---

Log

AVG-2068 edited at 11 Jun 2021 15:48:55
Status	- Vulnerable + Not affected
Advisory qualified	- Yes + No

AVG-2068 edited at 11 Jun 2021 15:48:45
Severity	- Unknown + Medium

CVE-2021-3013 edited at 11 Jun 2021 15:48:45
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Arbitrary code execution
Description	+ ripgrep before version 13 on Windows allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/--search-zip or --pre flag.
References	+ https://github.com/BurntSushi/ripgrep/issues/1773 + https://github.com/BurntSushi/ripgrep/commit/229d1a8d41b0023420e7815578fa0b39c0d5c2e4
Notes

AVG-2068 created at 11 Jun 2021 15:46:31
Packages	+ ripgrep
Issues	+ CVE-2021-3013
Status	+ Vulnerable
Severity	+ Unknown
Affected	+ 12.1.1-1
Fixed
Ticket
Advisory qualified	+ Yes
References
Notes

CVE-2021-3013 created at 11 Jun 2021 15:46:31

AVG-2063 edited at 11 Jun 2021 14:38:13
Status	- Testing + Fixed

AVG-2064 edited at 11 Jun 2021 14:38:13
Status	- Testing + Fixed

CVE-2021-3560 edited at 11 Jun 2021 09:57:59
References	https://www.openwall.com/lists/oss-security/2021/06/03/1 https://bugzilla.redhat.com/show_bug.cgi?id=1961710 + https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/ https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81

ASA-202106-20 edited at 11 Jun 2021 09:56:58

Impact

- Requesting environment variables with crafted contents could lead to arbitrary code execution in a telnet client. Additionally an unauthenticated remote attacker could execute arbitrary code on a telnet server via crafted telnet packets. + Requesting environment variables with crafted contents could lead to arbitrary code execution in a telnet client. Additionally an unauthenticated remote attacker could execute arbitrary code on a telnet server via crafted packets.

AVG-2047 edited at 11 Jun 2021 08:48:23
Status	- Vulnerable + Fixed
Fixed	+ 3.1.16.sdk116-1

AVG-2046 edited at 11 Jun 2021 06:56:31
Status	- Vulnerable + Fixed
Fixed	+ 5.0.7.sdk204-1

AVG-1988 edited at 11 Jun 2021 06:54:51
Status	- Vulnerable + Fixed
Fixed	+ 1.20.1-1
References	- https://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html