Log

AVG-2180 edited at 20 Jul 2021 15:46:02
Severity
- Unknown
+ Medium
CVE-2020-15660 edited at 20 Jul 2021 15:46:02
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Cross-site request forgery
Description
+ Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a cross-site request forgery (CSRF) vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution.
References
+ https://github.com/mozilla/geckodriver/releases/tag/v0.27.0
Notes
AVG-2180 created at 20 Jul 2021 15:44:01
Packages
+ geckodriver
Issues
+ CVE-2020-15660
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 0.26.0-1
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2020-15660 created at 20 Jul 2021 15:44:01
AVG-1774 edited at 20 Jul 2021 15:42:17
Status
- Vulnerable
+ Fixed
Fixed
+ 2.9.20-1
CVE-2021-20307 edited at 20 Jul 2021 15:42:08
Description
- A format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlier can lead to read and write arbitrary memory values.
+ A format string vulnerability in panoFileOutputNamesCreate() in libpano13 before version 2.9.20 can lead to reading and writing of arbitrary memory values.
AVG-1741 edited at 20 Jul 2021 15:39:34
Severity
- Medium
+ High
CVE-2021-33909 edited at 20 Jul 2021 15:39:34
Severity
- Medium
+ High
AVG-1879 edited at 20 Jul 2021 15:39:34
Severity
- Medium
+ High
CVE-2021-33909 edited at 20 Jul 2021 15:39:34
Severity
- Medium
+ High
AVG-1880 edited at 20 Jul 2021 15:39:34
Severity
- Medium
+ High
CVE-2021-33909 edited at 20 Jul 2021 15:39:34
Severity
- Medium
+ High
AVG-1881 edited at 20 Jul 2021 15:39:34
Severity
- Medium
+ High
CVE-2021-33909 edited at 20 Jul 2021 15:39:34
Severity
- Medium
+ High
CVE-2021-33909 edited at 20 Jul 2021 15:36:50
Description
- An privilege escalation security issue has been found in the filesystem layer of the Linux kernel. An unprivileged local attacker can obtain full root privileges by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, which leads to an uncontrolled out-of-bounds write.
+ An privilege escalation security issue has been found in the filesystem layer of the Linux kernel before version 5.13.4. An unprivileged local attacker can obtain full root privileges by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, which leads to an uncontrolled out-of-bounds write.
References
https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt
https://www.qualys.com/2021/07/20/cve-2021-33909/cve-2021-33909-crasher.c
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.13.4&id=71de462034c69525a5049fbdf3903c5833cbce04
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.19&id=514b6531b1cbb64199db63bfdb80953d71998cca
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.52&id=174c34d9cda1b5818419b8f5a332ced10755e52f
CVE-2021-22145 edited at 20 Jul 2021 15:34:31
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Information disclosure
Description
+ A memory disclosure vulnerability was identified in Elasticsearch’s error reporting in versions 7.10.0 up to 7.13.3. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer. This buffer could contain sensitive information such as Elasticsearch documents or authentication details.
References
+ https://discuss.elastic.co/t/elasticsearch-7-13-4-security-update/279177