Fortinet FortiClientWindows 安全漏洞

Fortinet FortiClientWindows is a Windows-based mobile endpoint security solution from Fortinet, Inc. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to a FortiGate firewall appliance. A security vulnerability exis...

UBUNTU-CVE-2024-56540

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Prevent recovery invocation during probe and resume Refactor IPC send and receive functions to allow correct handling of operations that should not trigger a recovery process. Expose ivpusendreceiveinternal, which is...

CVE-2024-8272

CVE-2024-8272 affects macOS Universal Audio (UAConnect) and targets the com.uaudio.bsd.helper service. The issue is a missing validation of clients during XPC IPC: the service does not verify code requirements, entitlements, or security flags of connecting clients, enabling unauthorized clients t...

CVE-2024-8272 macOS Universal Audio (UAConnect) <= 2.7.0 - Local Privilege Escalation

The com.uaudio.bsd.helper service, responsible for handling privileged operations, fails to implement critical client validation during XPC inter-process communication IPC. Specifically, the service does not verify the code requirements, entitlements, or security flags of any client attempting to...

PT-2024-38904 · Unknown · Com.Uaudio.Bsd.Helper

Name of the Vulnerable Software and Affected Versions: com.uaudio.bsd.helper service affected versions not specified Description: The issue concerns a lack of proper client validation during XPC inter-process communication IPC in the com.uaudio.bsd.helper service, which handles privileged...

UltiMaker Cura 安全漏洞

UltiMaker Cura is a free, easy-to-use 3D printing software from UltiMaker, Inc. A security vulnerability exists in UltiMaker Cura v5.8.1 and earlier versions, which originates from a local attacker who can execute arbitrary code via the inter-process communication IPC mechanism...

PT-2024-34600 · Ultimaker · Ultimaker Cura

Name of the Vulnerable Software and Affected Versions: UltiMaker Cura versions 4.41 and 5.8.1 and earlier Description: The issue allows a local attacker to execute arbitrary code via the Inter-process communication IPC mechanism between the Cura application and CuraEngine processes, localhost...

PT-2024-26094 · Modem · Modem

Name of the Vulnerable Software and Affected Versions: Modem versions prior to SMR Nov-2024 Release 1 Description: The issue is related to improper input validation in the IpcProtocol of the Modem, allowing local attackers to cause a Denial-of-Service. Recommendations: For versions prior to SMR...

kernel: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry

A flaw was found in the Linux kernel’s IPC system. This flaw allows an attacker to use a specially crafted program to cause a rare race condition, leading to a denial of service...

AgileBits 1Password IPC Protection Bypass (CVE-2024-42219) (macOS)

The version of AgileBits 1Password installed on the remote macOS or Mac OS X host is prior to 8.10.36. It is, therefore, affected by an inter-process communication bypass vulnerability that allows local attackers to exfiltrate vault items. Note that Nessus has not tested for this issue but has...

CVE-2024-42219

1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-process communication validation is insufficient...

CVE-2024-42219

1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-process communication validation is insufficient...

AgileBits 1Password For Mac 安全漏洞

AgileBits 1Password For Mac is a password management software from AgileBits Canada. It is used to store a variety of different passwords. A security vulnerability exists in AgileBits 1Password For Mac prior to version 8.10.36, which stems from insufficient authentication of XPC inter-process...

CVE-2024-42219

1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-process communication validation is insufficient...

PT-2024-29794 · Agilebits · 1Password

Name of the Vulnerable Software and Affected Versions: 1Password versions prior to 8.10.36 for macOS Description: The issue allows local attackers to exfiltrate vault items due to insufficient XPC inter-process communication validation. Recommendations: For versions prior to 8.10.36, update to...

CLSA-2024-1722512538 Fix of 10 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-25744 - x86/sev: Rename memencrypt.c to memencryptamd.c - x86: Introduce ia32enabled - x86/coco: Disable 32-bit emulation by default on TDX and SEV CVE-url: https://ubuntu.com/security/CVE-2024-36016 - tty: ngsm: fix frame reception handling - tty:...

CVE-2020-11639 Insufficient access control on Inter process communication,

An attacker could exploit the vulnerability by injecting garbage data or specially crafted data. Depending on the data injected each process might be affected differently. The process could crash or cause communication issues on the affected node, effectively causing a denial-of-service attack. T...

CVE-2020-11639 Insufficient access control on Inter process communication,

An attacker could exploit the vulnerability by injecting garbage data or specially crafted data. Depending on the data injected each process might be affected differently. The process could crash or cause communication issues on the affected node, effectively causing a denial-of-service attack. T...

DEBIAN-CVE-2024-36041

KSmserver in KDE Plasma Workspace aka plasma-workspace before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the...

kernel: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry

A flaw was found in the Linux kernel’s IPC system. This flaw allows an attacker to use a specially crafted program to cause a rare race condition, leading to a denial of service...