DEBIAN-CVE-2022-0435

A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges...

Mozilla: Use-after-free in WebGPU IPC Framework

An unexpected message in the WebGPU IPC framework could lead to an exploitable sandbox escape and a use-after-free issue. An attacker with enough privileges could exploit this flaw leading to a complete system compromise...

Mozilla: Use-after-free in WebGPU IPC Framework

An unexpected message in the WebGPU IPC framework could lead to an exploitable sandbox escape and a use-after-free issue. An attacker with enough privileges could exploit this flaw leading to a complete system compromise...

Mozilla: Use-after-free in WebGPU IPC Framework

An unexpected message in the WebGPU IPC framework could lead to an exploitable sandbox escape and a use-after-free issue. An attacker with enough privileges could exploit this flaw leading to a complete system compromise...

Mozilla: Use-after-free in WebGPU IPC Framework

An unexpected message in the WebGPU IPC framework could lead to an exploitable sandbox escape and a use-after-free issue. An attacker with enough privileges could exploit this flaw leading to a complete system compromise...

Researchers Warn of Linux Kernel 'Dirty Pipe' Arbitrary File Overwrite Vulnerability

Linux distributions are in the process of issuing patches to address a newly disclosed security vulnerability in the kernel that could allow an attacker to overwrite arbitrary data into any read-only files and allow for a complete takeover of affected systems. Dubbed "Dirty Pipe" CVE-2022-0847,...

A Definitive Guide to the Remote Procedure Call (RPC) Filter

...

Linux kernel 信息泄露漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from an information disclosure vulnerability that originates in the Linux kernel's TIPC protocol subsystem due to uninitialized memory that sends TIPC...

Linux kernel 缓冲区错误漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel buffer overflow vulnerability, which is caused by a failure of the Transparent Inter-Process Communication TIPC module to properly boundary check. An attacker could exploit the vulnerability...

Iranian state-sponsored APT group MuddyWater targeting organizations via malicious executables

THREAT LEVEL: Red. United States Cyber Command USCYBERCOM has warned of an ongoing cyber attack by Iranian state sponsored actor named as MuddyWater. This APT group is currently targeting Middle Eastern countries and has also targeted European and North American nations. The Iranian-backed...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a security vulnerability that arises from software that commonly accepts and passes resource handles between processes, whereby a compromised content process may confuse a...

CVE-2021-41388

Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections before accepting the connection. Thus any low privileged user can connect and call external methods...

USN-5165-1 linux-oem-5.14 vulnerabilities

It was discovered that the NFC subsystem in the Linux kernel contained a use-after-free vulnerability in its NFC Controller Interface NCI implementation. A local attacker could possibly use this to cause a denial of service system crash or execute arbitrary code. CVE-2021-3760 It was discovered...

Information Disclosure

kernel is vulnerable to information disclosure. The vulnerability exists in the transparent inter-process communication functionality in net/tipc/crypto.c, allowing an attacker to exploit insufficient validation of user-supplied sizes for the MSGCRYPTO message type...

DEBIAN-CVE-2021-43267

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication TIPC functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSGCRYPTO message type...

UBUNTU-CVE-2021-3759

A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from th...

DEBIAN-CVE-2021-21198

Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...

谷歌 Google Chrome 缓冲区错误漏洞

Chrome is a simple and efficiently designed web browsing tool developed by Google. An out-of-bounds read vulnerability exists in IPC in versions prior to Google Chrome 89.0.4389.114. An attacker can exploit this vulnerability to obtain sensitive information...

Xander Frangos twinkle-tray 安全漏洞

Xander Frangos twinkle-tray is an open source application by Xander Frangos. It provides a function to manage the brightness level of multiple monitors. A security vulnerability exists in Xander Frangos twinkle-tray through 1.13.3, which can be exploited by an attacker to potentially send a craft...

IPCDump – Guardicore’s New Open-Source Tool for Linux IPC Inspection

IPCdump allows software based firewall developers, researchers, and linux users to explore the Inter-process-communication IPC channels...