
Linux Vulnerabilities of the Week: October 4, 2021
See this week's top Linux issues and keep your IT environment protected from the latest October Linux vulnerabilities.
1. Apache HTTP Server (2.4.48 and earlier) vulnerability
Severity: Critical    CVSS Score: 9.8
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party/external modules may.
Syxscore Risk Alert
This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope (Jump Point): Unchanged
CVE Reference(s): CVE-2021-39275
2. Missing input validation in domain names in Node.js
Severity: Critical        CVSS Score: 9.8
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to remote code execution, Cross-site scripting (XSS), application crashes due to missing input validation of hostnames returned by Domain Name Servers in the Node.js DNS library, which can lead to the output of wrong hostnames (leading to Domain hijacking) and injection vulnerabilities in applications using the library.
The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Syxscore Risk Alert
This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.
- Attack Vector:Â Â Â Â Â Â Â Â Â Â Â Â Network
- Attack Complexity:Â Â Â Â Low
- Privileges Required:Â Â Â None
- User Interaction:Â Â Â Â Â Â Â Â None
- Scope (Jump Point):Â Â Â Unchanged
CVE Reference(s): CVE-2021-22931
3. Kubernetes vulnerability
Severity: Important   CVSS Score: 8.1
Exploiting this flaw, an authorized user can create a container with subpath volume mounts to access files and directories outside of the volume, including on the host node’s filesystem.
The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Syxscore Risk Alert
This vulnerability has a major risk as this can be exposed over any network, with low complexity, low privileges, and without user interaction.
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope (Jump Point): Unchanged
CVE Reference(s): CVE-2021-25741
4. aTFTP vulnerability (through 0.7.4)
Severity: Important   CVSS Score: 7.5
There is a buffer overflow in tftpd_file.c in aTFTP because buffer-size handling does not properly consider the combination of data, OACK, and other options.
Syxscore Risk Alert
This vulnerability has a major risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope (Jump Point): Unchanged
CVE Reference(s): CVE-2021-41054
Join Our October Linux Webcast
Explore the latest Linux updates for October 2021. We discuss the most urgent patches and priorities for the month.
Schedule Your Syxsense Demo
Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.