Log

AVG-2114 edited at 22 Aug 2021 10:47:08
Affected
- 2.6.0-1
+ 2.6.0-2
AVG-2236 edited at 22 Aug 2021 10:46:22
Status
- Vulnerable
+ Fixed
Fixed
+ 2.37.2-1
CVE-2021-37600 edited at 22 Aug 2021 10:46:01
Description
- An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file.
+ An integer overflow in util-linux before 2.37.2 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file.
References
https://github.com/karelzak/util-linux/issues/1395
- https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
+ https://github.com/karelzak/util-linux/commit/86d5de52d43501711586054e7b601fbc57403085
AVG-2279 edited at 22 Aug 2021 10:45:00
Status
- Vulnerable
+ Fixed
Fixed
+ 0.11.0-1
AVG-2192 edited at 22 Aug 2021 10:43:13
Status
- Vulnerable
+ Fixed
Fixed
+ 7.2-1
AVG-2282 edited at 14 Aug 2021 14:34:54
Affected
- 5.15.2+kde+r215-1
+ 5.15.2+kde+r215-2
AVG-2294 edited at 13 Aug 2021 18:25:44
Severity
- Low
+ Medium
CVE-2021-38554 edited at 13 Aug 2021 18:25:44
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Information disclosure
Description
+ HashiCorp Vault's UI up to version 1.7.3 erroneously cached and exposed user-viewed secrets between sessions in a single shared browser.
References
+ https://discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166
Notes
CVE-2021-38553 edited at 13 Aug 2021 18:19:33
Description
- HashiCorp Vault 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.
+ HashiCorp Vault 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions.
AVG-2294 edited at 13 Aug 2021 18:19:23
Severity
- Unknown
+ Low
CVE-2021-38553 edited at 13 Aug 2021 18:19:23
Severity
- Unknown
+ Low
Remote
- Unknown
+ Local
Type
- Unknown
+ Denial of service
Description
+ HashiCorp Vault 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.
References
+ https://discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168
Notes
AVG-2294 created at 13 Aug 2021 18:14:58
Packages
+ vault
Issues
+ CVE-2021-38553
+ CVE-2021-38554
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 1.7.3-1
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-38553 created at 13 Aug 2021 18:14:58