---

Log

AVG-2283 created at 12 Aug 2021 07:06:06
Packages	+ nodejs
Issues	+ CVE-2021-22931 + CVE-2021-22939 + CVE-2021-22940
Status	+ Fixed
Severity	+ Unknown
Affected	+ 16.6.1-1
Fixed	+ 16.6.2-1
Ticket
Advisory qualified	+ Yes
References
Notes

CVE-2021-22940 created at 12 Aug 2021 07:06:06

CVE-2021-29987 edited at 12 Aug 2021 07:03:23
Description	- A security issue has been found in Firefox before version 91. After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to. + A security issue has been found in Firefox and Thunderbird before version 91. After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to.
References	+ https://www.mozilla.org/security/advisories/mfsa2021-33/ https://www.mozilla.org/security/advisories/mfsa2021-33/ https://bugzilla.mozilla.org/show_bug.cgi?id=1716129

CVE-2021-29982 edited at 12 Aug 2021 07:03:11
Description	- A security issue has been found in Firefox before version 91. Due to incorrect JIT optimization, it incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. + A security issue has been found in Firefox and Thunderbird before version 91. Due to incorrect JIT optimization, it incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory.
References	+ https://www.mozilla.org/security/advisories/mfsa2021-33/ https://www.mozilla.org/security/advisories/mfsa2021-33/ https://bugzilla.mozilla.org/show_bug.cgi?id=1715318

CVE-2021-29981 edited at 12 Aug 2021 07:02:42
Description	- A security issue has been found in Firefox before version 91. An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. + A security issue has been found in Firefox and Thunderbird before version 91. An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash.
References	https://www.mozilla.org/security/advisories/mfsa2021-33/ + https://www.mozilla.org/security/advisories/mfsa2021-36/ https://bugzilla.mozilla.org/show_bug.cgi?id=1707774

AVG-2270 edited at 12 Aug 2021 07:01:49
Issues	CVE-2021-29980 + CVE-2021-29981 + CVE-2021-29982 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 + CVE-2021-29987 CVE-2021-29988 CVE-2021-29989
Notes	+ In general, these flaws cannot be exploited through email because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.

AVG-2282 created at 12 Aug 2021 06:58:12
Packages	+ qt5-base
Issues	+ CVE-2021-38593
Status	+ Vulnerable
Severity	+ Medium
Affected	+ 5.15.2+kde+r214-1
Fixed
Ticket
Advisory qualified	+ Yes
References
Notes

AVG-2281 edited at 12 Aug 2021 06:57:50
Severity	- Unknown + Medium

CVE-2021-38593 edited at 12 Aug 2021 06:57:50
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Arbitrary code execution
Description	+ Qt 5.0.0 through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).
References	+ https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-903.yaml + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35566 + https://github.com/qt/qtbase/commit/6b400e3147dcfd8cc3a393ace1bd118c93762e0c
Notes

AVG-2281 created at 12 Aug 2021 06:56:35
Packages	+ qt6-base
Issues	+ CVE-2021-38593
Status	+ Vulnerable
Severity	+ Unknown
Affected	+ 6.1.2-1
Fixed
Ticket
Advisory qualified	+ Yes
References
Notes

CVE-2021-38593 created at 12 Aug 2021 06:56:35

CVE-2021-28216 edited at 11 Aug 2021 21:37:59
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Insufficient validation
Description	+ A security issue has been found in edk2. In the function FpdtStatusCodeListenerPei(), the pointer BootPerformanceTable is read directly from an NVRAM variable ("FirmwarePerformance"). Memory is then updated at that address. A local attacker may modify the variable at his will, and after reboot the vulnerable code will update memory at the attacker-supplied address.
References	+ https://bugzilla.tianocore.org/show_bug.cgi?id=2957

AVG-1360 edited at 11 Aug 2021 21:36:10
Issues	CVE-2019-14560 + CVE-2021-28216

CVE-2021-28216 created at 11 Aug 2021 21:36:10
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes