CVE-2023-50914

CVE-2023-50914 is a local privilege escalation in GOG Galaxy (Beta) IPC between GalaxyClient.exe and GalaxyClientService.exe. From 2.0.67.2 through 2.0.71.2, an authenticated user can forge IPC packets via FixDirectoryPrivileges, altering the DACL of arbitrary system directories to grant Everyone...

CVE-2023-50914

A Privilege Escalation issue in the inter-process communication procedure from GOG Galaxy Beta 2.0.67.2 through v2.0.71.2 allows authentictaed users to change the DACL of arbitrary system directories to include Everyone full control permissions by modifying the FixDirectoryPrivileges instruction...

CLSA-2024-1714073581 Fix of 16 CVEs

Jammy update: v5.15.81 upstream stable release LP: 2003130 // CVE-url: https://ubuntu.com/security/CVE-2023-1382 - tipc: set con sock in tipcconnalloc - tipc: add an extra connget in tipcconnalloc CVE-url: https://ubuntu.com/security/CVE-2023-1998 - x86/speculation: Allow enabling STIBP with lega...

CVE-2024-29452

CVE-2024-29452 relates to ROS2 Humble Hawksbill, with insecure deserialization vulnerabilities in ROS2 Humble Hawksbill versions 2 and 3. The issue enables an attacker to execute arbitrary code and obtain sensitive information via crafted input affecting the Data Serialization and Deserialization...

CVE-2024-30719

CVE-2024-30719 is rejected; this candidate is not used and does not reflect an active vulnerability entry.

CVE-2024-30736

CVE-2024-30736 entry is rejected/not used; withdrawn by CNA with no vulnerability evidence.

CVE-2024-30687

CVE-2024-30687 has been withdrawn; multiple sources (NVD, CNNVD, CVE List) state: “DO NOT USE THIS CANDIDATE NUMBER. This candidate was withdrawn by its CNA. Further investigation showed that there was not reasonable evidence to determine the existence of a vulnerability.” Consequently, there is ...

CVE-2024-30704

CVE-2024-30704 entry is rejected/not used and does not represent an active vulnerability entry.

PT-2024-23582 · Unknown · Ros2 Galactic Geochelone

Name of the Vulnerable Software and Affected Versions: ROS2 Galactic Geochelone versions 2 Description: An insecure deserialization vulnerability has been identified, allowing attackers to execute arbitrary code and obtain sensitive information via crafted input to the Data Serialization and...

The vulnerability of the D-Bus inter-process communication system, related to access control errors, allows a perpetrator to trigger a service failure.

The vulnerability of the D-Bus inter-process communication mechanism is related to the possibility for unprivileged users to abruptly terminate the dbus-daemon process. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

AZL-59267 CVE-2024-26811 affecting package kernel for versions less than 6.6.82.1-1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate payload size in ipc response If installing malicious ksmbd-tools, ksmbd.mountd can return invalid ipc response to ksmbd kernel server. ksmbd should validate payload size of ipc response from ksmbd.mountd to avoid...

PT-2024-14006 · Gog · Gog Galaxy

Name of the Vulnerable Software and Affected Versions: GOG Galaxy Beta versions 2.0.67.2 through 2.0.71.2 Description: A Privilege Escalation issue in the inter-process communication procedure allows authenticated users to change the DACL of arbitrary system directories to include Everyone full...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from the presence of post-release reuse in tipc...

Exploit for Use of Hard-coded Credentials in Gog Galaxy

GOG Galaxy - Research Artifacts Repository Structure This...

CVE-2023-6660

When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy operation had succeeded. This means that the data to be written is instead replaced with whatever...

CVE-2023-6660 NFS client data corruption and kernel memory disclosure

When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy operation had succeeded. This means that the data to be written is instead replaced with whatever...

CVE-2023-47248

Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability only...

ALSA-2023:6578 Moderate: libqb security update

The libqb packages provide a library with the primary purpose of providing high performance client/server reusable features, such as high performance logging, tracing, inter-process communication, and polling. Security Fixes: libqb: Buffer overflow in logblackbox.c CVE-2023-39976 For more details...

Moderate: libqb security update

The libqb packages provide a library with the primary purpose of providing high performance client/server reusable features, such as high performance logging, tracing, inter-process communication, and polling. Security Fixes: libqb: Buffer overflow in logblackbox.c CVE-2023-39976 For more details...

Qualcomm Chipsets Security Vulnerability

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from information disclosure in the Qualcomm IPC when reading values from shared memory in a VM...