Log

CVE-2021-37156 edited at 05 Aug 2021 22:31:14
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
Type
- Unknown
+ Authentication bypass
Description
+ Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior is for those sessions to be terminated.
References
+ https://www.redmine.org/projects/redmine/wiki/Security_Advisories
+ https://www.redmine.org/issues/35417
+ https://github.com/redmine/redmine/commit/ee0d822517154878a2ad33be66b820c6b68d077b
AVG-1920 edited at 05 Aug 2021 22:28:11
Issues
CVE-2021-22885
CVE-2021-22904
+ CVE-2021-37156
Notes
- Action Pack version 5.2.5 is bundled with Redmine version 4.2.1.
CVE-2021-37156 created at 05 Aug 2021 22:28:11
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes
AVG-2226 edited at 05 Aug 2021 21:41:03
Status
- Vulnerable
+ Testing
Fixed
+ 10.6.4-1
AVG-1357 edited at 05 Aug 2021 21:40:06
Affected
- 2:1.16.6-1
+ 2:1.16.7-1
AVG-2259 edited at 05 Aug 2021 21:39:17
Severity
- Unknown
+ Low
CVE-2021-36221 edited at 05 Aug 2021 21:39:17
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ A security issue has been found in Go before version 1.16.7. A net/http/httputil ReverseProxy can panic due to a race condition if its Handler aborts with ErrAbortHandler, for example due to an error in copying the response body. An attacker might be able to force the conditions leading to the race condition.
References
+ https://groups.google.com/g/golang-announce/c/uHACNfXAZqk
+ https://github.com/golang/go/issues/46866
+ https://github.com/golang/go/commit/accf363d5da864521c90b152fb734f3f15e00521
Notes
AVG-2259 created at 05 Aug 2021 21:36:20
Packages
+ go
Issues
+ CVE-2021-36221
Status
+ Fixed
Severity
+ Unknown
Affected
+ 2:1.16.6-1
Fixed
+ 2:1.16.7-1
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-36221 created at 05 Aug 2021 21:36:20
AVG-2257 edited at 05 Aug 2021 16:12:47
Status
- Testing
+ Fixed
AVG-2247 edited at 05 Aug 2021 12:52:48
Status
- Vulnerable
+ Fixed
Fixed
+ 4.1.2369.15-1
AVG-2255 edited at 05 Aug 2021 10:17:33
Status
- Testing
+ Fixed
AVG-2256 edited at 05 Aug 2021 10:17:33
Status
- Testing
+ Fixed