---

Log

AVG-2295 edited at 23 Aug 2021 11:19:18
Issues	+ CVE-2021-3653 + CVE-2021-3656 CVE-2021-3732 CVE-2021-38166

CVE-2021-3653 created at 23 Aug 2021 11:19:18
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes

CVE-2021-3713 edited at 23 Aug 2021 11:16:51
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Arbitrary code execution
Description	+ An out-of-bounds write issue was found in the UAS (USB Attached SCSI) device emulation of QEMU. It occurs due to missing sanity checks in the usb_uas_handle_data() function in hw/usb/dev-uas.c. In particular, the device uses the guest-supplied stream number unchecked, which can lead to guest-triggered out-of-bounds access to the UASDevice->data3 and UASDevice->status3 fields.
References	+ https://bugzilla.redhat.com/show_bug.cgi?id=1994640 + https://lists.nongnu.org/archive/html/qemu-devel/2021-08/msg02766.html

AVG-1898 edited at 23 Aug 2021 11:15:37
Issues	CVE-2020-14394 CVE-2021-3507 CVE-2021-3527 CVE-2021-3544 CVE-2021-3545 CVE-2021-3546 CVE-2021-3582 CVE-2021-3607 CVE-2021-3608 CVE-2021-3611 CVE-2021-3638 CVE-2021-3682 + CVE-2021-3713 CVE-2021-20196 CVE-2021-20203 CVE-2021-20255

CVE-2021-3713 created at 23 Aug 2021 11:15:37
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes

CVE-2021-3732 edited at 23 Aug 2021 11:15:07
References	+ https://bugzilla.redhat.com/show_bug.cgi?id=1995249 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.13.11&id=41812f4b84484530057513478c6770590347dc30 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.59&id=6a002d48a66076524f67098132538bef17e8445e

AVG-2234 edited at 23 Aug 2021 11:14:34
Issues	CVE-2021-3679 + CVE-2021-3732 CVE-2021-34556 CVE-2021-35477 CVE-2021-37159 CVE-2021-38166 CVE-2021-38204

AVG-2297 edited at 23 Aug 2021 11:14:25
Issues	+ CVE-2021-3732 CVE-2021-38166

AVG-2296 edited at 23 Aug 2021 11:14:19
Issues	+ CVE-2021-3732 CVE-2021-38166

CVE-2021-3732 edited at 23 Aug 2021 11:14:10
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Information disclosure
Description	+ A security issue was found in overlayfs implementation of the Linux kernel before version 5.13.11 where a local attacker with an unprivileged account who has the ability to mount a filesystem can abuse a logic bug in the overlayfs code which can inadvertently reveal files hidden in the original mount.
References	+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.13.11&id=41812f4b84484530057513478c6770590347dc30 + https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.59&id=6a002d48a66076524f67098132538bef17e8445e

AVG-2295 edited at 23 Aug 2021 11:12:23
Issues	+ CVE-2021-3732 CVE-2021-38166

CVE-2021-3732 created at 23 Aug 2021 11:12:23
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes

AVG-2313 edited at 23 Aug 2021 11:09:53
Severity	- Unknown + Medium

CVE-2021-35940 edited at 23 Aug 2021 11:09:53
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Information disclosure
Description	+ An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue.
References	+ https://www.openwall.com/lists/oss-security/2021/08/23/1 + https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch + https://svn.apache.org/viewvc?view=revision&revision=1891198
Notes