Read Time:3 Second
The following vulnerabilities have been discovered in the webkit2gtk
web engine:
Category Archives: Advisories
DSA-5059 policykit-1 – security update
Read Time:4 Second
The Qualys Research Labs discovered a local privilege escalation in
PolicyKit’s pkexec.
DSA-5058 openjdk-17 – security update
Read Time:7 Second
Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in denial of service, bypass of deserialization
restrictions or information disclosure.
DSA-5057 openjdk-11 – security update
Read Time:7 Second
Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in denial of service, bypass of deserialization
restrictions or information disclosure.
DSA-5056 strongswan – security update
Read Time:12 Second
Zhuowei Zhang discovered a bug in the EAP authentication client code of
strongSwan, an IKE/IPsec suite, that may allow to bypass the client and in some
scenarios even the server authentication, or could lead to a denial-of-service
attack.
DSA-5055 util-linux – security update
Read Time:16 Second
The Qualys Research Labs discovered two vulnerabilities in util-linux’s
libmount. These flaws allow an unprivileged user to unmount other users’
filesystems that are either world-writable themselves or mounted in a
world-writable directory
(CVE-2021-3996), or to unmount FUSE filesystems that belong to certain other
users
(CVE-2021-3995).
DSA-5054 chromium – security update
Read Time:7 Second
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
A Backdoor in WordPress AccessPress Plugins and Themes Could Allow an Attacker Access to a Targeted Website
Read Time:18 Second
A backdoor has been discovered in WordPress AccessPress plugins and themes, which could allow an attacker access to a targeted website. AccessPress plugins and themes are used to provide website functionality and design options to website administrators. Successful exploitation of this backdoor could allow an attacker to redirect users to malicious sites as well as access to the vulnerable website.
Multiple Vulnerabilities in Cisco Products Could Allow for Arbitrary Code Execution
Read Time:27 Second
Multiple vulnerabilities have been discovered in Cisco Products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow an unauthenticated, remote attacker to execute code on the affected systems. Depending on the privileges associated with the targeted user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users configured to have fewer privileges on the system could be less impacted than those who operate with elevated privileges.
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Read Time:31 Second
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.