Log

AVG-2023 edited at 08 Jun 2021 16:32:39
Issues
CVE-2021-22181
+ CVE-2021-22213
+ CVE-2021-22214
+ CVE-2021-22215
+ CVE-2021-22216
+ CVE-2021-22217
+ CVE-2021-22218
+ CVE-2021-22220
+ CVE-2021-22221
References
- https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/
Notes
- The advisory contains nine more security issues for which a CVE ID has been requested, but has not been assigned yet.
CVE-2021-22213 created at 08 Jun 2021 16:32:39
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes
AVG-2023 edited at 08 Jun 2021 16:32:39
Issues
CVE-2021-22181
+ CVE-2021-22213
+ CVE-2021-22214
+ CVE-2021-22215
+ CVE-2021-22216
+ CVE-2021-22217
+ CVE-2021-22218
+ CVE-2021-22220
+ CVE-2021-22221
References
- https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/
Notes
- The advisory contains nine more security issues for which a CVE ID has been requested, but has not been assigned yet.
CVE-2021-22218 created at 08 Jun 2021 16:32:39
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes
AVG-2012 edited at 08 Jun 2021 11:57:25
Status
- Vulnerable
+ Fixed
Affected
- 1.9.3-1
+ 1.9.2-1
Fixed
+ 1.9.3-1
Advisory qualified
- Yes
+ No
AVG-2011 edited at 08 Jun 2021 11:57:03
Status
- Vulnerable
+ Fixed
Affected
- 1.9.3-1
+ 1.9.2-1
Fixed
+ 1.9.3-1
Advisory qualified
- Yes
+ No
CVE-2021-33560 edited at 08 Jun 2021 11:56:17
Description
- A weakness has been found in the generation of ephemeral keys in the ElGamal encryption of libgcrypt when the recipient's key is not generated using the same or a compatible implementation.
+ Libgcrypt before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. (There is also an interoperability problem because the selection of the k integer value does not properly consider the differences between basic ElGamal encryption and generalized ElGamal encryption.) This, for example, affects use of ElGamal in OpenPGP.
References
https://dev.gnupg.org/T5328
- https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff;h=3462280f2e23e16adf3ed5176e0f2413d8861320
+ https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff;h=e8b7f10be275bcedb5fc05ed4837a89bfd605c61
AVG-1741 edited at 08 Jun 2021 11:49:43
Issues
CVE-2020-26555
CVE-2020-26556
CVE-2020-26557
CVE-2020-26558
CVE-2020-26559
CVE-2020-26560
CVE-2021-3542
CVE-2021-3564
+ CVE-2021-3573
CVE-2021-3587
CVE-2021-22543
CVE-2021-29648
CVE-2021-30178
AVG-1881 edited at 08 Jun 2021 11:49:33
Issues
CVE-2020-26555
CVE-2020-26556
CVE-2020-26557
CVE-2020-26558
CVE-2020-26559
CVE-2020-26560
CVE-2021-3542
CVE-2021-3564
+ CVE-2021-3573
CVE-2021-3587
CVE-2021-22543
AVG-1880 edited at 08 Jun 2021 11:49:27
Issues
CVE-2020-26555
CVE-2020-26556
CVE-2020-26557
CVE-2020-26558
CVE-2020-26559
CVE-2020-26560
CVE-2021-3542
CVE-2021-3564
+ CVE-2021-3573
CVE-2021-3587
CVE-2021-22543
CVE-2021-3573 edited at 08 Jun 2021 11:49:17
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Arbitrary code execution
Description
+ A use after free vulnerability has been found in the hci_sock_bound_ioctl() function of the Linux kernel. It can allow attackers to corrupt kernel heaps (kmalloc-8k to be specific) and adopt further exploitations.
References
+ https://www.openwall.com/lists/oss-security/2021/06/08/2
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e305509e678b3a4af2b3cfd410f409f7cdaabb52
AVG-1879 edited at 08 Jun 2021 11:46:18
Issues
CVE-2020-26555
CVE-2020-26556
CVE-2020-26557
CVE-2020-26558
CVE-2020-26559
CVE-2020-26560
CVE-2021-3542
CVE-2021-3564
+ CVE-2021-3573
CVE-2021-3587
CVE-2021-22543
CVE-2021-3573 created at 08 Jun 2021 11:46:18
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes