=qemu.git;a=commitdiff;h=89fbea8737e8f7b954745a1ffc4238d377055305
AVG-1308 edited at 01 Feb 2021 22:38:19
Issues
CVE-2020-14394
CVE-2020-27821
CVE-2020-29443
CVE-2020-35503
CVE-2020-35504
CVE-2020-35505
CVE-2020-35506
CVE-2020-35517
+ CVE-2021-20181
CVE-2021-20196
CVE-2021-20203
CVE-2021-20181 created at 01 Feb 2021 22:38:19
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes
CVE-2020-29443 edited at 01 Feb 2021 22:37:35
References
https://www.openwall.com/lists/oss-security/2021/01/18/2
https://bugzilla.redhat.com/show_bug.cgi?id=1917446
- https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg04255.html
+ https://git.qemu.org/?p=qemu.git;a=commit;h=b8d7f1bc59276fec85e4d09f1567613a3e14d31e
CVE-2021-22172 edited at 01 Feb 2021 22:33:21
References
https://about.gitlab.com/blog/2021/02/01/security-release-gitlab-13-8-2-released/#guest-user-can-see-tag-names-in-private-projects
+ https://gitlab.com/gitlab-org/gitlab-foss/-/commit/41b1c0469dba622a1c2c67c17f1f5e491573accf
AVG-1520 edited at 01 Feb 2021 22:28:59
Status
- Vulnerable
+ Fixed
Fixed
+ 2021.01.30-1