Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
archlinuxArchLinuxASA-202101-20
HistoryJan 12, 2021 - 12:00 a.m.

[ASA-202101-20] vivaldi: multiple issues

2021-01-1200:00:00
security.archlinux.org
102

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.01 Low

EPSS

Percentile

83.6%

JSON

Arch Linux Security Advisory ASA-202101-20

Severity: High
Date : 2021-01-12
CVE-ID : CVE-2020-15995 CVE-2020-16043 CVE-2021-21106 CVE-2021-21107
CVE-2021-21108 CVE-2021-21109 CVE-2021-21110 CVE-2021-21111
CVE-2021-21112 CVE-2021-21113 CVE-2021-21114 CVE-2021-21115
CVE-2021-21116
Package : vivaldi
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1424

Summary

The package vivaldi before version 3.5.2115.87-1 is vulnerable to
multiple issues including access restriction bypass, arbitrary code
execution and insufficient validation.

Resolution

Upgrade to 3.5.2115.87-1.

pacman -Syu “vivaldi>=3.5.2115.87-1”

The problems have been fixed upstream in version 3.5.2115.87.

Workaround

None.

Description

  • CVE-2020-15995 (arbitrary code execution)

An out of bounds write security issue has been found in the V8
component of the Chromium browser before version 87.0.4280.141.

  • CVE-2020-16043 (insufficient validation)

An insufficient data validation security issue has been found in the
networking component of the Chromium browser before version
87.0.4280.141.

  • CVE-2021-21106 (arbitrary code execution)

A use after free security issue has been found in the autofill
component of the Chromium browser before version 87.0.4280.141.

  • CVE-2021-21107 (arbitrary code execution)

A use after free security issue has been found in the drag and drop
component of the Chromium browser before version 87.0.4280.141.

  • CVE-2021-21108 (arbitrary code execution)

A use after free security issue has been found in the media component
of the Chromium browser before version 87.0.4280.141.

  • CVE-2021-21109 (arbitrary code execution)

A use after free security issue has been found in the payments
component of the Chromium browser before version 87.0.4280.141.

  • CVE-2021-21110 (arbitrary code execution)

A use after free security issue has been found in the safe browsing
component of the Chromium browser before version 87.0.4280.141.

  • CVE-2021-21111 (access restriction bypass)

An insufficient policy enforcement security issue has been found in the
WebUI component of the Chromium browser before version 87.0.4280.141.

  • CVE-2021-21112 (arbitrary code execution)

A use after free security issue has been found in the Blink component
of the Chromium browser before version 87.0.4280.141.

  • CVE-2021-21113 (arbitrary code execution)

A heap buffer overflow security issue has been found in the Skia
component of the Chromium browser before version 87.0.4280.141.

  • CVE-2021-21114 (arbitrary code execution)

A use after free security issue has been found in the audio component
of the Chromium browser before version 87.0.4280.141.

  • CVE-2021-21115 (arbitrary code execution)

A use after free security issue has been found in the safe browsing
component of the Chromium browser before version 87.0.4280.141.

  • CVE-2021-21116 (arbitrary code execution)

A heap buffer overflow security issue has been found in the audio
component of the Chromium browser before version 87.0.4280.141.

Impact

A remote attacker might be able to bypass security restrictions and
execute arbitrary code.

References

https://vivaldi.com/blog/desktop/minor-update-for-vivaldi-desktop-browser-3-5/
https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html
https://crbug.com/1157790
https://crbug.com/1148309
https://crbug.com/1148749
https://crbug.com/1153595
https://crbug.com/1155426
https://crbug.com/1152334
https://crbug.com/1152451
https://crbug.com/1149125
https://crbug.com/1151298
https://crbug.com/1155178
https://crbug.com/1150065
https://crbug.com/1157814
https://crbug.com/1151069
https://security.archlinux.org/CVE-2020-15995
https://security.archlinux.org/CVE-2020-16043
https://security.archlinux.org/CVE-2021-21106
https://security.archlinux.org/CVE-2021-21107
https://security.archlinux.org/CVE-2021-21108
https://security.archlinux.org/CVE-2021-21109
https://security.archlinux.org/CVE-2021-21110
https://security.archlinux.org/CVE-2021-21111
https://security.archlinux.org/CVE-2021-21112
https://security.archlinux.org/CVE-2021-21113
https://security.archlinux.org/CVE-2021-21114
https://security.archlinux.org/CVE-2021-21115
https://security.archlinux.org/CVE-2021-21116

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanyvivaldi< 3.5.2115.87-1UNKNOWN

References

Related

fedora 2
debian 2
suse 6
nessus 12
osv 1
chrome 2
freebsd 1
kaspersky 2
gentoo 1
archlinux 1
threatpost 4
prion 13
cve 13
veracode 13
ubuntucve 12
debiancve 13
redhatcve 1
thn 1
mscve 1
fedora
fedora
[SECURITY] Fedora 33 Update: chromium-87.0.4280.141-1.fc33
2021-01-17 01:51:52
[SECURITY] Fedora 32 Update: chromium-87.0.4280.141-1.fc32
2021-01-23 01:30:25
debian
debian
[SECURITY] [DSA 4832-1] chromium security update
2021-01-16 14:06:35
[SECURITY] [DSA 4832-1] chromium security update
2021-01-16 14:06:35
suse
suse
Security update for opera (moderate)
2021-01-22 00:00:00
Security update for chromium (important)
2021-01-11 00:00:00
Security update for chromium (important)
2021-01-10 00:00:00
nessus
nessus
FreeBSD : chromium -- multiple vulnerabilities (d153c4d2-50f8-11eb-8046-3065ec8fd3ec)
2021-01-11 00:00:00
GLSA-202101-05 : Chromium, Google Chrome: Multiple vulnerabilities
2021-01-11 00:00:00
openSUSE Security Update : opera (openSUSE-2021-138)
2021-01-25 00:00:00
osv
osv
chromium - security update
2021-01-16 00:00:00
chrome
chrome
Stable Channel Update for Desktop
2021-01-06 00:00:00
Chrome for Android Update
2020-10-13 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2021-01-06 00:00:00
kaspersky
kaspersky
KLA12046 Multiple vulnerabilities in Opera
2021-01-14 00:00:00
KLA12035 Multiple vulnerabilities in Google Chrome
2021-01-06 00:00:00
gentoo
gentoo
Chromium, Google Chrome: Multiple vulnerabilities
2021-01-10 00:00:00
archlinux
archlinux
[ASA-202101-6] chromium: multiple issues
2021-01-08 00:00:00
threatpost
threatpost
Bugs in Firefox, Chrome, Edge Allow Remote System Hijacking
2021-01-08 06:00:28
Remote Attackers Can Now Reach Protected Network Devices via NAT Slipstreaming
2021-01-27 20:32:55
Google Chrome Zero-Day Afflicts Windows, Mac Users
2021-02-05 15:47:55
prion
prion
Heap overflow
2021-01-08 19:15:00
Double free
2021-01-08 19:15:00
Authorization
2021-01-08 19:15:00
cve
cve
CVE-2021-21116
2021-01-08 19:15:00
CVE-2020-16043
2021-01-08 19:15:00
CVE-2021-21111
2021-01-08 19:15:00
veracode
veracode
Sandbox Restrictions Bypass
2021-01-11 20:09:25
Sandbox Restrictions Bypass
2021-01-11 20:09:23
Arbitrary Code Execution
2021-01-11 20:09:11
ubuntucve
ubuntucve
CVE-2021-21112
2021-01-08 00:00:00
CVE-2021-21110
2021-01-08 00:00:00
CVE-2021-21116
2021-01-08 00:00:00
debiancve
debiancve
CVE-2021-21113
2021-01-08 19:15:00
CVE-2021-21114
2021-01-08 19:15:00
CVE-2021-21115
2021-01-08 19:15:00
redhatcve
redhatcve
CVE-2021-21113
2022-05-21 00:14:19
thn
thn
New Attack Could Let Remote Hackers Target Devices On Internal Networks
2021-01-27 12:58:00
mscve
mscve
Chromium Security Updates for Microsoft Edge (Chromium-Based)
2020-01-28 08:00:00

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.01 Low

EPSS

Percentile

83.6%

JSON
Related for ASA-202101-20
fedora2debian2suse6nessus12osv1chrome2freebsd1kaspersky2gentoo1archlinux1threatpost4prion13cve13veracode13ubuntucve12debiancve13redhatcve1thn1mscve1