1. Unsafe deserialization in XStream

Severity: Critical         CVSS Score: 9.8

This is a flaw in XStream which allows a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream.

The highest threat from this vulnerability is to data confidentiality and system availability.

 Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: None
• Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-21347

2. WebKitGTK (<2.30.6) logic issue affecting Red Hat Enterprise Linux 8

Severity: Critical         CVSS Score: 9.8

This is a logic issue in WebKitGTK and WPE WebKit that allows a remote attacker to execute arbitrary code.

The highest threat from this vulnerability is to data confidentiality and system availability.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: None
• Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-1870

3. Memory corruption issue in WebKitGTK and WPE WebKit (<32.0)

Severity: Important    CVSS Score: 8.8

This is a memory corruption issue in WebKitGTK and WPE WebKit which may lead to arbitrary code execution in case of processing maliciously crafted web content.

The highest threat from this vulnerability is to data confidentiality and system availability.

Syxscore Risk Alert

This vulnerability has a high risk. Although the cyberattack requires user interaction, it can be exposed over any network, with low complexity and no privileges.

• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: Required
• Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-1844

4. Firefox (< 85) Vulnerability

Severity: Important    CVSS Score: 7.4

As a result of this vulnerability, an internal network’s hosts and services running on the user’s local machine can be exposed by further techniques built on the slipstream research combined with a malicious webpage

Syxscore Risk Alert

This vulnerability has a high risk as though it requires user interaction, it can be exposed over any network by an attack of low complexity, with no privileges.

• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: Required
• Scope (Jump Point): Changed

CVE Reference(s): CVE-2021-23961

5. WebKitGTK and WPE WebKit (<2.30.6.) port redirection issue

Severity: Medium       CVSS Score: 6.5

This is a port redirection issue in WebKitGTK and WPE WebKit that allows a malicious website to access restricted ports on arbitrary servers.

The highest threat from this vulnerability is to data integrity.

Syxscore Risk Alert

This vulnerability has a moderate risk. Although it requires user interaction, it can be exposed over any network an attack of low complexity, with no privileges.

• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: Required
• Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-1799