1. Apache HTTP Server (2.4.48 and earlier) vulnerability

Severity: Critical     CVSS Score: 9.8

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party/external modules may.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: None
• Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-39275

2. Missing input validation in domain names in Node.js

Severity: Critical         CVSS Score: 9.8

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to remote code execution, Cross-site scripting (XSS), application crashes due to missing input validation of hostnames returned by Domain Name Servers in the Node.js DNS library, which can lead to the output of wrong hostnames (leading to Domain hijacking) and injection vulnerabilities in applications using the library.

The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

• Attack Vector:             Network
• Attack Complexity:     Low
• Privileges Required:    None
• User Interaction:         None
• Scope (Jump Point):    Unchanged

CVE Reference(s): CVE-2021-22931

3. Kubernetes vulnerability

Severity: Important    CVSS Score: 8.1

Exploiting this flaw, an authorized user can create a container with subpath volume mounts to access files and directories outside of the volume, including on the host node’s filesystem.

The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, low privileges, and without user interaction.

• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: Low
• User Interaction: None
• Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-25741

4. aTFTP vulnerability (through 0.7.4)

Severity: Important    CVSS Score: 7.5

There is a buffer overflow in tftpd_file.c in aTFTP because buffer-size handling does not properly consider the combination of data, OACK, and other options.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: None
• Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-41054