Top Linux Vulnerabilities for July 2021

Top Linux Vulnerabilities for July 2021

1. Apache httpd mod_session heap overflow affecting Red Hat Enterprise Linux 8

Severity: Critical         CVSS Score: 9.8

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow. The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-26691

2. The libX11 (<1.7.1) missing validation flaw affecting Red Hat Enterprise Linux 7 and 8

Severity: Critical         CVSS Score: 9.8

Exploiting this vulnerability, an attacker can inject X11 protocol commands on X clients, and potentially execute arbitrary code with permissions of the application compiled with libX11.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-31535

3. A use-after-free in Libxml2 (< 2.9.11)

Severity: Important    CVSS Score: 8.8

There’s a flaw in libxml2. An attacker can submit a crafted file to be processed by an application linked with libxml2 to trigger a use-after-free. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although it requires user interaction, it can be exposed over any network, with a low complexity attack, and without privileges.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3518

4. Buffer overrun flaw in PostgreSQL

Severity: Important    CVSS Score: 8.8

This is a vulnerability in PostgreSQL in versions before 13.3, before 12.7, before 11.12, before 10.17, and before 9.6.22.

Due to missing bound checks during an SQL array modification process, authenticated database users can write arbitrary bytes to a wide area of server memory.

The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this requires some privileges, it can be exposed over any network with a low complexity attack, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-32027

5. A missing length check of forwarded messages in Linux PTP

Severity: Important    CVSS Score: 8.8

This is a flaw in the PTP4l program of the Linux PTP package.

A remote attacker that can connect to the `ptp4l` service, can use a missing length check when forwarding a PTP message between ports to cause an information leak, crash, or execute remote code.

The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Syxscore Risk Alert

This vulnerability has a high risk as this can be exposed over any network, with a low complexity attack, low privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3570

Try Linux Patching with Syxsense

Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.