Cisco AnyConnect Secure Mobility Client for Windows Denial of Service Vulnerability

The Cisco AnyConnect Secure Mobility Client is a virtual private network VPN client for a variety of operating systems and hardware configurations. A denial of service vulnerability exists in the interprocess communication IPC channel in Cisco AnyConnect Secure Mobility Client for Windows 4.9.000...

Cisco AnyConnect Secure Mobility Client for Windows Profile Modification Vulnerability

A vulnerability in the interprocess communication IPC channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to overwrite VPN profiles on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on th...

PT-2020-4217 · Cisco · Cisco Anyconnect Secure Mobility Client

Name of the Vulnerable Software and Affected Versions: Cisco AnyConnect Secure Mobility Client for Windows affected versions not specified Description: A vulnerability in the interprocess communication IPC channel could allow an authenticated, local attacker to perform a DLL hijacking attack. The...

CVE-2020-15592

SteelCentral Aternity Agent before 11.0.0.120 on Windows allows Privilege Escalation via a crafted file. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes...

CVE-2020-3974

VMware Fusion 11.x before 11.5.5, VMware Remote Console for Mac 11.x and prior before 11.2.0 and Horizon Client for Mac 5.x and prior before 5.4.3 contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with...

USN-4404-2 linux kernel vulnerabilities

USN-4404-1 fixed vulnerabilities in the NVIDIA graphics drivers. This update provides the corresponding updates for the NVIDIA Linux DKMS kernel modules. Original advisory details: Thomas E. Carroll discovered that the NVIDIA Cuda grpahics driver did not properly perform access control when...

Open-Xchange: reading the stack data of the imap process

in dovecot / core in the imap-client-hibernate.c file in the imaphibernatehandshake function, lines 31..39 contain vulnerable code: cpp else if ret = readfd, buf, sizeofbuf-1 0 && bufret-1 == '\n' bufret-1 = '\0'; if versionstringverifybuf, "imap-hibernate", 1 return 0; ierror"%s sent invalid...

CVE-2016-5346

An Information Disclosure vulnerability exists in the Google Pixel/Pixel SL Qualcomm Avtimer Driver due to a NULL pointer dereference when processing an accept system call by the user process on AFMSMIPC sockets, which could let a local malicious user obtain sensitive information Android Bug ID...

Fortinet FortiClient Denial of Service Vulnerability (CNVD-2019-41687)

Fortinet FortiClient is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. A security vulnerability exists in Fortinet FortiClient...

Fortinet FortiClient Denial of Service Vulnerability

Fortinet FortiClient is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. A security vulnerability exists in Fortinet FortiClient...

libqb: Insecure treatment of IPC (temporary) files

libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames under /dev/shm and /tmp without OEXCL...

CVE-2019-16897

In K7 Antivirus Premium 16.0.xxx through 16.0.0120; K7 Total Security 16.0.xxx through 16.0.0120; and K7 Ultimate Security 16.0.xxx through 16.0.0120, the module K7TSHlpr.dll improperly validates the administrative privileges of the user, allowing arbitrary registry writes in the K7AVOptn.dll...

ALPINE-CVE-2019-11708

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing...

USN-4045-1 thunderbird vulnerabilities

A type confusion bug was discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could exploit this by causing a denial of service, or executing arbirary code. CVE-2019-11707 It was discovered that a sandboxed child process...

Mozilla: Sandbox escape using Prompt:Open

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing...

Mozilla: Sandbox escape using Prompt:Open

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing...

CVE-2019-12936

BlueStacks App Player 2, 3, and 4 before 4.90 allows DNS Rebinding for attacks on exposed IPC functions...

DEBIAN-CVE-2018-16877

A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation...

DEBIAN-CVE-2018-12365

A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird 60, Thunderbird 52.9, Firefox ESR 60.1, Firefox...

DEBIAN-CVE-2016-7035

An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain roo...