Log

AVG-2111 edited at 29 Jun 2021 08:18:38
Severity
- Unknown
+ Medium
CVE-2021-3624 edited at 29 Jun 2021 08:18:38
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Arbitrary code execution
Description
+ There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system. The vulnerability resides in the foveon_load_camf() function in dcraw.c.
References
+ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984761
Notes
AVG-2111 created at 29 Jun 2021 08:17:14
Packages
+ dcraw
Issues
+ CVE-2021-3624
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 9.28.0-2
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-3624 created at 29 Jun 2021 08:17:14
AVG-2110 edited at 29 Jun 2021 08:15:05
Severity
- Unknown
+ Medium
CVE-2021-25321 edited at 29 Jun 2021 08:15:05
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Privilege escalation
Description
+ A security issue has been found in arpwatch as packaged by SUSE. /var/lib/arpwatch is packaged as root:root. Once arpwatch was run with a unprivileged user the ownership is changed to the unprivileged user, which allows the user specified to escalate to root the next time arpwatch is started. This is due to a SUSE-specific patch, upstream is not affected.
References
+ https://bugzilla.suse.com/show_bug.cgi?id=1186240
Notes
AVG-2110 created at 29 Jun 2021 08:13:10
Packages
+ arpwatch
Issues
+ CVE-2021-25321
Status
+ Not affected
Severity
+ Unknown
Affected
+ 3.1-1
Fixed
Ticket
Advisory qualified
+ No
References
Notes
CVE-2021-25321 created at 29 Jun 2021 08:13:10
AVG-2108 edited at 28 Jun 2021 21:47:32
Status
- Vulnerable
+ Fixed
Fixed
+ 0.8.4-1
AVG-2096 edited at 28 Jun 2021 21:43:55
Status
- Vulnerable
+ Fixed
Fixed
+ 5.12.13.hardened1-1
AVG-1881 edited at 28 Jun 2021 21:43:18
Affected
- 5.12.12.hardened1-1
+ 5.12.13.hardened1-1
AVG-1592 edited at 28 Jun 2021 21:43:06
Affected
- 3.5.67-1
+ 3.5.68-1
AVG-1441 edited at 28 Jun 2021 21:41:37
Affected
- 0.37.1-2
+ 0.38.0-1
CVE-2021-27021 edited at 28 Jun 2021 21:38:03
References
https://puppet.com/security/cve/cve-2021-27021/
+ https://puppet.com/docs/puppetdb/6/release_notes/release_notes_latest.html#puppetdb-6170
+ https://tickets.puppetlabs.com/browse/PDB-5138
+ https://github.com/puppetlabs/puppetdb/commit/c146e624d230f7410fb648d58ae28c0e3cd457a2
+ https://github.com/puppetlabs/puppetdb/commit/f8dc81678cf347739838e42cc1c426d96406c266
+ https://github.com/puppetlabs/puppetdb/commit/72bd137511487643a3a6236ad9e72a5dd4a6fadb