Log

AVG-1032 edited at 01 Feb 2021 09:06:28
Advisory qualified
- Yes
+ No
AVG-1517 edited at 01 Feb 2021 09:04:48
Severity
- Unknown
+ Medium
CVE-2021-20199 edited at 01 Feb 2021 09:04:48
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Insufficient validation
Description
+ Rootless containers run with Podman receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-20199
+ https://github.com/containers/podman/issues/5138
+ https://github.com/containers/podman/pull/9052
+ https://github.com/containers/podman/commit/5e65f0ba30f3fca73f8c207825632afef08378c1
Notes
AVG-1517 created at 01 Feb 2021 09:00:13
Packages
+ podman
Issues
+ CVE-2021-20199
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 2.2.1-1
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-20199 created at 01 Feb 2021 09:00:13
CVE-2021-20203 edited at 01 Feb 2021 08:59:19
Severity
- Unknown
+ Low
Remote
- Unknown
+ Local
Type
- Unknown
+ Denial of service
Description
+ An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in a denial of service scenario.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-20203
+ https://bugs.launchpad.net/qemu/+bug/1890152
+ https://bugs.launchpad.net/qemu/+bug/1913873
+ https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg07935.html
AVG-1308 edited at 01 Feb 2021 08:57:27
Issues
CVE-2020-14394
CVE-2020-27821
CVE-2020-29443
CVE-2020-35503
CVE-2020-35504
CVE-2020-35505
CVE-2020-35506
CVE-2020-35517
CVE-2021-20196
+ CVE-2021-20203
CVE-2021-20203 created at 01 Feb 2021 08:57:27
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes
AVG-1516 edited at 01 Feb 2021 08:50:29
Severity
- Low
+ Medium
CVE-2021-3349 edited at 01 Feb 2021 08:50:29
Severity
- Low
+ Medium
AVG-1516 edited at 01 Feb 2021 08:49:49
Severity
- Unknown
+ Low
CVE-2021-3349 edited at 01 Feb 2021 08:49:49
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
Type
- Unknown
+ Insufficient validation
Description
+ GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the best place to change this behavior.
References
+ https://mgorny.pl/articles/evolution-uid-trust-extrapolation.html
+ https://gitlab.gnome.org/GNOME/evolution/-/issues/299
+ https://dev.gnupg.org/T4735
Notes
AVG-1516 created at 01 Feb 2021 08:47:46
Packages
+ evolution
Issues
+ CVE-2021-3349
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 3.38.3-1
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-3349 created at 01 Feb 2021 08:47:46
AVG-1515 created at 01 Feb 2021 08:42:02
Packages
+ linux-lts
Issues
+ CVE-2021-3348
Status
+ Vulnerable
Severity
+ Medium
Affected
+ 5.4.94-1
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
AVG-1514 created at 01 Feb 2021 08:41:33
Packages
+ linux-zen
Issues
+ CVE-2021-3348
Status
+ Vulnerable
Severity
+ Medium
Affected
+ 5.10.12.zen1-1
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes