---

Log

AVG-2042 created at 07 Jun 2021 14:55:18
Packages	+ isync
Issues	+ CVE-2021-3578
Status	+ Vulnerable
Severity	+ Unknown
Affected	+ 1.4.1-1
Fixed
Ticket
Advisory qualified	+ Yes
References
Notes

CVE-2021-3578 created at 07 Jun 2021 14:55:18

AVG-2024 edited at 07 Jun 2021 08:02:17
Advisory qualified	- Yes + No

AVG-2041 edited at 07 Jun 2021 08:00:21
Severity	- Unknown + High

CVE-2021-31618 edited at 07 Jun 2021 08:00:21
Severity	- Unknown + High

CVE-2021-31618 edited at 07 Jun 2021 08:00:16
Remote	- Unknown + Remote
Type	- Unknown + Denial of service
Description	+ A security issue has been found in the Apache HTTP Server (httpd) before version 2.4.48. The Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions, an HTTP response is sent to the client with a status code indicating why the request was rejected. + + This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a footer. This led to a NULL pointer dereference on initialised memory, reliably crashing the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited for denial of service (DoS) of the server.
References	+ https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-31618
Notes

AVG-2041 created at 07 Jun 2021 07:44:42
Packages	+ apache
Issues	+ CVE-2021-31618
Status	+ Fixed
Severity	+ Unknown
Affected	+ 2.4.47-1
Fixed	+ 2.4.48-1
Ticket
Advisory qualified	+ Yes
References
Notes

CVE-2021-31618 created at 07 Jun 2021 07:44:42

AVG-2040 edited at 06 Jun 2021 16:41:43
Severity	- Unknown + Medium

CVE-2021-33880 edited at 06 Jun 2021 16:41:43
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Private key recovery
Description	+ The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.
References	+ https://github.com/aaugustin/websockets/commit/547a26b685d08cac0aa64e5e65f7867ac0ea9bc0
Notes

AVG-2040 created at 06 Jun 2021 16:40:43
Packages	+ python-websockets
Issues	+ CVE-2021-33880
Status	+ Vulnerable
Severity	+ Unknown
Affected	+ 9.0.1-3
Fixed
Ticket
Advisory qualified	+ Yes
References
Notes

CVE-2021-33880 created at 06 Jun 2021 16:40:43

AVG-1807 edited at 06 Jun 2021 09:52:14
Advisory qualified	- Yes + No

AVG-1806 edited at 06 Jun 2021 09:52:08
Advisory qualified	- Yes + No

AVG-2029 edited at 05 Jun 2021 17:54:37
Advisory qualified	- Yes + No