12 matches found
Exploit for CVE-2023-52927
CVE-2023-52927 LPE exploit for CVE-2023-52927 - a Use-After-F...
CVE-2022-31055
kCTF is a Kubernetes-based infrastructure for capture the flag CTF competitions. Prior to version 1.6.0, the kctf cluster set-src-ip-ranges was broken and allowed traffic from any IP. The problem has been patched in v1.6.0. As a workaround, those who want to test challenges privately can mark the...
CVE-2024-1085
A use-after-free vulnerability in the Linux kernel's netfilter: nftables component can be exploited to achieve local privilege escalation. The nftsetelemcatchalldeactivate function checks whether the catch-all set element is active in the current generation instead of the next generation before...
CVE-2023-5717
A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events perf component can be exploited to achieve local privilege escalation. If perfreadgroup is called while an event's siblinglist is smaller than its child's siblinglist, it can increment or write to memor...
CVE-2023-4921
A use-after-free vulnerability in the Linux kernel's net/sched: schqfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfqdequeue due to the incorrect .peek handler of...
CVE-2023-0461
There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIGTLS or CONFIGXFRMESPINTCP has to be configured, but the operation does not require any privilege. There is a...
Google kCTF Access Control Error Vulnerability
Google kCTF is a Kubernetes-based CTF competition infrastructure from Google Google. kCTF v1.6.0 prior to the release of Google kCTF has an access control error vulnerability, which stems from the existence of improper access control in the kctf cluster, which can be exploited by attackers to...
CVE-2022-31055
kCTF is a Kubernetes-based infrastructure for capture the flag CTF competitions. Prior to version 1.6.0, the kctf cluster set-src-ip-ranges was broken and allowed traffic from any IP. The problem has been patched in v1.6.0. As a workaround, those who want to test challenges privately can mark the...
CVE-2022-31055 Improper Access Control in kctf
kCTF is a Kubernetes-based infrastructure for capture the flag CTF competitions. Prior to version 1.6.0, the kctf cluster set-src-ip-ranges was broken and allowed traffic from any IP. The problem has been patched in v1.6.0. As a workaround, those who want to test challenges privately can mark the...
CVE-2022-31055 Improper Access Control in kctf
kCTF is a Kubernetes-based infrastructure for capture the flag CTF competitions. Prior to version 1.6.0, the kctf cluster set-src-ip-ranges was broken and allowed traffic from any IP. The problem has been patched in v1.6.0. As a workaround, those who want to test challenges privately can mark the...
CVE-2022-31055 Improper Access Control in kctf
kCTF is a Kubernetes-based infrastructure for capture the flag CTF competitions. Prior to version 1.6.0, the kctf cluster set-src-ip-ranges was broken and allowed traffic from any IP. The problem has been patched in v1.6.0. As a workaround, those who want to test challenges privately can mark the...
CVE-2022-31055
Summary: CVE-2022-31055 relates to Google kCTF, a Kubernetes-based CTF infrastructure. Several connected sources confirm that prior to version 1.6.0 the kCTF cluster set-src-ip-ranges feature was broken, effectively allowing traffic from any IP due to improper access control. The issue was patche...