Show filters
22 Total Results
Displaying 1-10 of 22
Sort by:
Attacker Value
Unknown

CVE-2022-3602

Disclosure Date: November 01, 2022 (last updated December 22, 2024)
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to u…
Attacker Value
Unknown

CVE-2022-23824

Disclosure Date: November 08, 2022 (last updated February 04, 2024)
IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.
Attacker Value
Unknown

CVE-2022-23825

Disclosure Date: July 12, 2022 (last updated November 08, 2023)
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
Attacker Value
Unknown

CVE-2022-29900

Disclosure Date: July 12, 2022 (last updated October 18, 2023)
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.
Attacker Value
Unknown

CVE-2020-14148

Disclosure Date: June 15, 2020 (last updated November 08, 2023)
The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function.
Attacker Value
Unknown

CVE-2018-12207

Disclosure Date: November 14, 2019 (last updated November 08, 2023)
Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.
Attacker Value
Unknown

CVE-2018-1111

Disclosure Date: May 17, 2018 (last updated November 26, 2024)
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.
0
Attacker Value
Unknown

CVE-2018-5729

Disclosure Date: March 06, 2018 (last updated November 08, 2023)
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.
Attacker Value
Unknown

CVE-2018-5730

Disclosure Date: March 06, 2018 (last updated November 08, 2023)
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.
Attacker Value
Unknown

CVE-2017-15365

Disclosure Date: January 25, 2018 (last updated November 08, 2023)
sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.
0