Log

AVG-1354 edited at 23 Aug 2021 19:11:15
Affected
- 3.2.3-3
+ 3.2.3-4
CVE-2021-35940 edited at 23 Aug 2021 15:45:58
References
- https://www.openwall.com/lists/oss-security/2021/08/23/1
+ https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3E
https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch
https://svn.apache.org/viewvc?view=revision&revision=1891198
AVG-2314 edited at 23 Aug 2021 11:31:52
Severity
- Unknown
+ Medium
CVE-2021-3621 edited at 23 Aug 2021 11:31:52
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Arbitrary command execution
Description
+ A security issue was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=1975142
+ https://github.com/SSSD/sssd/commit/7ab83f97e1cbefb78ece17232185bdd2985f0bbe
Notes
AVG-2314 created at 23 Aug 2021 11:29:56
Packages
+ sssd
Issues
+ CVE-2021-3621
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 2.5.2-1
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-3621 created at 23 Aug 2021 11:29:56
AVG-2234 edited at 23 Aug 2021 11:23:10
Issues
+ CVE-2021-3653
+ CVE-2021-3656
CVE-2021-3679
CVE-2021-3732
CVE-2021-34556
CVE-2021-35477
CVE-2021-37159
CVE-2021-38166
CVE-2021-38204
AVG-2297 edited at 23 Aug 2021 11:23:02
Issues
+ CVE-2021-3653
+ CVE-2021-3656
CVE-2021-3732
CVE-2021-38166
AVG-2296 edited at 23 Aug 2021 11:22:56
Issues
+ CVE-2021-3653
+ CVE-2021-3656
CVE-2021-3732
CVE-2021-38166
CVE-2021-3656 edited at 23 Aug 2021 11:22:43
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Insufficient validation
Description
+ A security issue has been found in the KVM's AMD code for supporting SVM nested virtualization in the Linux kernel before version 5.13.20. This issue is caused by missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. Under these circumstances, the L2 guest is able to run VMLOAD/VMSAVE unintercepted, and thus read/write portions of the host physical memory.
References
+ https://www.openwall.com/lists/oss-security/2021/08/16/1
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.13.12&id=639a033fd765ed473dfee27028df5ccbe1038a2e
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.60&id=3dc5666baf2a135f250e4101d41d5959ac2c2e1f
CVE-2021-3653 edited at 23 Aug 2021 11:21:48
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Insufficient validation
Description
+ A security issue has been found in the KVM's AMD code for supporting SVM nested virtualization in the Linux kernel before version 5.13.20. This issue is caused by missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. The L2 guest is able to write to a limited but still relatively large subset of the host physical memory. Note that AVIC is currently not supported with nesting and it is not advertised in the L1 CPUID.
References
+ https://www.openwall.com/lists/oss-security/2021/08/16/1
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.13.12&id=a0949ee63cf95408870a564ccad163018b1a9e6b
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.60&id=c0883f693187c646c0972d73e525523f9486c2e3
AVG-2295 edited at 23 Aug 2021 11:19:18
Issues
+ CVE-2021-3653
+ CVE-2021-3656
CVE-2021-3732
CVE-2021-38166
CVE-2021-3656 created at 23 Aug 2021 11:19:18
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes