Google Android - Inter-Process munmap with User-Controlled Size in android.graphics.Bitmap

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=928 Bitmap objects can be passed between processes by flattening them to a Parcel in one process and un-flattening them in another. In order to conserve memory, there exists a code path which allows Bitmaps to be shared between...

needle - The iOS Security Testing Framework

Needle is an open source, modular framework to streamline the process of conducting security assessments of iOS apps. Description Assessing the security of an iOS application typically requires a plethora of tools, each developed for a specific need and all with different modes of operation and...

CVE-2016-7549

Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service invalid pointer dereference and application crash or possibly have unspecified other impact by leveragi...

chromium-browser: DoS via invalid recipient of IPC message

Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service invalid pointer dereference and application crash or possibly have unspecified other impact by leveragi...

chromium-browser: sandbox escape in ppapi

The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote attackers to bypass a sandbox protection mechanism via an unexpected message type, related to...

The vulnerability of Google Chrome browser allows a remote attacker to execute arbitrary code.

The vulnerability of Google Chrome exists due to improper interaction between the IPC component, the Gamepad API, and Google V8. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of Google Chrome browser allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability exists in Google Chrome due to improper interaction between extensions, IPC, sync APIs, and Google V8. Exploiting this vulnerability allows malicious actors to execute arbitrary code remotely...

Ubuntu 14.04 LTS : Linux kernel (Wily HWE) vulnerabilities (USN-3017-3)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3017-3 advisory. USN-3017-1 fixed vulnerabilities in the Linux kernel for Ubuntu 15.10. This update provides the corresponding updates for the Linux Hardware Enablement H...

Ubuntu 14.04 LTS : Linux kernel (Vivid HWE) vulnerabilities (USN-3020-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3020-1 advisory. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3016-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3016-1 advisory. Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility...

USN-3016-3: Linux kernel (Qualcomm Snapdragon) vulnerabilities

Jesse Hertz and Tim Newsham discovered that the Linux netfilter implementation did not correctly perform validation when handling 32 bit compatibility IPTSOSETREPLACE events on 64 bit platforms. A local unprivileged attacker could use this to cause a denial of service system crash or execute...

The vulnerability of the Android operating system, which allows a hacker to increase their privileges

The vulnerability in the libs/binder/IPCThreadState.cpp function of the Android operating system’s Binder component exists due to incorrect references to objects. Exploiting this vulnerability can allow a malicious actor, operating remotely, to increase their privileges through a specially create...

The vulnerability of the iOS operating system allows attackers to bypass event handlers and modify events of arbitrary applications.

The vulnerability of the XPC Services software interface in the LaunchServices component of the iOS operating system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass event handler restrictions and modify events of arbitrary application...

samba: Smb signing not required by default when smb client connection is used for ipc usage

It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client...

samba: Smb signing not required by default when smb client connection is used for ipc usage

It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client...

samba: Smb signing not required by default when smb client connection is used for ipc usage

It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client...

samba: Smb signing not required by default when smb client connection is used for ipc usage

It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client...

RHEL 6 / 7 : ISC DHCP Concurrent TCP Sessions DoS

RedHat Enterprise Linux 6 / 7 is affected by a denial of service vulnerability in the bundled ISC DHCP server due to a failure to properly restrict the number of concurrent TCP sessions to the ports the server uses for inter-process communications and control. An unauthenticated, remote attacker...

Fedora 23 : kdelibs3-3.5.10-71.fc23 (2015-6e50918d8e)

Security fix for CVE-2015-7543 in kdelibs3 the KDE 3 compatibility version of kdelibs: A temporary directory was being created insecurely using mktemp and mkdir, allowing an attacker to hijack the temporary directory and thus the inter-process communication IPC. This update fixes the temporary...

Fedora 22 : kdelibs3-3.5.10-71.fc22 (2015-2f4b92ed2e)

Security fix for CVE-2015-7543 in kdelibs3 the KDE 3 compatibility version of kdelibs: A temporary directory was being created insecurely using mktemp and mkdir, allowing an attacker to hijack the temporary directory and thus the inter-process communication IPC. This update fixes the temporary...