Log

AVG-2084 created at 18 Jun 2021 13:44:40
Packages
+ keycloak
Issues
+ CVE-2020-35509
Status
+ Fixed
Severity
+ Medium
Affected
+ 13.0.1-1
Fixed
+ 14.0.0-1
Ticket
Advisory qualified
+ Yes
References
Notes
AVG-1332 edited at 18 Jun 2021 13:44:27
Issues
CVE-2020-1717
CVE-2020-1723
CVE-2020-1725
CVE-2020-10734
CVE-2020-14359
- CVE-2020-35509
CVE-2021-3424
CVE-2021-20262
Affected
- 13.0.1-1
+ 14.0.0-1
CVE-2020-35509 edited at 18 Jun 2021 13:41:45
Description
- Depending on the webserver configuration, a malicious user can supply an expired certificate and it would be accepted by Keycloak direct-grant authenticator. This is because Keycloak does not trigger the appropriate timestamp validation.
+ A security issue has been found in Keycloak before version 14.0.0. Depending on the webserver configuration, a malicious user can supply an expired certificate and it would be accepted by Keycloak direct-grant authenticator. This is because Keycloak does not trigger the appropriate timestamp validation.
References
https://bugzilla.redhat.com/show_bug.cgi?id=1912427
https://issues.redhat.com/browse/KEYCLOAK-16450
+ https://github.com/keycloak/keycloak/pull/8067
+ https://github.com/keycloak/keycloak/commit/478319348bdfdb9b6d39122f41edf2af79f679bb
AVG-1741 edited at 18 Jun 2021 13:38:53
Affected
- 5.10.44-1
+ 5.10.45-1
CVE-2016-1000000 deleted at 18 Jun 2021 07:57:34
Severity
- High
Remote
- Remote
Type
- Sql injection
Description
- Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection
References
- https://www.tenable.com/security/research/tra-2016-15
Notes
- Arch is not impacted at all by this CVE, but since it's the first one assigned by the DWF project, it seemed like a nice test to see if we handle this format ;)
AVG-2083 edited at 18 Jun 2021 07:42:15
Notes
- Opera version 77.0.4054.91 is based on Chromium version 91.0.4472.101 according to the reference.
+ Opera version 77.0.4054.90 is based on Chromium version 91.0.4472.101 according to the reference.
AVG-2059 edited at 18 Jun 2021 07:41:54
Status
- Vulnerable
+ Fixed
Fixed
+ 77.0.4054.90-1
Notes
- Opera version 77.0.4054.80 is based on Chromium version 91.0.4472.77, Opera version 77.0.4054.91 is based on Chromium version 91.0.4472.101 according to the reference.
+ Opera version 77.0.4054.80 is based on Chromium version 91.0.4472.77, Opera version 77.0.4054.90 is based on Chromium version 91.0.4472.101 according to the reference.
AVG-2073 edited at 18 Jun 2021 07:40:22
Status
- Vulnerable
+ Fixed
Fixed
+ 4.6.0-1
AVG-1963 edited at 18 Jun 2021 07:39:14
Affected
- 1.56.2-2
+ 1.56.2-3
CVE-2021-3608 edited at 18 Jun 2021 07:34:04
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Arbitrary code execution
Description
+ A security issue was found in the QEMU implementation of VMWare's paravirtual RDMA device. It could occur while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or undefined behavior due to the access of an uninitialized pointer.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=1973383