Log - Arch Linux


AVG-2282 edited at 14 Aug 2021 14:34:54
Affected
- 5.15.2+kde+r215-1
+ 5.15.2+kde+r215-2
AVG-2294 edited at 13 Aug 2021 18:25:44
Severity
- Low
+ Medium
CVE-2021-38554 edited at 13 Aug 2021 18:25:44
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Information disclosure
Description
+ HashiCorp Vault's UI up to version 1.7.3 erroneously cached and exposed user-viewed secrets between sessions in a single shared browser.
References
+ https://discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166
Notes
CVE-2021-38553 edited at 13 Aug 2021 18:19:33
Description
- HashiCorp Vault 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.
+ HashiCorp Vault 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions.
AVG-2294 edited at 13 Aug 2021 18:19:23
Severity
- Unknown
+ Low
CVE-2021-38553 edited at 13 Aug 2021 18:19:23
Severity
- Unknown
+ Low
Remote
- Unknown
+ Local
Type
- Unknown
+ Denial of service
Description
+ HashiCorp Vault 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.
References
+ https://discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168
Notes
AVG-2294 created at 13 Aug 2021 18:14:58
Packages
+ vault
Issues
+ CVE-2021-38553
+ CVE-2021-38554
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 1.7.3-1
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-38553 created at 13 Aug 2021 18:14:58
AVG-2294 created at 13 Aug 2021 18:14:58
Packages
+ vault
Issues
+ CVE-2021-38553
+ CVE-2021-38554
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 1.7.3-1
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-38554 created at 13 Aug 2021 18:14:58
AVG-1516 edited at 13 Aug 2021 18:10:42
Affected
- 3.40.3-1
+ 3.40.4-1
ASA-202108-14 edited at 13 Aug 2021 18:09:25
ASA-202108-13 edited at 13 Aug 2021 18:09:20
ASA-202108-12 edited at 13 Aug 2021 18:09:11