1. Out-of-bounds write in ANGLE in Google Chrome (< 91.0.4472.101)

Severity: Important    CVSS Score: 8.8

This is a flaw in ANGLE. Exploiting this vulnerability, a remote attacker can potentially perform out-of-bounds memory access via a crafted HTML page.

The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

 Syxscore Risk Alert

This vulnerability has a major risk as though it requires user interaction to be exploited, this can be exposed over any network, with a low complexity attack and no privileges.

• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: Required
• Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-30547

2. An out-of-bounds memory write flaw in the Linux kernel affecting Red Hat Enterprise Linux 7 and 8

Severity: Important    CVSS Score: 7.8

This is a flaw in the Linux kernel’s joystick devices subsystem before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. A local attacker can use this flaw to crash the system or escalate their privileges on the system.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device, it can be exploited with a low complexity attack, low privileges, and without user interaction.

• Attack Vector: Local
• Attack Complexity: Low
• Privileges Required: Low
• User Interaction: None
• Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3612

3. Incorrect comparison during range check elimination in OpenJDK

Severity: Important    CVSS Score: 7.5

This is a flaw in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). The vulnerability is difficult to exploit as attacks require human interaction from a person other than the attacker.

Using this vulnerability, an unauthenticated attacker with network access via multiple protocols can compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this requires user interaction and a complex attack to be exploited, it can be exposed over any network with no privileges.

• Attack Vector: Network
• Attack Complexity: High
• Privileges Required: None
• User Interaction: Required
• Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-2388

4. Out-of-bounds write in the Linux kernel’s fs/seq_file.c

Severity: Important    CVSS Score: 7.0

Exploiting this flaw, a local attacker with a user privilege can escalate their privileges to root gaining access to out-of-bound memory, which can result in a system crash or a leak of internal kernel information.

The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device and the complexity of an attack is high, it requires low privileges and no user interaction.

• Attack Vector: Local
• Attack Complexity: High
• Privileges Required: Low
• User Interaction: None
• Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-33909

5. race condition for removal of the HCI controller in the kernel affecting Red Hat Enterprise Linux 7

Severity: Important    CVSS Score: 7.0

This is a flaw in the Linux kernel’s handling of the removal of Bluetooth HCI controllers. It allows a local attacker to exploit a race condition, leading to corrupted memory and possible privilege escalation.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device and requires a complex attack to be exploited, it needs low privileges and no user interaction.

• Attack Vector: Local
• Attack Complexity: High
• Privileges Required: Low
• User Interaction: None
• Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-32399