528 matches found
UBUNTU-CVE-2016-7035
An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain roo...
CVE-2016-1443
The virtual network stack on Cisco AMP Threat Grid Appliance devices before 2.1.1 allows remote attackers to bypass a sandbox protection mechanism, and consequently obtain sensitive interprocess information or modify interprocess data, via a crafted malware sample...
CVE-2016-1443
The virtual network stack on Cisco AMP Threat Grid Appliance devices before 2.1.1 allows remote attackers to bypass a sandbox protection mechanism, and consequently obtain sensitive interprocess information or modify interprocess data, via a crafted malware sample...
Design/Logic Flaw
The virtual network stack on Cisco AMP Threat Grid Appliance devices before 2.1.1 allows remote attackers to bypass a sandbox protection mechanism, and consequently obtain sensitive interprocess information or modify interprocess data, via a crafted malware sample...
CVE-2016-1443
CVE-2016-1443 affects Cisco AMP Threat Grid Appliance before 2.1.1. The vulnerability lies in the virtual network stack, allowing an unauthenticated remote attacker to bypass sandboxing via a crafted malware sample and to obtain or modify interprocess data. Cisco’s advisory confirms exploitation ...
DEBIAN-CVE-2016-2057
lib/xymondipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions 666 for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue...
samba: Smb signing not required by default when smb client connection is used for ipc usage
It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client...
samba: Smb signing not required by default when smb client connection is used for ipc usage
It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client...
Android System V IPC Denial of Service Vulnerability
Android is a cell phone operating system based on the Linux open kernel. A security vulnerability exists in the implementation of System V IPC in version 6.0 of Android prior to 2016-01-01. A remote attacker exploiting this vulnerability could cause a denial of service attack...
Cisco AnyConnect Secure Mobility Client Arbitrary File Move Vulnerability
A vulnerability in interprocess communication IPC channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to move arbitrary files with elevated privileges. The vulnerability is due to missing source path validation in certain IPC commands. An attacker could...
USN-2764-1 linux-lts-utopic vulnerability
Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service system crash...
USN-2761-1 linux vulnerability
Dmitry Vyukov discovered that the Linux kernel did not properly initialize IPC object state in certain situations. A local attacker could use this to escalate their privileges, expose confidential information, or cause a denial of service system crash...
UBUNTU-CVE-2015-7613
Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipcaddid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c...
Apple OS X 'blued' buffer overflow vulnerability
Apple OS X is a BSD-based operating system distributed by Apple. A buffer overflow vulnerability exists in 'blued' when Apple OS X handles XPC messages, which allows a local user to exploit the vulnerability to execute arbitrary code...
[SECURITY] Fedora 21 Update: uwsgi-2.0.11.1-1.fc21
uWSGI is a fast pure C, self-healing, developer/sysadmin-friendly application container server. Born as a WSGI-only server, over time it has evolved in a complete stack for networked/clustered web applications, implementing message/object passing, caching, RPC and process management. It uses the...
CVE-2015-3718
systemstatsd in the System Stats subsystem in Apple OS X before 10.10.4 does not properly interpret data types encountered in interprocess communication, which allows attackers to execute arbitrary code with systemstatsd privileges via a crafted app, related to a "type confusion" issue...
Type confusion
systemstatsd in the System Stats subsystem in Apple OS X before 10.10.4 does not properly interpret data types encountered in interprocess communication, which allows attackers to execute arbitrary code with systemstatsd privileges via a crafted app, related to a "type confusion" issue...
CVE-2015-3718
systemstatsd in the System Stats subsystem in Apple OS X before 10.10.4 does not properly interpret data types encountered in interprocess communication, which allows attackers to execute arbitrary code with systemstatsd privileges via a crafted app, related to a "type confusion" issue...
Apple MAC OS X XPC entitlements elevation of privilege vulnerability
Apple Mac OS X is a commercial operating system. Apple Mac OS X checks for a security vulnerability in XPC entitlements, which allows attackers to exploit the vulnerability to gain administrative privileges without authentication...
Cisco AnyConnect Secure Mobility Client Hostscan Path Traversal Vulnerability
The Cisco AnyConnect Secure Mobility Client is Cisco's next-generation VPN client. A security vulnerability exists in the Interprocess Communication IPC of the Cisco AnyConnect Secure Mobility Client Hostscan module, which allows a local attacker to write and overwrite arbitrary files with elevat...