Alon Zahavi

#9164of 53,633
29.9Total CVSS
Vulnerabilities · 4
Medium
1
High
3
PT-2023-7103
4.3
2023-11-06
Linux · Linux Kernel · CVE-2023-6121
**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** An out-of-bounds read issue was found in the NVMe-oF/TCP subsystem. This may allow a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data being printed and potentially leaked to the kernel ring buffer. The vulnerability is related to the `nvmet ctrl find get()` function in the drivers/nvme/target/core.c module. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-6049
10
2023-10-15
Linux · Linux Kernel · CVE-2023-5178
**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A use-after-free vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel due to a logical bug. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation. The vulnerability is related to the `nvmet tcp free crypto` function in the `drivers/nvme/target/tcp.c` file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-6438
7.8
2022-04-01
Linux · Linux Kernel · CVE-2021-3847
**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to an unauthorized access flaw in the Linux kernel OverlayFS subsystem. This flaw can be exploited by a local user to escalate their privileges on the system. The problem arises when a user copies a capable file from a nosuid mount into another mount. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-1665
7.8
2022-02-08
Microsoft · Sql Server · CVE-2022-23276
**Name of the Vulnerable Software and Affected Versions** SQL Server for Linux Containers (affected versions not specified) **Description** The issue is related to insecure privilege management in Microsoft SQL Server for Linux. Exploitation of this issue may allow an attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.