Log

CVE-2021-30547 created at 09 Jun 2021 18:59:49
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ An out of bounds write security issue has been found in the ANGLE component of the Chromium browser before version 91.0.4472.101.
References
+ https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html
+ https://crbug.com/1210414
Notes
CVE-2021-30546 created at 09 Jun 2021 18:59:49
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A use after free security issue has been found in the Autofill component of the Chromium browser before version 91.0.4472.101.
References
+ https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html
+ https://crbug.com/1206911
Notes
CVE-2021-30545 created at 09 Jun 2021 18:59:48
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A use after free security issue has been found in the Extensions component of the Chromium browser before version 91.0.4472.101.
References
+ https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html
+ https://crbug.com/1201031
Notes
CVE-2021-30544 created at 09 Jun 2021 18:59:48
Severity
+ Critical
Remote
+ Remote
Type
+ Unknown
Description
+ A use after free security issue has been found in the BFCache component of the Chromium browser before version 91.0.4472.101.
References
+ https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html
+ https://crbug.com/1212618
Notes
AVG-2056 created at 09 Jun 2021 13:18:20
Packages
+ ansible
Issues
+ CVE-2021-3532
+ CVE-2021-3533
Status
+ Not affected
Severity
+ Medium
Affected
+ 4.0.0-1
Fixed
Ticket
Advisory qualified
+ No
References
Notes
AVG-1941 edited at 09 Jun 2021 13:18:13
Issues
- CVE-2021-3532
- CVE-2021-3533
CVE-2021-3583
CVE-2021-3533 edited at 09 Jun 2021 13:18:03
Description
- ANSIBLE_ASYNC_DIR defaults to ~/.ansible_async/ but is settable by the user. It can be set by the ansible user to a subdirectory of a world writable directory, for instance ANSIBLE_ASYNC_DIR=/tmp/username-ansible-async/. When this occurs, there is a race condition on the managed machine. A malicious, low privileged account on the remote machine can pre-create /tmp/username-ansible-async and then use various attacks to access the async result data.
+ A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.
CVE-2021-3532 edited at 09 Jun 2021 13:17:38
Description
- When an user changes the jobdir of async_files to a world readable directory, ansible writes the async status files directly into the world readable directory using umask to determine the file's permissions. The umask on most systems allow world readable files. This means that any secret information in an "async_status" file will be readable by a malicious user on that system.
+ A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status file will be readable by a malicious user on that system. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.
AVG-1800 edited at 09 Jun 2021 11:08:39
Notes
+ Arch Linux only packages an installer for Steam that downloads the actual Steam client and keeps it up to date outside of the package management system, so there is nothing that can be changed about the Arch Linux package to fix this issue.
AVG-1992 edited at 09 Jun 2021 10:56:25
References
https://blogs.opera.com/desktop/changelog-for-76/
+ https://blogs.opera.com/desktop/changelog-for-77/
Notes
- Opera version 76.0.4017.177 is based on Chromium version 90.0.4430.212 according to the reference.
+ Opera version 76.0.4017.177 is based on Chromium version 90.0.4430.212, Opera version 77.0.4054.60 is based on Chromium version 91.0.4472.77 according to the references.