Tavis Ormandy discovered that incorrect parsing of pkcs7 sequences in
nss, the Mozilla Network Security Service library, may result in denial
of service.

Read More

The following vulnerabilities have been discovered in the wpewebkit
web engine:

Read More

The following vulnerabilities have been discovered in the webkit2gtk
web engine:

Read More

The Qualys Research Labs discovered a local privilege escalation in
PolicyKit’s pkexec.

Read More

Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in denial of service, bypass of deserialization
restrictions or information disclosure.

Read More

Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in denial of service, bypass of deserialization
restrictions or information disclosure.

Read More

Zhuowei Zhang discovered a bug in the EAP authentication client code of
strongSwan, an IKE/IPsec suite, that may allow to bypass the client and in some
scenarios even the server authentication, or could lead to a denial-of-service
attack.

Read More

The Qualys Research Labs discovered two vulnerabilities in util-linux’s
libmount. These flaws allow an unprivileged user to unmount other users’
filesystems that are either world-writable themselves or mounted in a
world-writable directory
(CVE-2021-3996), or to unmount FUSE filesystems that belong to certain other
users
(CVE-2021-3995).

Read More

Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.

Read More

A backdoor has been discovered in WordPress AccessPress plugins and themes, which could allow an attacker access to a targeted website. AccessPress plugins and themes are used to provide website functionality and design options to website administrators. Successful exploitation of this backdoor could allow an attacker to redirect users to malicious sites as well as access to the vulnerable website.

Read More