Warning: Undefined array key "host" in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 485

Warning: Undefined variable $scrape_url_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 525

Warning: Undefined variable $comments_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 527

CVE-2022-2601

A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.

Publication date: Wed, 14 Dec 2022 00:00:00 +0000

Cyber News related to CVE-2022-2601

Warning: Undefined array key "host" in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 364

Warning: Undefined variable $domain_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 466

CVE-2025-22102 - In the Linux kernel, the following vulnerability has been resolved: ...
4 months ago

CVE-2022-48919 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago

Microsoft fixes Linux boot issues on dual-boot Windows systems - Microsoft has fixed a known issue preventing Linux from booting on dual-boot systems with Secure Boot enabled after installing the August 2024 Windows security updates. Microsoft confirmed the known issue following widespread reports, ...
3 months ago Bleepingcomputer.com CVE-2022-2601

CVE-2022-40939 - In certain Secustation products the administrator account password can be read. This affects V2.5.5.3116-S50-SMA-B20171107A, V2.3.4.1301-M20-TSA-B20150617A, V2.5.5.3116-S50-RXA-B20180502A, V2.5.5.3116-S50-SMA-B20190723A, ...
2 years ago

CVE-2022-2601 - A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow ...
1 year ago CVE-2022-2601

CVE-2006-2601 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2589. Reason: This candidate is a duplicate of CVE-2006-2589. Notes: All CVE users should reference CVE-2006-2589 instead of this candidate. All references and descriptions in ...
55 years ago Tenable.com

CVE-2016-8217 - EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 Timing Attack Vulnerability. A possible timing attack could be carried out by modifying a PKCS#12 file that has an integrity MAC for which the password is not known. An attacker could then ...
3 years ago

CVE-2021-40978 - The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601.] and ...
1 year ago

CVE-2014-2601 - The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160 vulnerability-assessment tool. ...
11 years ago

CVE-2006-6209 - Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart and ASP Plus Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) id2006quant parameter to (a) item_show.asp, or the (2) maingroup or (3) secondgroup ...
6 years ago

CVE-2005-2601 - SQL injection vulnerability in MidiCart allows remote attackers to execute arbitrary SQL commands via the code_no parameter to (1) Item_Show.asp or (2) search_list.asp. ...
17 years ago

CVE-2010-2601 - Multiple buffer overflows in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.7 and earlier and 5.0.0 through 5.0.2, and BlackBerry Professional Software 4.1.4 and ...
14 years ago

CVE-2011-2601 - The GPU support functionality in Mac OS X does not properly restrict rendering time, which allows remote attackers to cause a denial of service (desktop hang) via vectors involving WebGL and (1) shader programs or (2) complex 3D geometry, as ...
14 years ago

CVE-2008-2601 - Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 12.0.4 has unknown impact and remote authenticated attack vectors. ...
12 years ago

CVE-2004-2601 - PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) allows remote attackers to read local files and possibly execute PHP code via a URL in the SKIN_inner parameter to inc/skin.php. ...
8 years ago

CVE-2012-2601 - SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch WhatsUp Gold 15.02 allows remote attackers to execute arbitrary SQL commands via the sGroupList parameter. ...
8 years ago

CVE-2013-2601 - The NDVM in Citrix XenClient XT before 2.1.3 and 3.x before 3.1.4 allows remote attackers to execute arbitrary commands by using the UIVM to create a network connection. ...
8 years ago

CVE-2009-2601 - SQL injection vulnerability in the Joomlaequipment (aka JUser or com_juser) component 2.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_profile action to index.php. ...
7 years ago

CVE-2007-2601 - Buffer overflow in a certain ActiveX control in the GDivX Zenith Player AviFixer class in fix.dll 1.0.0.1 allows remote attackers to execute arbitrary code via a long SetInputFile property value. ...
1 year ago

CVE-2018-2601 - Vulnerability in the Oracle Internet Directory component of Oracle Fusion Middleware (subcomponent: Oracle Directory Services Manager). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0 and 12.2.1.3.0. Difficult to exploit vulnerability ...
5 years ago

CVE-2019-2601 - Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability ...
5 years ago

CVE-2015-2601 - Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R28.3.6, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE. ...
3 years ago

CVE-2017-2601 - Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions (SECURITY-353). Users with the permission to configure jobs were able to inject JavaScript into parameter names and ...
2 years ago

CVE-2023-2601 - The wpbrutalai WordPress plugin before 2.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin via CSRF. ...
2 years ago

CVE-2016-2601 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none ...
55 years ago Tenable.com