Log

CVE-2019-0053 edited at 09 Jun 2021 08:26:28
Description
- inetutils before version 1.9.4.90 contains a stack overflow vulnerability in the client-side environment variable handling which can be exploited to escape restricted shells on embedded devices. A stack-based overflow is present in the handling of environment variables when connecting telnet.c to remote telnet servers through oversized DISPLAY arguments.
+ inetutils before version 1.9.4.90 contains a stack overflow vulnerability in the client-side environment variable handling which can be exploited to escape restricted shells on embedded devices. A stack-based overflow is present in the handling of environment variables when connecting telnet.c to remote telnet servers through oversized DISPLAY arguments.
ASA-202106-20 created at 09 Jun 2021 08:25:58
AVG-2055 edited at 09 Jun 2021 08:23:47
Severity
- Unknown
+ Medium
CVE-2021-33833 edited at 09 Jun 2021 08:23:47
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ A security issue has been found in the dnsproxy component in releases 1.32 to 1.39 of connman. Unpacking of NAME and RDATA/RDLENGTH fields with TYPE A/AAAA in the uncompress function uses a memcpy with insufficient bounds checking, which can overflow a stack buffer.
References
+ https://www.openwall.com/lists/oss-security/2021/06/09/1
+ https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=eceb2e8d2341c041df55a5e2f047d9a8c491463c
Notes
AVG-2055 created at 09 Jun 2021 08:22:13
Packages
+ connman
Issues
+ CVE-2021-33833
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 1.39-1
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-33833 created at 09 Jun 2021 08:22:13
AVG-2054 created at 09 Jun 2021 08:19:47
Packages
+ apache
Issues
+ CVE-2020-13938
Status
+ Not affected
Severity
+ Medium
Affected
+ 2.4.46-3
Fixed
+ 2.4.47-1
Ticket
Advisory qualified
+ No
References
Notes
AVG-2053 created at 09 Jun 2021 08:19:37
Packages
+ apache
Issues
+ CVE-2019-17567
+ CVE-2020-13950
+ CVE-2020-35452
+ CVE-2021-26690
+ CVE-2021-26691
+ CVE-2021-30641
Status
+ Fixed
Severity
+ Medium
Affected
+ 2.4.46-3
Fixed
+ 2.4.47-1
Ticket
Advisory qualified
+ No
References
Notes
AVG-2041 edited at 09 Jun 2021 08:18:43
Issues
- CVE-2019-17567
- CVE-2020-13938
- CVE-2020-13950
- CVE-2020-35452
- CVE-2021-26690
- CVE-2021-26691
- CVE-2021-30641
CVE-2021-31618
CVE-2021-30641 edited at 09 Jun 2021 08:14:32
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Incorrect calculation
Description
+ Apache HTTP Server versions 2.4.39 to 2.4.46 displays unexpected matching behavior with 'MergeSlashes OFF'.
References
+ https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-30641
CVE-2021-26691 edited at 09 Jun 2021 08:13:41
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ In Apache HTTP Server versions 2.4.0 to 2.4.46, a specially crafted SessionHeader sent by an origin server could cause a heap overflow.
References
+ https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-26691
CVE-2021-26690 edited at 09 Jun 2021 08:13:06
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ In Apache HTTP Server versions 2.4.0 to 2.4.46, a specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service.
References
+ https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-26690