More internal network hosts could have been probed by a malicious webpage: Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine (CVE-2021-23961).
This update provides the upstream 6.1.20 maintenance release that fixes atleast the following security vulnerabilities: A difficult to exploit vulnerability in the Oracle VM VirtualBox (component: Core) prior to 6.1.20 allows high privileged attacker with
An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious rcp server (or
A remote information leak vulnerability and a remote buffer overflow vulnerability were discovered in ConnMan, which could result in denial of service or the execution of arbitrary code (CVE-2021-26675, CVE-2021-26676). References:
The updated packages fix a security vulnerability: A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition
There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality (CVE-2021-3426).
This kernel update is based on upstream 5.10.30 and fixes atleast the following security issues: nfc: fix refcount leak in llcp_sock_bind() (CVE-2020-25670)
This kernel-linus update is based on upstream 5.10.30 and fixes atleast the following security issues: nfc: fix refcount leak in llcp_sock_bind() (CVE-2020-25670)
Insufficient checks on the lengths of the XInput extension ChangeFeedbackControl request can lead to out of bounds memory accesses in the X server. These issues can lead to privilege escalation for authorized clients
