Log

CVE-2021-30555 created at 18 Jun 2021 07:24:31
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A use after free security issue has been found in the Sharing component of the Chromium browser engine before version 91.0.4472.114.
References
+ https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html
+ https://crbug.com/1215029
Notes
CVE-2021-30554 created at 18 Jun 2021 07:24:31
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A use after free security issue has been found in the WebGL component of the Chromium browser engine before version 91.0.4472.114. Google is aware that an exploit for CVE-2021-30554 exists in the wild.
References
+ https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html
+ https://crbug.com/1219857
Notes
AVG-1987 edited at 17 Jun 2021 17:36:39
Status
- Vulnerable
+ Fixed
Fixed
+ 1.21.0-1
References
- https://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html
AVG-2080 edited at 17 Jun 2021 16:49:30
Severity
- Unknown
+ Medium
CVE-2021-32078 edited at 17 Jun 2021 16:49:30
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Information disclosure
Description
+ An out-of-bounds read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4.
References
+ https://kirtikumarar.com/CVE-2021-32078.txt
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=298a58e165e447ccfaae35fe9f651f9d7e15166f
Notes
AVG-2080 created at 17 Jun 2021 16:48:06
Packages
+ linux
Issues
+ CVE-2021-32078
Status
+ Not affected
Severity
+ Unknown
Affected
+ 5.12.11.arch1-1
Fixed
Ticket
Advisory qualified
+ No
References
Notes
CVE-2021-32078 created at 17 Jun 2021 16:48:06
AVG-2079 edited at 17 Jun 2021 16:46:58
Severity
- Unknown
+ Medium
CVE-2021-34825 edited at 17 Jun 2021 16:46:58
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Certificate verification bypass
Description
+ Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system.
References
+ https://bugs.quassel-irc.org/issues/1728
+ https://github.com/quassel/quassel/pull/581
Notes
AVG-2079 created at 17 Jun 2021 16:44:11
Packages
+ quassel-core
Issues
+ CVE-2021-34825
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 0.13.1-8
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-34825 created at 17 Jun 2021 16:44:11
ASA-202106-42 edited at 17 Jun 2021 16:36:08
Impact
- An attacker could crash an application with crafted input, inject malicious and unexpected content or drop HTTP headers through posing as a reverse proxy.
+ An attacker could crash an application with crafted input, inject malicious and unexpected content or drop HTTP headers by posing as a reverse proxy.
ASA-202106-41 edited at 17 Jun 2021 16:28:29
ASA-202106-40 edited at 17 Jun 2021 16:27:56