CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:P/I:P/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
92.0%
Severity: High
Date : 2021-03-25
CVE-ID : CVE-2020-27844 CVE-2021-21159 CVE-2021-21160 CVE-2021-21161
CVE-2021-21162 CVE-2021-21163 CVE-2021-21165 CVE-2021-21166
CVE-2021-21167 CVE-2021-21168 CVE-2021-21169 CVE-2021-21170
CVE-2021-21171 CVE-2021-21172 CVE-2021-21173 CVE-2021-21174
CVE-2021-21175 CVE-2021-21176 CVE-2021-21177 CVE-2021-21178
CVE-2021-21179 CVE-2021-21180 CVE-2021-21181 CVE-2021-21182
CVE-2021-21183 CVE-2021-21184 CVE-2021-21185 CVE-2021-21186
CVE-2021-21187 CVE-2021-21188 CVE-2021-21189 CVE-2021-21190
CVE-2021-21191 CVE-2021-21192 CVE-2021-21193
Package : vivaldi
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1633
The package vivaldi before version 3.7.2218.45-1 is vulnerable to
multiple issues including arbitrary code execution, insufficient
validation, access restriction bypass, content spoofing, incorrect
calculation and information disclosure.
Upgrade to 3.7.2218.45-1.
The problems have been fixed upstream in version 3.7.2218.45.
None.
A heap-based buffer overflow was discovered in lib/openjp2/t2.c:973 in
the current master (commit 18b1138fbe3bb0ae4aa2bf1369f9430a8ec6fa00) of
OpenJPEG.
A heap buffer overflow security issue was found in the TabStrip
component of the Chromium browser before version 89.0.4389.72.
A heap buffer overflow security issue was found in the WebAudio
component of the Chromium browser before version 89.0.4389.72.
A heap buffer overflow security issue was found in the TabStrip
component of the Chromium browser before version 89.0.4389.72.
A use after free security issue was found in the WebRTC component of
the Chromium browser before version 89.0.4389.72.
An insufficient data validation security issue was found in the Reader
Mode component of the Chromium browser before version 89.0.4389.72.
An object lifecycle security issue was found in the audio component of
the Chromium browser before version 89.0.4389.72.
An object lifecycle security issue was found in the audio component of
the Chromium browser before version 89.0.4389.72.
A use after free security issue was found in the bookmarks component of
the Chromium browser before version 89.0.4389.72.
An insufficient policy enforcement security issue was found in the
appcache component of the Chromium browser before version 89.0.4389.72.
An out of bounds memory access security issue was found in the V8
component of the Chromium browser before version 89.0.4389.72.
An incorrect security UI security issue was found in the Loader
component of the Chromium browser before version 89.0.4389.72.
An incorrect security UI security issue was found in the TabStrip and
Navigation components of the Chromium browser before version
89.0.4389.72.
An insufficient policy enforcement security issue was found in the File
System API component of the Chromium browser before version
89.0.4389.72.
A side-channel information leakage security issue was found in the
Network Internals component of the Chromium browser before version
89.0.4389.72.
An inappropriate implementation security issue was found in the
Referrer component of the Chromium browser before version 89.0.4389.72.
An inappropriate implementation security issue was found in the Site
isolation component of the Chromium browser before version
89.0.4389.72.
An inappropriate implementation security issue was found in the full
screen mode component of the Chromium browser before version
89.0.4389.72.
An insufficient policy enforcement security issue was found in the
Autofill component of the Chromium browser before version 89.0.4389.72.
An inappropriate implementation security issue was found in the
Compositing component of the Chromium browser before version
89.0.4389.72.
A use after free security issue was found in the Network Internals
component of the Chromium browser before version 89.0.4389.72.
A use after free security issue was found in the tab search component
of the Chromium browser before version 89.0.4389.72.
A side-channel information leakage security issue was found in the
autofill component of the Chromium browser before version 89.0.4389.72.
An insufficient policy enforcement security issue was found in the
navigations component of the Chromium browser before version
89.0.4389.72.
An inappropriate implementation security issue was found in the
performance APIs component of the Chromium browser before version
89.0.4389.72.
An inappropriate implementation security issue was found in the
performance APIs component of the Chromium browser before version
89.0.4389.72.
An insufficient policy enforcement security issue was found in the
extensions component of the Chromium browser before version
89.0.4389.72.
An insufficient policy enforcement security issue was found in the QR
scanning component of the Chromium browser before version 89.0.4389.72.
An insufficient data validation security issue was found in the URL
formatting component of the Chromium browser before version
89.0.4389.72.
A use after free security issue was found in the Blink component of the
Chromium browser before version 89.0.4389.72.
An insufficient policy enforcement security issue was found in the
payments component of the Chromium browser before version 89.0.4389.72.
An uninitialized use security issue was found in the PDFium component
of the Chromium browser before version 89.0.4389.72.
A use after free security issue was found in the WebRTC component of
the Chromium browser before version 89.0.4389.90.
A heap buffer overflow security issue was found in the tab groups
component of the Chromium browser before version 89.0.4389.90.
A use after free security issue was found in the Blink component of the
Chromium browser before version 89.0.4389.90. Google is aware of
reports that an exploit for this issue exists in the wild.
A remote attacker might be able to bypass security measures, trick the
user into performing unwanted actions or execute arbitrary code.
https://vivaldi.com/blog/desktop/minor-update-2-for-vivaldi-desktop-3-6/
https://vivaldi.com/blog/vivaldi-fires-up-performance-2/
https://github.com/uclouvain/openjpeg/issues/1299
https://github.com/uclouvain/openjpeg/pull/1301
https://github.com/uclouvain/openjpeg/commit/73fdf28342e4594019af26eb6a347a34eceb6296
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
https://crbug.com/1171049
https://crbug.com/1170531
https://crbug.com/1173702
https://crbug.com/1172054
https://crbug.com/1111239
https://crbug.com/1174582
https://crbug.com/1177465
https://crbug.com/1161144
https://crbug.com/1152226
https://crbug.com/1166138
https://crbug.com/1111646
https://crbug.com/1152894
https://crbug.com/1150810
https://crbug.com/1154250
https://crbug.com/1158010
https://crbug.com/1146651
https://crbug.com/1170584
https://crbug.com/1173879
https://crbug.com/1174186
https://crbug.com/1174943
https://crbug.com/1175507
https://crbug.com/1182767
https://crbug.com/1049265
https://crbug.com/1105875
https://crbug.com/1131929
https://crbug.com/1100748
https://crbug.com/1153445
https://crbug.com/1155516
https://crbug.com/1161739
https://crbug.com/1165392
https://crbug.com/1166091
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html
https://crbug.com/1167357
https://crbug.com/1181387
https://crbug.com/1186287
https://security.archlinux.org/CVE-2020-27844
https://security.archlinux.org/CVE-2021-21159
https://security.archlinux.org/CVE-2021-21160
https://security.archlinux.org/CVE-2021-21161
https://security.archlinux.org/CVE-2021-21162
https://security.archlinux.org/CVE-2021-21163
https://security.archlinux.org/CVE-2021-21165
https://security.archlinux.org/CVE-2021-21166
https://security.archlinux.org/CVE-2021-21167
https://security.archlinux.org/CVE-2021-21168
https://security.archlinux.org/CVE-2021-21169
https://security.archlinux.org/CVE-2021-21170
https://security.archlinux.org/CVE-2021-21171
https://security.archlinux.org/CVE-2021-21172
https://security.archlinux.org/CVE-2021-21173
https://security.archlinux.org/CVE-2021-21174
https://security.archlinux.org/CVE-2021-21175
https://security.archlinux.org/CVE-2021-21176
https://security.archlinux.org/CVE-2021-21177
https://security.archlinux.org/CVE-2021-21178
https://security.archlinux.org/CVE-2021-21179
https://security.archlinux.org/CVE-2021-21180
https://security.archlinux.org/CVE-2021-21181
https://security.archlinux.org/CVE-2021-21182
https://security.archlinux.org/CVE-2021-21183
https://security.archlinux.org/CVE-2021-21184
https://security.archlinux.org/CVE-2021-21185
https://security.archlinux.org/CVE-2021-21186
https://security.archlinux.org/CVE-2021-21187
https://security.archlinux.org/CVE-2021-21188
https://security.archlinux.org/CVE-2021-21189
https://security.archlinux.org/CVE-2021-21190
https://security.archlinux.org/CVE-2021-21191
https://security.archlinux.org/CVE-2021-21192
https://security.archlinux.org/CVE-2021-21193
chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html
crbug.com/1049265
crbug.com/1100748
crbug.com/1105875
crbug.com/1111239
crbug.com/1111646
crbug.com/1131929
crbug.com/1146651
crbug.com/1150810
crbug.com/1152226
crbug.com/1152894
crbug.com/1153445
crbug.com/1154250
crbug.com/1155516
crbug.com/1158010
crbug.com/1161144
crbug.com/1161739
crbug.com/1165392
crbug.com/1166091
crbug.com/1166138
crbug.com/1167357
crbug.com/1170531
crbug.com/1170584
crbug.com/1171049
crbug.com/1172054
crbug.com/1173702
crbug.com/1173879
crbug.com/1174186
crbug.com/1174582
crbug.com/1174943
crbug.com/1175507
crbug.com/1177465
crbug.com/1181387
crbug.com/1182767
crbug.com/1186287
github.com/uclouvain/openjpeg/commit/73fdf28342e4594019af26eb6a347a34eceb6296
github.com/uclouvain/openjpeg/issues/1299
github.com/uclouvain/openjpeg/pull/1301
security.archlinux.org/AVG-1633
security.archlinux.org/CVE-2020-27844
security.archlinux.org/CVE-2021-21159
security.archlinux.org/CVE-2021-21160
security.archlinux.org/CVE-2021-21161
security.archlinux.org/CVE-2021-21162
security.archlinux.org/CVE-2021-21163
security.archlinux.org/CVE-2021-21165
security.archlinux.org/CVE-2021-21166
security.archlinux.org/CVE-2021-21167
security.archlinux.org/CVE-2021-21168
security.archlinux.org/CVE-2021-21169
security.archlinux.org/CVE-2021-21170
security.archlinux.org/CVE-2021-21171
security.archlinux.org/CVE-2021-21172
security.archlinux.org/CVE-2021-21173
security.archlinux.org/CVE-2021-21174
security.archlinux.org/CVE-2021-21175
security.archlinux.org/CVE-2021-21176
security.archlinux.org/CVE-2021-21177
security.archlinux.org/CVE-2021-21178
security.archlinux.org/CVE-2021-21179
security.archlinux.org/CVE-2021-21180
security.archlinux.org/CVE-2021-21181
security.archlinux.org/CVE-2021-21182
security.archlinux.org/CVE-2021-21183
security.archlinux.org/CVE-2021-21184
security.archlinux.org/CVE-2021-21185
security.archlinux.org/CVE-2021-21186
security.archlinux.org/CVE-2021-21187
security.archlinux.org/CVE-2021-21188
security.archlinux.org/CVE-2021-21189
security.archlinux.org/CVE-2021-21190
security.archlinux.org/CVE-2021-21191
security.archlinux.org/CVE-2021-21192
security.archlinux.org/CVE-2021-21193
vivaldi.com/blog/desktop/minor-update-2-for-vivaldi-desktop-3-6/
vivaldi.com/blog/vivaldi-fires-up-performance-2/
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:P/I:P/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
92.0%