Log

ASA-202106-3 edited at 03 Jun 2021 08:46:43
ASA-202106-2 edited at 03 Jun 2021 08:46:39
ASA-202106-1 edited at 03 Jun 2021 08:46:35
AVG-2028 edited at 03 Jun 2021 08:38:36
Severity
- Unknown
+ Medium
CVE-2021-3560 edited at 03 Jun 2021 08:38:36
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Privilege escalation
Description
+ A security issue was found in polkit before version 0.119. When a requesting process disconnects from dbus-daemon just before the call to polkit_system_bus_name_get_creds_sync starts, the process cannot get a unique uid and pid of the process and it cannot verify the privileges of the requesting process.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=1961710
Notes
AVG-2028 created at 03 Jun 2021 08:35:54
Packages
+ polkit
Issues
+ CVE-2021-3560
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 0.118-1
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-3560 created at 03 Jun 2021 08:35:54
AVG-1970 edited at 03 Jun 2021 07:49:16
Status
- Testing
+ Fixed
AVG-2026 edited at 02 Jun 2021 21:21:19
Status
- Vulnerable
+ Fixed
Fixed
+ 3.2.4-1
AVG-2025 edited at 02 Jun 2021 19:46:54
Status
- Vulnerable
+ Fixed
Affected
- 3.2.1-1
+ 3.1.2-1
Fixed
+ 3.1.3-1
Advisory qualified
- Yes
+ No
CVE-2021-22895 edited at 02 Jun 2021 19:46:34
Description
- Nextcloud Desktop Client before 3.3.1 wasn't verifying the SSL certificates when using the "Register with a Provider" flow.
+ Nextcloud Desktop Client before 3.1.3 wasn't verifying the SSL certificates when using the "Register with a Provider" flow.
References
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qpgp-vf4p-wcw5
https://hackerone.com/reports/903424
+ https://github.com/nextcloud/desktop/pull/2919
+ https://github.com/nextcloud/desktop/pull/2926
+ https://github.com/nextcloud/desktop/commit/142180c0e297ef500daf8328e7ea3020e33a3639
AVG-1992 edited at 02 Jun 2021 19:38:13
Affected
- 76.0.4017.175-1
+ 76.0.4017.177-1
Notes
- Opera version 76.0.4017.175 is based on Chromium version 90.0.4430.212 according to the reference.
+ Opera version 76.0.4017.177 is based on Chromium version 90.0.4430.212 according to the reference.