SUSE CVE-2023-0412

TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file...

Qualcomm IPC 安全漏洞

Qualcomm IPC is a Qualcomm Incorporated support component used in chips. A security vulnerability exists in Qualcomm IPC that originates from memory corruption due to improper access control in Qualcomm IPC...

PT-2023-8970 · Qualcomm · Qualcomm

Name of the Vulnerable Software and Affected Versions: Qualcomm affected versions not specified Description: The issue is related to a buffer overflow in the memory of Qualcomm's embedded platform software, which can be exploited to execute arbitrary code. It is also described as memory corruptio...

PT-2023-16250 · Wireshark +3 · Wireshark +3

Name of the Vulnerable Software and Affected Versions: Wireshark versions 3.6.0 through 3.6.10 Wireshark versions 4.0.0 through 4.0.2 Description: The issue is related to a crash in the TIPC dissector of Wireshark, which can be triggered by packet injection or a crafted capture file, leading to a...

Microsoft Windows ALPC 安全漏洞

Microsoft Windows ALPC is an inter-process communication tool for high-speed messaging from Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows ALPC. An attacker can exploit the vulnerability to elevate privileges...

USN-5790-1 linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities

It was discovered that the BPF verifier in the Linux kernel did not properly handle internal data structures. A local attacker could use this to expose sensitive information kernel memory. CVE-2021-4159 It was discovered that a race condition existed in the Android Binder IPC subsystem in the Lin...

CVE-2022-46314

The IPC module has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability...

The vulnerability of the D-Bus inter-process communication mechanism, related to a boundary error caused by an invalid fixed-length array of elements, allows a malicious actor to trigger a service failure.

The vulnerability of the D-Bus inter-process communication mechanism is related to a boundary error caused by an invalid fixed-length array element, where the length of the array is not a multiple of the length of an individual element. Exploiting this vulnerability can allow a malicious actor to...

The vulnerability of the D-Bus inter-process communication system, related to the ability to achieve compliance in debugging builds, allows a malicious actor to trigger a service failure.

The vulnerability of the D-Bus inter-process communication mechanism is related to the occurrence of errors in debugging builds, caused by syntactically invalid signatures with incorrectly nested parentheses and curly braces. Exploiting this vulnerability can allow a malicious actor to cause...

The vulnerability of the D-Bus inter-process communication system, related to memory corruption after deallocation, allows a malicious actor to trigger a service failure.

The vulnerability of the D-Bus inter-process communication mechanism is related to a memory usage error that occurs after freeing memory, caused by messages with non-sequential byte orders and Unix file descriptors. Exploiting this vulnerability can allow an attacker to cause service failures...

D-BUS 安全漏洞

D-BUS is a message bus system, which is mainly used for inter-process communication and remote procedure calls. A security vulnerability exists in D-BUS versions prior to 1.12.24-0+deb11u1, which stems from the inclusion of multiple vulnerabilities in D-Bus that can be exploited by an attacker to...

Google Releases Urgent Chrome Update to Patch New Zero-Day Vulnerability

Google on Friday shipped emergency fixes to address a security vulnerability in the Chrome web browser that it said is being actively exploited in the wild. The issue, assigned the identifier CVE-2022-3075, concerns a case of insufficient data validation in Mojo, which refers to a collection of...

Electron 输入验证错误漏洞

Electron is a personal developer of a user to write cross-platform desktop application JavaScript framework. The framework is based on nodejs and Chromium can use HTML, CSS to achieve cross-platform desktop application writing. An input validation error vulnerability exists in Electron versions...

kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks

A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from th...

kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks

A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from th...

kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS

A stack overflow flaw was found in the Linux kernel’s TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges...

USN-5377-1: Linux kernel (BlueField) vulnerabilities

It was discovered that the network traffic control implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-1055 Yiqi Sun and Kevin Wang discovered that the...

DEBIAN-CVE-2022-0435

A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges...

Mozilla: Use-after-free in WebGPU IPC Framework

An unexpected message in the WebGPU IPC framework could lead to an exploitable sandbox escape and a use-after-free issue. An attacker with enough privileges could exploit this flaw leading to a complete system compromise...

Mozilla: Use-after-free in WebGPU IPC Framework

An unexpected message in the WebGPU IPC framework could lead to an exploitable sandbox escape and a use-after-free issue. An attacker with enough privileges could exploit this flaw leading to a complete system compromise...