2.3 Explain various types of vulnerabilities

Memory Injection

A technique involving the injection of malware into the memory space of an existing process for executing malicious code.

Buffer Overflow

A vulnerability where data written to a buffer exceeds its capacity, potentially overwriting adjacent memory.

Race Conditions

Circumstances where two events occur concurrently, leading to unpredictable behavior in an application.

Time-of-Check to Time-of-Use (TOCTOU) Attack

A race condition where a system checks a condition and then uses the information, allowing another process to alter it in the interim.

Time-of-Use (TOU) Attack

A scenario similar to TOCTOU where unsynchronized processes interfere with each other’s execution.

Malicious Update

An update that looks legitimate but contains harmful code or vulnerabilities, often integrated during the software update process.

Operating System Vulnerabilities

Flaws or weaknesses present in an operating system that can be exploited by attackers to gain unauthorized access or perform malicious actions.

Web-Based Vulnerabilities

Flaws in web applications that can be exploited over the internet, often leading to unauthorized access or data breaches.

Structured Query Language Injection (SQLi)

A web-based attack where an attacker inserts or 'injects' malicious SQL queries via input fields in order to manipulate databases.

Cross-Site Scripting (XSS)

A vulnerability that allows attackers to inject malicious scripts into trusted websites, which are then executed in the victim's browser.

Hardware Vulnerabilities

Flaws in physical devices that can be exploited to gain unauthorized access or cause disruption.

Firmware Vulnerabilities

Security weaknesses found in the low-level software that controls hardware devices, which can lead to exploitation.

End-of-Life (EOL) Devices

Devices that the manufacturer no longer sells or supports, often leading to increased risk due to lack of security patches.

Legacy Devices

Older devices that may still be in use but run outdated software, resulting in potential security risks due to known vulnerabilities.

Virtualization Vulnerabilities

Security issues that arise within virtual environments, where multiple virtual machines operate on the same physical hardware.

Virtual Machine (VM) Escape

An attack that allows an attacker to escape the boundaries of a virtual machine, gaining access to the host system or other VMs.

Resource Reuse

A vulnerability associated with hypervisors where memory or other resources allocated to one VM might inadvertently be accessed by another VM.

Cloud-Specific Vulnerabilities

Security issues that arise specifically in cloud environments, often due to misconfigurations, lack of patches, or inadequate access controls.

Supply Chain Vulnerabilities

Security concerns related to the processes involved in acquiring raw materials to delivering the final product, with risks at each step of suppliers, manufacturers, and distributors.

Service Provider Vulnerabilities

Security issues arising when external third-party service providers have access to sensitive systems or data, which may lead to breaches if compromised.

Hardware Provider Vulnerabilities

Security risks associated with newly purchased hardware, including potential for malicious software to be embedded before delivery.

Software Provider Vulnerabilities

Risks linked to software updates or installations that may contain malicious code if the source is not trustworthy.

Cryptographic Vulnerabilities

Weaknesses in encryption algorithms or protocols that can be exploited to intercept or manipulate data.

Misconfiguration Vulnerabilities

Security risks that arise from incorrect setup of systems or applications, allowing unauthorized access or exploitation.

Mobile Device Vulnerabilities

Challenges in securing hand-held devices that may contain sensitive data and require specific security measures due to their portability and constant internet connectivity.

Sideloading

The process of installing applications on a mobile device from third-party sources, bypassing official app stores, which increases the risk of malware.

Jailbreaking

A method of removing software restrictions on iOS devices, allowing users to install unauthorized applications, effectively circumventing built-in security features.

Zero-Day Vulnerabilities

Security flaws that are exploited by attackers before the software vendor is aware of them or has developed a patch, leaving systems vulnerable until a fix is available.