550 matches found
SUSE CVE-2013-2874
Google Chrome before 28.0.1500.71 on Windows, when an Nvidia GPU is used, allows remote attackers to bypass intended restrictions on access to screen data via vectors involving IPC transmission of GL textures...
SUSE CVE-2014-3188
Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors involving JSON data, related to improper parsing of an escaped index by ParseJsonObject in...
SUSE CVE-2015-1295
Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/printwebviewhelper.cc in Google Chrome before 45.0.2454.85 allow user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact by triggering nested IPC...
SUSE CVE-2019-9799
Insufficient bounds checking of data during inter-process communication might allow a compromised content process to be able to read memory from the parent process under certain conditions. This vulnerability affects Firefox 66...
SUSE CVE-2020-5963
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the Inter Process Communication APIs, in which improper access control may lead to code execution, denial of service, or information disclosure...
SUSE CVE-2020-25654
An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration...
SUSE CVE-2023-0412
TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file...
Qualcomm IPC 安全漏洞
Qualcomm IPC is a Qualcomm Incorporated support component used in chips. A security vulnerability exists in Qualcomm IPC that originates from memory corruption due to improper access control in Qualcomm IPC...
PT-2023-8970 · Qualcomm · Qualcomm
Name of the Vulnerable Software and Affected Versions: Qualcomm affected versions not specified Description: The issue is related to a buffer overflow in the memory of Qualcomm's embedded platform software, which can be exploited to execute arbitrary code. It is also described as memory corruptio...
PT-2023-16250 · Wireshark +3 · Wireshark +3
Name of the Vulnerable Software and Affected Versions: Wireshark versions 3.6.0 through 3.6.10 Wireshark versions 4.0.0 through 4.0.2 Description: The issue is related to a crash in the TIPC dissector of Wireshark, which can be triggered by packet injection or a crafted capture file, leading to a...
Microsoft Windows ALPC 安全漏洞
Microsoft Windows ALPC is an inter-process communication tool for high-speed messaging from Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows ALPC. An attacker can exploit the vulnerability to elevate privileges...
USN-5790-1 linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
It was discovered that the BPF verifier in the Linux kernel did not properly handle internal data structures. A local attacker could use this to expose sensitive information kernel memory. CVE-2021-4159 It was discovered that a race condition existed in the Android Binder IPC subsystem in the Lin...
CVE-2022-46314
The IPC module has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability...
D-BUS 安全漏洞
D-BUS is a message bus system, which is mainly used for inter-process communication and remote procedure calls. A security vulnerability exists in D-BUS versions prior to 1.12.24-0+deb11u1, which stems from the inclusion of multiple vulnerabilities in D-Bus that can be exploited by an attacker to...
Google Releases Urgent Chrome Update to Patch New Zero-Day Vulnerability
Google on Friday shipped emergency fixes to address a security vulnerability in the Chrome web browser that it said is being actively exploited in the wild. The issue, assigned the identifier CVE-2022-3075, concerns a case of insufficient data validation in Mojo, which refers to a collection of...
Electron 输入验证错误漏洞
Electron is a personal developer of a user to write cross-platform desktop application JavaScript framework. The framework is based on nodejs and Chromium can use HTML, CSS to achieve cross-platform desktop application writing. An input validation error vulnerability exists in Electron versions...
kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks
A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from th...
kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks
A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from th...
kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS
A stack overflow flaw was found in the Linux kernel’s TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges...
USN-5377-1: Linux kernel (BlueField) vulnerabilities
It was discovered that the network traffic control implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-1055 Yiqi Sun and Kevin Wang discovered that the...