CVE-2020-8488 ABB System 800xA Inter process communication vulnerability - 800xA Batch Management

Insufficient protection of the inter-process communication functions in ABB System 800xA Batch Management all published versions enables an attacker authenticated on the local system to inject data, affecting User Interface update during batch execution and/or compare/printing functionalities...

CVE-2020-8487

CVE-2020-8487 affects ABB System 800xA Base. The issue is insufficient protection of inter-process communication, allowing an attacker authenticated on the local system to inject data and affect node redundancy handling. Affected products include System 800xA Base (all published versions). Impact...

CVE-2020-8486 ABB System 800xA Inter process communication vulnerability - 800xA RNRP

Insufficient protection of the inter-process communication functions in ABB System 800xA RNRP all published versions enables an attacker authenticated on the local system to inject data, affect node redundancy handling...

CVE-2020-8486

The CVE-2020-8486 entry concerns ABB System 800xA RNRP (and related 800xA components) with insufficient protection of inter-process communication. The vulnerability arises from weak access control in IPC objects exchanged between System 800xA processes on the same machine, allowing an authenticat...

CVE-2020-8485

CVE-2020-8485 affects ABB System 800xA MOD 300; the inter-process communication protections are insufficient, allowing a locally authenticated attacker to inject data and enable reads/writes to controllers or crash Windows processes. Affected: System 800xA MOD 300 (all published versions). Impact...

CVE-2020-8485 ABB System 800xA Inter process communication vulnerability - 800xA for Mod 300

Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 all published versions enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash...

CVE-2020-8484 ABB System 800xA Inter process communication vulnerability - 800xA for DCI

Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI all published versions enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash...

CVE-2020-8484

ABB System 800xA for DCI contains an inter-process communication protection weakness that allows an authenticated local attacker to inject data, enabling reads/writes to controllers or causing Windows processes to crash. Affected products include System 800xA for DCI (all published versions). CVS...

CVE-2020-8478

The CVE-2020-8478 issue affects ABB System 800xA components (OPC Server for AC 800M, MMS Server for AC 800M, and Base Software for SoftControl) where weak inter-process communication access controls allow an authenticated local attacker to inject data and tamper the online runtime data view in Co...

Escaping the Chrome Sandbox with RIDL

Guest blog post by Stephen Röttger tl;dr: Vulnerabilities that leak cross process memory can be exploited to escape the Chrome sandbox. An attacker is still required to compromise the renderer prior to mounting this attack. To protect against attacks on affected CPUs make sure your microcode is u...

CVE-2019-16152

A Denial of service DoS vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not been correctly...

CVE-2019-15711

A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLogs" type IPC client requests to the fctsched process...

PT-2020-6222 · Pacemaker +7 · Pacemaker +7

Name of the Vulnerable Software and Affected Versions: Pacemaker versions prior to 1.1.24-rc1 Pacemaker versions prior to 2.0.5-rc2 Description: The issue is related to an ACL bypass flaw in Pacemaker, which could allow an attacker with a local account on the cluster and in the haclient group to...

Buffer overflow vulnerability in multiple Huawei products (CNVD-2020-36733)

Huawei AP2000 and others are products of Huawei, China.Huawei AP2000 is a wireless access point device.Huawei IPS Module is an intrusion prevention system IPS module.NGFW Module is a next-generation firewall NGFW module. A buffer error vulnerability exists in multiple Huawei products that arises...

CVE-2019-5254

Certain Huawei products AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981 have an out-of-bounds read vulnerability. An attacker who logs in to the board...

CVE-2019-5258

Certain Huawei products AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981 have a buffer overflow vulnerability. An attacker who logs in to the board may...

CVE-2019-5258

Certain Huawei products AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981 have a buffer overflow vulnerability. An attacker who logs in to the board may...

Buffer overflow

Certain Huawei products AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981 have a buffer overflow vulnerability. An attacker who logs in to the board may...

CVE-2019-5254

Certain Huawei products AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981 have an out-of-bounds read vulnerability. An attacker who logs in to the board...

CVE-2019-12410

While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory...