Log

AVG-2052 edited at 09 Jun 2021 07:59:49
Severity
- Unknown
+ Medium
CVE-2021-3580 edited at 09 Jun 2021 07:59:49
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ Multiple issues were found with Nettle's RSA decryption functions before version 3.7.3. These can be triggered by providing manipulated ciphertext and could lead to application crash and denial of service. Since nettle is used with gnuTLS, there is a possibility that a remote client could crash a server compiled with gnuTLS when RSA is used for the initial key exchange.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=1967983
+ https://git.lysator.liu.se/nettle/nettle/-/commit/0ad0b5df315665250dfdaa4a1e087f4799edaefe
+ https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c
+ https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c
Notes
AVG-2052 created at 09 Jun 2021 07:57:48
Packages
+ nettle
Issues
+ CVE-2021-3580
Status
+ Fixed
Severity
+ Unknown
Affected
+ 3.7.2-1
Fixed
+ 3.7.3-1
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-3580 created at 09 Jun 2021 07:57:48
CVE-2021-31957 edited at 09 Jun 2021 07:54:13
References
+ https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31957
https://github.com/dotnet/announcements/issues/189
AVG-1991 edited at 09 Jun 2021 07:50:32
References
https://vivaldi.com/blog/desktop/minor-update-2-for-vivaldi-desktop-browser-3-8/
+ https://vivaldi.com/blog/mobile/android-3-9-2307-3/
Notes
- Vivaldi version 3.8.2259.42 is based on Chromium version 90.0.4430.214 according to the reference.
+ Vivaldi version 3.8.2259.42 is based on Chromium version 90.0.4430.214, Vivaldi version 4.0.2312.24 is based on Chromium version 91.0.4472.79 according to the references.
AVG-1777 edited at 08 Jun 2021 21:59:46
Affected
- 1.11.1-32
+ 1.11.1-33
AVG-1486 edited at 08 Jun 2021 21:59:25
Affected
- 0.21.1-1
+ 0.21.1-2
AVG-1643 edited at 08 Jun 2021 21:59:07
Affected
- 4.14.3-1
+ 4.14.3-2
AVG-2051 edited at 08 Jun 2021 20:41:15
Severity
- Medium
+ High
CVE-2021-24489 edited at 08 Jun 2021 20:41:15
Severity
- Unknown
+ High
Remote
- Unknown
+ Local
Type
- Unknown
+ Privilege escalation
Description
+ Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege via local access.
References
+ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html
+ https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608
Notes
CVE-2020-24513 edited at 08 Jun 2021 20:40:30
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Information disclosure
Description
+ Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
References
+ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html
+ https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608
Notes
CVE-2020-24512 edited at 08 Jun 2021 20:40:00
Severity
- Unknown
+ Low
Remote
- Unknown
+ Local
Type
- Unknown
+ Information disclosure
Description
+ Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
References
+ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html
+ https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608
Notes