Log

AVG-2313 edited at 23 Aug 2021 11:09:53
Severity
- Unknown
+ Medium
CVE-2021-35940 edited at 23 Aug 2021 11:09:53
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Information disclosure
Description
+ An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue.
References
+ https://www.openwall.com/lists/oss-security/2021/08/23/1
+ https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch
+ https://svn.apache.org/viewvc?view=revision&revision=1891198
Notes
AVG-2313 created at 23 Aug 2021 11:07:54
Packages
+ apr
Issues
+ CVE-2021-35940
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 1.7.0-3
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-35940 created at 23 Aug 2021 11:07:54
AVG-2312 edited at 23 Aug 2021 11:06:49
Severity
- Unknown
+ Medium
CVE-2021-37750 edited at 23 Aug 2021 11:06:49
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.
References
+ https://krbdev.mit.edu/rt/Ticket/Display.html?id=9008
+ https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49
Notes
AVG-2312 created at 23 Aug 2021 11:04:15
Packages
+ krb5
Issues
+ CVE-2021-37750
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 1.19.2-1
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-37750 created at 23 Aug 2021 11:04:15
AVG-2311 created at 23 Aug 2021 11:00:46
Packages
+ grilo
Issues
+ CVE-2021-39365
Status
+ Vulnerable
Severity
+ High
Affected
+ 0.3.13-1
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
AVG-2310 created at 23 Aug 2021 11:00:26
Packages
+ evolution-rss
Issues
+ CVE-2021-39361
Status
+ Vulnerable
Severity
+ Medium
Affected
+ 0.3.96-4
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
AVG-2309 created at 23 Aug 2021 10:59:56
Packages
+ libzapojit
Issues
+ CVE-2021-39360
Status
+ Vulnerable
Severity
+ High
Affected
+ 0.0.3+14+g2dace3f-2
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
AVG-2308 created at 23 Aug 2021 10:59:31
Packages
+ libgda
Issues
+ CVE-2021-39359
Status
+ Vulnerable
Severity
+ High
Affected
+ 5.2.10-2
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
AVG-2307 created at 23 Aug 2021 10:59:06
Packages
+ gfbgraph
Issues
+ CVE-2021-39358
Status
+ Vulnerable
Severity
+ High
Affected
+ 0.2.4-1
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
AVG-2306 edited at 23 Aug 2021 10:58:33
Issues
- CVE-2021-39247
+ CVE-2021-39282
CVE-2021-39283
Severity
- Low
+ Medium