Log

AVG-1594 edited at 15 Dec 2021 15:36:37
Affected
- 5.15.7.arch1-1
+ 5.15.8.arch1-1
CVE-2021-40827 edited at 15 Dec 2021 15:34:50
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ Clementine Music Player through 1.3.1 is vulnerable to a read access violation on block data move, affecting the MP3 file parsing functionality at memcpy+0x265. The vulnerability is triggered when the user opens a crafted MP3 file or loads a remote stream URL that is mishandled by Clementine. Attackers could exploit this issue to cause a crash (DoS) of the clementine process or achieve arbitrary code execution in the context of the current user.
References
+ https://voidsec.com/advisories/cve-2021-40827/
Notes
AVG-2645 edited at 15 Dec 2021 15:33:39
Severity
- Unknown
+ Medium
CVE-2021-40826 edited at 15 Dec 2021 15:33:39
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ Clementine Music Player through 1.3.1 is vulnerable to a user mode write Access violation, affecting the MP3 file parsing functionality at clementine+0x3aa207. The vulnerability is triggered when the user opens a crafted MP3 file or loads a remote stream URL that is mishandled by Clementine. Attackers could exploit this issue to cause a crash (DoS) of the clementine process or achieve arbitrary code execution in the context of the current user.
References
+ https://voidsec.com/advisories/cve-2021-40826/
Notes
AVG-2645 created at 15 Dec 2021 15:32:33
Packages
+ clementine
Issues
+ CVE-2021-40826
+ CVE-2021-40827
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 1.4.0rc1+759+gd033b38c4-1
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-40827 created at 15 Dec 2021 15:32:33
AVG-2645 created at 15 Dec 2021 15:32:33
Packages
+ clementine
Issues
+ CVE-2021-40826
+ CVE-2021-40827
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 1.4.0rc1+759+gd033b38c4-1
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-40826 created at 15 Dec 2021 15:32:33
AVG-2644 edited at 15 Dec 2021 15:32:04
Severity
- Unknown
+ Low
CVE-2021-4110 edited at 15 Dec 2021 15:32:04
Severity
- Unknown
+ Low
Remote
- Unknown
+ Local
Type
- Unknown
+ Denial of service
Description
+ mruby is vulnerable to a NULL pointer dereference.
References
+ https://huntr.dev/bounties/4ce5dc47-2512-4c87-8609-453adc8cad20/
+ https://github.com/mruby/mruby/commit/f5e10c5a79a17939af763b1dcf5232ce47e24a34
Notes
AVG-2644 created at 15 Dec 2021 15:31:15
Packages
+ mruby
Issues
+ CVE-2021-4110
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 3.0.0-1
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-4110 created at 15 Dec 2021 15:31:15
AVG-2634 edited at 15 Dec 2021 15:28:48
Status
- Vulnerable
+ Fixed
Fixed
+ 5.0.2497.30-1
References
https://vivaldi.com/blog/desktop/minor-update-5-0/
+ https://vivaldi.com/blog/desktop/minor-update-two-5-0/
Notes
- Vivaldi version 5.0.2497.28 is based on Chromium version 96.0.4664.97 according to the reference.
+ Vivaldi version 5.0.2497.28 is based on Chromium version 96.0.4664.97, Vivaldi version 5.0.2497.30 is based on Chromium version 96.0.4664.113 according to the references.
AVG-2640 edited at 15 Dec 2021 06:11:25
Status
- Testing
+ Fixed
AVG-2633 edited at 14 Dec 2021 20:04:34
Status
- Vulnerable
+ Fixed
Fixed
+ 96.0.4664.110-1