Exam Objective 2.3

Explain various types of vulnerabilities.

• Application vulnerabilities:
  • Memory injection: Unauthorized code inserted into a program’s memory space
  • Buffer overflow: Data exceeding allocated memory, leading to potential exploits
  • Race conditions: Conflicts arise when multiple processes access shared resources
  • TOC and TOU: Timing mismatches exploited during checks and usage
  • Malicious update: Attackers introducing harmful code through software updates
  • Operating System (OS) Vulnerabilities Web-Based Vulnerabilities: Weakness in a website or web application
  • SQL Injection (SQLI): Attackers manipulating input to exploit database vulnerabilities
  • Cross-Site Scripting (XSS): Malicious scripts injected into web pages
• Hardware vulnerabilities:
  • Firmware: Low-level software controlling hardware
  • End-of-life: Security gaps due to discontinued hardware support
  • Legacy: Older hardware with outdated security measures
• Virtualization vulnerabilities:
  • VM escape: Unauthorized breakout...