AgileBits 1Password IPC Protection Bypass (CVE-2024-42219) (macOS)

The version of AgileBits 1Password installed on the remote macOS or Mac OS X host is prior to 8.10.36. It is, therefore, affected by an inter-process communication bypass vulnerability that allows local attackers to exfiltrate vault items. Note that Nessus has not tested for this issue but has...

CVE-2024-42219

1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-process communication validation is insufficient...

CVE-2024-42219

1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-process communication validation is insufficient...

CVE-2024-42219

1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-process communication validation is insufficient...

PT-2024-29794 · Agilebits · 1Password

Name of the Vulnerable Software and Affected Versions: 1Password versions prior to 8.10.36 for macOS Description: The issue allows local attackers to exfiltrate vault items due to insufficient XPC inter-process communication validation. Recommendations: For versions prior to 8.10.36, update to...

AgileBits 1Password For Mac 安全漏洞

AgileBits 1Password For Mac is a password management software from AgileBits Canada. It is used to store a variety of different passwords. A security vulnerability exists in AgileBits 1Password For Mac prior to version 8.10.36, which stems from insufficient authentication of XPC inter-process...

CLSA-2024-1722512538 Fix of 10 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-25744 - x86/sev: Rename memencrypt.c to memencryptamd.c - x86: Introduce ia32enabled - x86/coco: Disable 32-bit emulation by default on TDX and SEV CVE-url: https://ubuntu.com/security/CVE-2024-36016 - tty: ngsm: fix frame reception handling - tty:...

CVE-2020-11639 Insufficient access control on Inter process communication,

An attacker could exploit the vulnerability by injecting garbage data or specially crafted data. Depending on the data injected each process might be affected differently. The process could crash or cause communication issues on the affected node, effectively causing a denial-of-service attack. T...

CVE-2020-11639 Insufficient access control on Inter process communication,

An attacker could exploit the vulnerability by injecting garbage data or specially crafted data. Depending on the data injected each process might be affected differently. The process could crash or cause communication issues on the affected node, effectively causing a denial-of-service attack. T...

The vulnerability of the Docker Desktop platform for developing and delivering container applications lies in the insufficient restrictions on communication channels between endpoints. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the Docker Desktop platform for developing and delivering container applications stems from insufficient restrictions on communication channels between specified endpoints. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected...

DEBIAN-CVE-2024-36041

KSmserver in KDE Plasma Workspace aka plasma-workspace before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the...

kernel: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry

A flaw was found in the Linux kernel’s IPC system. This flaw allows an attacker to use a specially crafted program to cause a rare race condition, leading to a denial of service...

Fedora: Security Advisory for qt6-qtremoteobjects (FEDORA-2024-bfb8617ba3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: qt5-qtremoteobjects-5.15.14-1.fc40

Qt Remote Objects QtRO is an inter-process communication IPC module devel oped for Qt...

The vulnerability of the tipc_udp_nl_dump_remoteip() function in the implementation of the TIPC protocol allows a attacker to gain access to protected data or cause a service failure.

The vulnerability of the tipcudpnldumpremoteip function in the net/tipc/udpmedia.c module of the TIPC Transparent Inter-Process Communication protocol implementation in the Linux operating system is related to incorrect validation of the received data. Exploiting this vulnerability may allow an...

[SECURITY] Fedora 40 Update: qt6-qtremoteobjects-6.7.1-1.fc40

Qt Remote Objects QtRO is an inter-process communication IPC module devel oped for Qt...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from a vulnerability in the tipc module...

NVIDIA ChatRTX 安全漏洞

NVIDIA ChatRTX is a content personalization chatbot from NVIDIA, USA. A security vulnerability exists in NVIDIA ChatRTX. An attacker exploits the vulnerability to cause incorrect privilege management issues by leveraging inter-process communication between different processes...

CVE-2023-50914

A Privilege Escalation issue in the inter-process communication procedure from GOG Galaxy Beta 2.0.67.2 through v2.0.71.2 allows authentictaed users to change the DACL of arbitrary system directories to include Everyone full control permissions by modifying the FixDirectoryPrivileges instruction...

CVE-2023-50914

A Privilege Escalation issue in the inter-process communication procedure from GOG Galaxy Beta 2.0.67.2 through v2.0.71.2 allows authentictaed users to change the DACL of arbitrary system directories to include Everyone full control permissions by modifying the FixDirectoryPrivileges instruction...