CLSA-2024-1722512538 Fix of 10 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-25744 - x86/sev: Rename memencrypt.c to memencryptamd.c - x86: Introduce ia32enabled - x86/coco: Disable 32-bit emulation by default on TDX and SEV CVE-url: https://ubuntu.com/security/CVE-2024-36016 - tty: ngsm: fix frame reception handling - tty:...

CVE-2020-11639 Insufficient access control on Inter process communication,

An attacker could exploit the vulnerability by injecting garbage data or specially crafted data. Depending on the data injected each process might be affected differently. The process could crash or cause communication issues on the affected node, effectively causing a denial-of-service attack. T...

CVE-2020-11639 Insufficient access control on Inter process communication,

An attacker could exploit the vulnerability by injecting garbage data or specially crafted data. Depending on the data injected each process might be affected differently. The process could crash or cause communication issues on the affected node, effectively causing a denial-of-service attack. T...

The vulnerability of the Docker Desktop platform for developing and delivering container applications lies in the insufficient restrictions on communication channels between endpoints. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the Docker Desktop platform for developing and delivering container applications stems from insufficient restrictions on communication channels between specified endpoints. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected...

DEBIAN-CVE-2024-36041

KSmserver in KDE Plasma Workspace aka plasma-workspace before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the...

kernel: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry

A flaw was found in the Linux kernel’s IPC system. This flaw allows an attacker to use a specially crafted program to cause a rare race condition, leading to a denial of service...

Fedora: Security Advisory for qt6-qtremoteobjects (FEDORA-2024-bfb8617ba3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: qt5-qtremoteobjects-5.15.14-1.fc40

Qt Remote Objects QtRO is an inter-process communication IPC module devel oped for Qt...

[SECURITY] Fedora 40 Update: qt6-qtremoteobjects-6.7.1-1.fc40

Qt Remote Objects QtRO is an inter-process communication IPC module devel oped for Qt...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from a vulnerability in the tipc module...

NVIDIA ChatRTX 安全漏洞

NVIDIA ChatRTX is a content personalization chatbot from NVIDIA, USA. A security vulnerability exists in NVIDIA ChatRTX. An attacker exploits the vulnerability to cause incorrect privilege management issues by leveraging inter-process communication between different processes...

CVE-2023-50914

A Privilege Escalation issue in the inter-process communication procedure from GOG Galaxy Beta 2.0.67.2 through v2.0.71.2 allows authentictaed users to change the DACL of arbitrary system directories to include Everyone full control permissions by modifying the FixDirectoryPrivileges instruction...

CVE-2023-50914

CVE-2023-50914 is a local privilege escalation in GOG Galaxy (Beta) IPC between GalaxyClient.exe and GalaxyClientService.exe. From 2.0.67.2 through 2.0.71.2, an authenticated user can forge IPC packets via FixDirectoryPrivileges, altering the DACL of arbitrary system directories to grant Everyone...

CVE-2023-50914

A Privilege Escalation issue in the inter-process communication procedure from GOG Galaxy Beta 2.0.67.2 through v2.0.71.2 allows authentictaed users to change the DACL of arbitrary system directories to include Everyone full control permissions by modifying the FixDirectoryPrivileges instruction...

CVE-2023-50914

A Privilege Escalation issue in the inter-process communication procedure from GOG Galaxy Beta 2.0.67.2 through v2.0.71.2 allows authentictaed users to change the DACL of arbitrary system directories to include Everyone full control permissions by modifying the FixDirectoryPrivileges instruction...

CLSA-2024-1714073581 Fix of 16 CVEs

Jammy update: v5.15.81 upstream stable release LP: 2003130 // CVE-url: https://ubuntu.com/security/CVE-2023-1382 - tipc: set con sock in tipcconnalloc - tipc: add an extra connget in tipcconnalloc CVE-url: https://ubuntu.com/security/CVE-2023-1998 - x86/speculation: Allow enabling STIBP with lega...

CVE-2024-29452

CVE-2024-29452 relates to ROS2 Humble Hawksbill, with insecure deserialization vulnerabilities in ROS2 Humble Hawksbill versions 2 and 3. The issue enables an attacker to execute arbitrary code and obtain sensitive information via crafted input affecting the Data Serialization and Deserialization...

CVE-2024-30736

CVE-2024-30736 entry is rejected/not used; withdrawn by CNA with no vulnerability evidence.

CVE-2024-30719

CVE-2024-30719 is rejected; this candidate is not used and does not reflect an active vulnerability entry.

PT-2024-23582 · Unknown · Ros2 Galactic Geochelone

Name of the Vulnerable Software and Affected Versions: ROS2 Galactic Geochelone versions 2 Description: An insecure deserialization vulnerability has been identified, allowing attackers to execute arbitrary code and obtain sensitive information via crafted input to the Data Serialization and...