Skip to main content
News

Linux Vulnerabilities of the Week: May 3, 2021

By May 5, 2021June 22nd, 2022No Comments
||

Linux Vulnerabilities of the Week: May 3, 2021

Are you caught up on May's latest Linux vulnerabilities? See this week's top issues and keep your IT environment protected.

[vc_empty_space]
[vc_single_image image=”364537″ img_size=”full”]

1. Unsafe deserialization in XStream

Severity: Critical         CVSS Score: 9.8

This is a flaw in XStream which allows a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream.

The highest threat from this vulnerability is to data confidentiality and system availability.

 Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-21347

[vc_separator]

2. WebKitGTK (<2.30.6) logic issue affecting Red Hat Enterprise Linux 8

Severity: Critical         CVSS Score: 9.8

This is a logic issue in WebKitGTK and WPE WebKit that allows a remote attacker to execute arbitrary code.

The highest threat from this vulnerability is to data confidentiality and system availability.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-1870

[vc_separator]

3. Memory corruption issue in WebKitGTK and WPE WebKit (<32.0)

Severity: Important    CVSS Score: 8.8

This is a memory corruption issue in WebKitGTK and WPE WebKit which may lead to arbitrary code execution in case of processing maliciously crafted web content.

The highest threat from this vulnerability is to data confidentiality and system availability.

Syxscore Risk Alert

This vulnerability has a high risk. Although the cyberattack requires user interaction, it can be exposed over any network, with low complexity and no privileges.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-1844

[vc_separator]

4. Firefox (< 85) Vulnerability

Severity: Important    CVSS Score: 7.4

As a result of this vulnerability, an internal network’s hosts and services running on the user’s local machine can be exposed by further techniques built on the slipstream research combined with a malicious webpage

Syxscore Risk Alert

This vulnerability has a high risk as though it requires user interaction, it can be exposed over any network by an attack of low complexity, with no privileges.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Changed

CVE Reference(s): CVE-2021-23961

[vc_separator]

5. WebKitGTK and WPE WebKit (<2.30.6.) port redirection issue

Severity: Medium       CVSS Score: 6.5

This is a port redirection issue in WebKitGTK and WPE WebKit that allows a malicious website to access restricted ports on arbitrary servers.

The highest threat from this vulnerability is to data integrity.

Syxscore Risk Alert

This vulnerability has a moderate risk. Although it requires user interaction, it can be exposed over any network an attack of low complexity, with no privileges.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-1799

[vc_separator]

Try Linux Patching with Syxsense

Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”]
[vc_single_image image=”37252″ img_size=”full” css_animation=”fadeIn” css=”.vc_custom_1611965477970{padding-right: 20px !important;padding-left: 20px !important;}”]

Leave a Reply