Show filters
63 Total Results
Displaying 41-50 of 63
Sort by:
Attacker Value
Unknown

CVE-2023-38200

Disclosure Date: July 24, 2023 (last updated April 25, 2024)
A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against its SSL connections. This flaw allows an attacker to exhaust all available connections.
Attacker Value
Unknown

CVE-2023-0179

Disclosure Date: March 27, 2023 (last updated October 08, 2023)
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.
Attacker Value
Unknown

CVE-2023-0494

Disclosure Date: March 27, 2023 (last updated October 08, 2023)
A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.
Attacker Value
Unknown

CVE-2022-2601

Disclosure Date: December 14, 2022 (last updated October 08, 2023)
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.
Attacker Value
Unknown

CVE-2021-3695

Disclosure Date: July 06, 2022 (last updated November 29, 2024)
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.
Attacker Value
Unknown

CVE-2021-3696

Disclosure Date: July 06, 2022 (last updated November 29, 2024)
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
Attacker Value
Unknown

CVE-2021-3697

Disclosure Date: July 06, 2022 (last updated November 29, 2024)
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
Attacker Value
Unknown

CVE-2022-1011

Disclosure Date: March 18, 2022 (last updated October 07, 2023)
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.
Attacker Value
Unknown

CVE-2021-3744

Disclosure Date: March 04, 2022 (last updated October 07, 2023)
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.
Attacker Value
Unknown

CVE-2022-0492

Disclosure Date: March 03, 2022 (last updated November 10, 2023)
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.