Threat Advisories - NVD Disclosed December 6, 2010

CVE-2010-4478

OpenSSH can be tricked into letting attackers in without knowing the password

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

OpenSSH versions before 5.7 could allow attackers to bypass login without the correct password if J-PAKE is enabled, potentially exposing sensitive data.

NVD published: December 6, 2010

CVE advisoryKnown Exploit

CVE-2010-3904

Linux Kernel Local Privilege Escalation Risk.

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability in the Linux kernel's Reliable Datagram Sockets protocol can allow local users to gain elevated privileges. This could impact organizations by enabling unauthorized access and control over affected systems. The realistic business risk involves potential data compromise and system disruption by attackers

NVD published: December 6, 2010 • CISA KEV

CVE advisoryKnown Exploit

CVE-2010-4398

Microsoft Windows Kernel Privilege Escalation Vulnerability

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability in Microsoft Windows kernel components allows local users to gain elevated privileges and bypass security features. This impacts affected Windows operating systems by enabling unauthorized privilege escalation, posing a business risk to organizations. The attack requires local system access and involves

NVD published: December 6, 2010 • CISA KEV