Log

AVG-2105 edited at 27 Jun 2021 20:11:48
Status
- Vulnerable
+ Fixed
Fixed
+ 6.23.0-1
CVE-2021-3620 edited at 27 Jun 2021 20:08:55
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Information disclosure
Description
+ A security issue was found in Ansible Engine's ansible-connection module. Sensitive information like the Ansible user credentials are disclosed by default in the traceback error message.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=1975767
AVG-1941 edited at 27 Jun 2021 20:08:07
Issues
CVE-2021-3583
+ CVE-2021-3620
CVE-2021-3620 created at 27 Jun 2021 20:08:07
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes
CVE-2021-35196 edited at 27 Jun 2021 14:37:40
References
https://www.pizzapower.me/2021/06/20/arbitrary-code-execution-in-manuskript-0-12/
https://github.com/olivierkes/manuskript/issues/891
+ https://github.com/olivierkes/manuskript/pull/895
AVG-2107 edited at 27 Jun 2021 08:16:28
Affected
- 2.4.1-2
+ 2.4.0-7
Fixed
- 2.5.0-1
+ 2.4.1-1
CVE-2021-3605 edited at 27 Jun 2021 08:15:51
Description
- A heap-buffer overflow was found in the rleUncompress function of OpenEXR before version 2.5.0. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.
+ A heap-buffer overflow was found in the rleUncompress function of OpenEXR before version 2.4.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.
References
https://bugzilla.redhat.com/show_bug.cgi?id=1970991
https://github.com/AcademySoftwareFoundation/openexr/pull/1036
https://github.com/AcademySoftwareFoundation/openexr/commit/25259a84827234a283f6f9db72978198c7a3f268
https://github.com/AcademySoftwareFoundation/openexr/pull/643
https://github.com/AcademySoftwareFoundation/openexr/commit/37750013830def57f19f3c3b7faaa9fc1dae81b3
+ https://github.com/AcademySoftwareFoundation/openexr/pull/659
+ https://github.com/AcademySoftwareFoundation/openexr/commit/e79d2296496a50826a15c667bf92bdc5a05518b4
AVG-2107 created at 27 Jun 2021 08:13:40
Packages
+ openexr
Issues
+ CVE-2021-3605
Status
+ Fixed
Severity
+ Medium
Affected
+ 2.4.1-2
Fixed
+ 2.5.0-1
Ticket
Advisory qualified
+ No
References
Notes
AVG-2071 edited at 27 Jun 2021 08:13:00
Issues
CVE-2021-3598
- CVE-2021-3605
CVE-2021-3605 edited at 27 Jun 2021 08:12:46
Description
- A heap-buffer overflow was found in the rleUncompress function of OpenEXR. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.
+ A heap-buffer overflow was found in the rleUncompress function of OpenEXR before version 2.5.0. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.
References
https://bugzilla.redhat.com/show_bug.cgi?id=1970991
https://github.com/AcademySoftwareFoundation/openexr/pull/1036
https://github.com/AcademySoftwareFoundation/openexr/commit/25259a84827234a283f6f9db72978198c7a3f268
+ https://github.com/AcademySoftwareFoundation/openexr/pull/643
+ https://github.com/AcademySoftwareFoundation/openexr/commit/37750013830def57f19f3c3b7faaa9fc1dae81b3
AVG-2093 edited at 26 Jun 2021 17:10:40
Status
- Vulnerable
+ Fixed
Fixed
+ 1.36.1-1