SUSE CVE-2010-1187

The Transparent Inter-Process Communication TIPC functionality in Linux kernel 2.6.16-rc1 through 2.6.33, and possibly other versions, allows local users to cause a denial of service kernel OOPS by sending datagrams through AFTIPC before entering network mode, which triggers a NULL pointer...

SUSE CVE-2011-3079

The Inter-process Communication IPC implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors...

SUSE CVE-2013-2874

Google Chrome before 28.0.1500.71 on Windows, when an Nvidia GPU is used, allows remote attackers to bypass intended restrictions on access to screen data via vectors involving IPC transmission of GL textures...

SUSE CVE-2014-3188

Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors involving JSON data, related to improper parsing of an escaped index by ParseJsonObject in...

SUSE CVE-2015-1295

Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/printwebviewhelper.cc in Google Chrome before 45.0.2454.85 allow user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact by triggering nested IPC...

SUSE CVE-2019-9799

Insufficient bounds checking of data during inter-process communication might allow a compromised content process to be able to read memory from the parent process under certain conditions. This vulnerability affects Firefox 66...

SUSE CVE-2020-5963

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the Inter Process Communication APIs, in which improper access control may lead to code execution, denial of service, or information disclosure...

SUSE CVE-2020-25654

An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration...

SUSE CVE-2023-0412

TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file...

PT-2023-8970 · Qualcomm · Qualcomm

Name of the Vulnerable Software and Affected Versions: Qualcomm affected versions not specified Description: The issue is related to a buffer overflow in the memory of Qualcomm's embedded platform software, which can be exploited to execute arbitrary code. It is also described as memory corruptio...

PT-2023-16250 · Wireshark +3 · Wireshark +3

Name of the Vulnerable Software and Affected Versions: Wireshark versions 3.6.0 through 3.6.10 Wireshark versions 4.0.0 through 4.0.2 Description: The issue is related to a crash in the TIPC dissector of Wireshark, which can be triggered by packet injection or a crafted capture file, leading to a...

Microsoft Windows ALPC 安全漏洞

Microsoft Windows ALPC is an inter-process communication tool for high-speed messaging from Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows ALPC. An attacker can exploit the vulnerability to elevate privileges...

USN-5790-1 linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities

It was discovered that the BPF verifier in the Linux kernel did not properly handle internal data structures. A local attacker could use this to expose sensitive information kernel memory. CVE-2021-4159 It was discovered that a race condition existed in the Android Binder IPC subsystem in the Lin...

CVE-2022-46314

The IPC module has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability...

The vulnerability of the D-Bus inter-process communication system, related to the ability to achieve compliance in debugging builds, allows a malicious actor to trigger a service failure.

The vulnerability of the D-Bus inter-process communication mechanism is related to the occurrence of errors in debugging builds, caused by syntactically invalid signatures with incorrectly nested parentheses and curly braces. Exploiting this vulnerability can allow a malicious actor to cause...

The vulnerability of the D-Bus inter-process communication system, related to memory corruption after deallocation, allows a malicious actor to trigger a service failure.

The vulnerability of the D-Bus inter-process communication mechanism is related to a memory usage error that occurs after freeing memory, caused by messages with non-sequential byte orders and Unix file descriptors. Exploiting this vulnerability can allow an attacker to cause service failures...

The vulnerability of the D-Bus inter-process communication mechanism, related to a boundary error caused by an invalid fixed-length array of elements, allows a malicious actor to trigger a service failure.

The vulnerability of the D-Bus inter-process communication mechanism is related to a boundary error caused by an invalid fixed-length array element, where the length of the array is not a multiple of the length of an individual element. Exploiting this vulnerability can allow a malicious actor to...

D-BUS 安全漏洞

D-BUS is a message bus system, which is mainly used for inter-process communication and remote procedure calls. A security vulnerability exists in D-BUS versions prior to 1.12.24-0+deb11u1, which stems from the inclusion of multiple vulnerabilities in D-Bus that can be exploited by an attacker to...

Google Releases Urgent Chrome Update to Patch New Zero-Day Vulnerability

Google on Friday shipped emergency fixes to address a security vulnerability in the Chrome web browser that it said is being actively exploited in the wild. The issue, assigned the identifier CVE-2022-3075, concerns a case of insufficient data validation in Mojo, which refers to a collection of...

Electron 输入验证错误漏洞

Electron is a personal developer of a user to write cross-platform desktop application JavaScript framework. The framework is based on nodejs and Chromium can use HTML, CSS to achieve cross-platform desktop application writing. An input validation error vulnerability exists in Electron versions...