528 matches found
Mozilla: Use-after-free in WebGPU IPC Framework
An unexpected message in the WebGPU IPC framework could lead to an exploitable sandbox escape and a use-after-free issue. An attacker with enough privileges could exploit this flaw leading to a complete system compromise...
CVE-2022-24505
Windows ALPC Elevation of Privilege Vulnerability...
Microsoft Windows ALPC 权限许可和访问控制问题漏洞
Microsoft Windows ALPC is a C/S model technology developed by Microsoft to replace LPC for native RPC. Microsoft Windows ALPC has an elevation of privilege vulnerability that can be exploited to gain elevated privileges on the system...
Mozilla Firefox 资源管理错误漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A resource management error vulnerability exists in Mozilla Firefox versions prior to 97, which stems from a post-release usage error when processing messages in the WebGPU IPC framework. An attacker...
CRI-O 安全漏洞
cri-o is a lightweight container runtime environment for the Kubernetes system. CRI-O suffers from a security vulnerability that can be exploited by an attacker to be able to create a pod with the hostIPC and hostNetwork kernel namespaces...
PT-2021-8042 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.17-rc1 Description: The issue is related to an information leak flaw in the Linux kernel's TIPC protocol subsystem. This flaw occurs due to uninitialized memory when a user sends a TIPC datagram to one or more...
PT-2021-24229 · Avast · Avast Antivirus
Name of the Vulnerable Software and Affected Versions: Avast Antivirus versions prior to 20.4 Description: A privilege escalation issue in the Sandbox component allows local sandboxed code to gain elevated privileges by using system IPC interfaces, potentially leading to the acquisition of SYSTEM...
PT-2021-7581 · Apple · Apple Macos
Name of the Vulnerable Software and Affected Versions: macOS versions prior to 12.4 Description: The issue is related to a sandboxed process that may be able to circumvent sandbox restrictions. This is due to insufficient access control when handling XPC messages in the LaunchServices service of...
Important: kernel-livepatch-5.10.62-55.141
Issue Overview: A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access t...
CVE-2021-44680
An issue 4 of 6 was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization...
CVE-2021-44678
An issue 2 of 6 was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization...
CVE-2021-44677
An issue 1 of 6 was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization...
Veritas Enterprise Vault 代码问题漏洞
Veritas Enterprise Vault is an enterprise-class file protection, archive automation software from Veritas, Inc. A security vulnerability exists in Veritas Enterprise Vault 14.1.2 and prior versions, where Enterprise Vault applications start multiple services that listen on NET Remoting TCP port t...
kernel: Insufficient validation of user-supplied sizes for the MSG_CRYPTO message type
A flaw was discovered in the cryptographic receive code in the Linux kernel's implementation of transparent interprocess communication. An attacker, with the ability to send TIPC messages to the target, can corrupt memory and escalate privileges on the target system...
kernel: Insufficient validation of user-supplied sizes for the MSG_CRYPTO message type
A flaw was discovered in the cryptographic receive code in the Linux kernel's implementation of transparent interprocess communication. An attacker, with the ability to send TIPC messages to the target, can corrupt memory and escalate privileges on the target system...
kernel: Insufficient validation of user-supplied sizes for the MSG_CRYPTO message type
A flaw was discovered in the cryptographic receive code in the Linux kernel's implementation of transparent interprocess communication. An attacker, with the ability to send TIPC messages to the target, can corrupt memory and escalate privileges on the target system...
kernel: Insufficient validation of user-supplied sizes for the MSG_CRYPTO message type
A flaw was discovered in the cryptographic receive code in the Linux kernel's implementation of transparent interprocess communication. An attacker, with the ability to send TIPC messages to the target, can corrupt memory and escalate privileges on the target system...
kernel: Insufficient validation of user-supplied sizes for the MSG_CRYPTO message type
A flaw was discovered in the cryptographic receive code in the Linux kernel's implementation of transparent interprocess communication. An attacker, with the ability to send TIPC messages to the target, can corrupt memory and escalate privileges on the target system...
kernel: Insufficient validation of user-supplied sizes for the MSG_CRYPTO message type
A flaw was discovered in the cryptographic receive code in the Linux kernel's implementation of transparent interprocess communication. An attacker, with the ability to send TIPC messages to the target, can corrupt memory and escalate privileges on the target system...
kernel: Insufficient validation of user-supplied sizes for the MSG_CRYPTO message type
A flaw was discovered in the cryptographic receive code in the Linux kernel's implementation of transparent interprocess communication. An attacker, with the ability to send TIPC messages to the target, can corrupt memory and escalate privileges on the target system...