Log

AVG-2114 edited at 28 Jul 2021 08:23:23
Affected
- 2.5.0-5
+ 2.5.0-6
CVE-2021-37594 edited at 28 Jul 2021 08:22:29
References
+ https://github.com/FreeRDP/FreeRDP/pull/7185
https://github.com/FreeRDP/FreeRDP/commit/7019140a22615be202f8e0710115f2b05ff64d05
CVE-2021-37595 edited at 28 Jul 2021 08:22:20
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Insufficient validation
Description
+ In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_RANGE File Contents Request PDU.
References
+ https://github.com/FreeRDP/FreeRDP/pull/7185
+ https://github.com/FreeRDP/FreeRDP/commit/7019140a22615be202f8e0710115f2b05ff64d05
Notes
AVG-2227 edited at 28 Jul 2021 08:21:07
Severity
- Unknown
+ Medium
CVE-2021-37594 edited at 28 Jul 2021 08:21:07
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Insufficient validation
Description
+ In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_SIZE File Contents Request PDU.
References
+ https://github.com/FreeRDP/FreeRDP/commit/7019140a22615be202f8e0710115f2b05ff64d05
Notes
AVG-2227 created at 28 Jul 2021 08:19:32
Packages
+ freerdp
Issues
+ CVE-2021-37594
+ CVE-2021-37595
Status
+ Not affected
Severity
+ Unknown
Affected
+ 2:2.3.2-1
Fixed
Ticket
Advisory qualified
+ No
References
Notes
CVE-2021-37594 created at 28 Jul 2021 08:19:32
AVG-2227 created at 28 Jul 2021 08:19:32
Packages
+ freerdp
Issues
+ CVE-2021-37594
+ CVE-2021-37595
Status
+ Not affected
Severity
+ Unknown
Affected
+ 2:2.3.2-1
Fixed
Ticket
Advisory qualified
+ No
References
Notes
CVE-2021-37595 created at 28 Jul 2021 08:19:32
AVG-2202 edited at 28 Jul 2021 08:14:20
References
+ https://vivaldi.com/blog/desktop/minor-update-6-for-desktop-4-0/
+ https://vivaldi.com/blog/desktop/vivaldi-4-1-rc-1-desktop/
Notes
+ Vivaldi version 4.0.2312.41 is based on Chromium version 91.0.4472.166, Vivaldi version 4.1.2369.11 is based on Chromium version 92.0.4515.126 according to the references.
AVG-1800 edited at 27 Jul 2021 15:42:32
Affected
- 1.0.0.70-1
+ 1.0.0.71-1
Advisory qualified
- Yes
+ No
CVE-2021-2389 edited at 27 Jul 2021 11:25:10
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
References
+ https://www.oracle.com/security-alerts/cpujul2021verbose.html#MSQL
AVG-2226 edited at 27 Jul 2021 11:24:42
Severity
- Unknown
+ Medium
CVE-2021-2372 edited at 27 Jul 2021 11:24:42
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
References
+ https://www.oracle.com/security-alerts/cpujul2021verbose.html#MSQL
Notes