Show filters
63 Total Results
Displaying 41-50 of 63
Sort by:
Attacker Value
Unknown
CVE-2023-38200
Disclosure Date: July 24, 2023 (last updated April 25, 2024)
A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against its SSL connections. This flaw allows an attacker to exhaust all available connections.
0
Attacker Value
Unknown
CVE-2023-0179
Disclosure Date: March 27, 2023 (last updated October 08, 2023)
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.
0
Attacker Value
Unknown
CVE-2023-0494
Disclosure Date: March 27, 2023 (last updated October 08, 2023)
A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
0
Attacker Value
Unknown
CVE-2022-2601
Disclosure Date: December 14, 2022 (last updated October 08, 2023)
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.
0
Attacker Value
Unknown
CVE-2021-3695
Disclosure Date: July 06, 2022 (last updated November 29, 2024)
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.
0
Attacker Value
Unknown
CVE-2021-3696
Disclosure Date: July 06, 2022 (last updated November 29, 2024)
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
0
Attacker Value
Unknown
CVE-2021-3697
Disclosure Date: July 06, 2022 (last updated November 29, 2024)
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
0
Attacker Value
Unknown
CVE-2022-1011
Disclosure Date: March 18, 2022 (last updated October 07, 2023)
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.
0
Attacker Value
Unknown
CVE-2021-3744
Disclosure Date: March 04, 2022 (last updated October 07, 2023)
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.
0
Attacker Value
Unknown
CVE-2022-0492
Disclosure Date: March 03, 2022 (last updated November 10, 2023)
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
0