Lucene search
K

103 matches found

NVD
NVD
added 2024/12/02 11:15 a.m.17 views

CVE-2024-33037

Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesnt validate the IPC message received from the firmware...

6.1CVSS0.001EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/02 10:18 a.m.23 views

CVE-2024-33037 Buffer Over-read in Neural Processing Unit

Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesnt validate the IPC message received from the firmware...

6.1CVSS0.001EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/02 10:18 a.m.16 views

CVE-2024-33037 Buffer Over-read in Neural Processing Unit

Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesnt validate the IPC message received from the firmware...

6.1CVSS6.8AI score0.001EPSS
Exploits0References1
CVE
CVE
added 2024/12/02 10:18 a.m.53 views

CVE-2024-33037

CVE-2024-33037 describes information disclosure in Qualcomm NPU stack: the NPU firmware can send an invalid IPC message to the NPU driver, and the driver does not validate the IPC message, enabling potential disclosure of sensitive information. Documents consistently identify the root cause as un...

6.1CVSS6.2AI score0.001EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2024/03/05 4:49 a.m.4 views

SUSE CVE-2021-47069

In the Linux kernel, the following vulnerability has been resolved: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry domqtimedreceive calls wqsleep with a stack local address. The sender domqtimedsend uses this address to later call pipelinedsend. This leads to a very hard...

4.7CVSS7.5AI score0.00258EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2023/10/20 12:0 a.m.23 views

Ubuntu 16.04 LTS / 18.04 LTS : Firefox vulnerability (USN-4032-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4032-1 advisory. It was discovered that a sandboxed child process could open arbitrary web content in the parent process via the Prompt:Open IPC message. When combined...

10CVSS9AI score0.55874EPSS
Exploits10References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:58 a.m.7 views

SUSE CVE-2016-7549

Google Chrome before 53.0.2785.113 does not ensure that the recipient of a certain IPC message is a valid RenderFrame or RenderWidget, which allows remote attackers to cause a denial of service invalid pointer dereference and application crash or possibly have unspecified other impact by leveragi...

8.8CVSS7.3AI score0.01074EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:46 a.m.4 views

SUSE CVE-2017-7875

In wallpaper.c in feh before v2.18.3, if a malicious client pretends to be the E17 window manager, it is possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double free...

9.8CVSS7.5AI score0.02266EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/06/13 9:5 p.m.7 views

CVE-2022-29247 Exposure of Resource to Wrong Sphere in Electron

Electron is a framework for writing cross-platform desktop applications using JavaScript JS, HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with nodeIntegrationInSubFrames...

2.2CVSS9.4AI score0.00976EPSS
Exploits0References1
NVD
NVD
added 2021/09/17 10:15 p.m.15 views

CVE-2021-41392

static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal Electron API...

9.8CVSS0.02676EPSS
Exploits1References1
OSV
OSV
added 2021/09/17 10:15 p.m.16 views

CVE-2021-41392

static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal Electron API...

9.8CVSS7.1AI score
Exploits0References1
Prion
Prion
added 2021/09/17 10:15 p.m.17 views

Command injection

static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal Electron API...

7.5CVSS9.4AI score0.02676EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/09/17 9:24 p.m.52 views

CVE-2021-41392

Boost Note

9.8CVSS9.4AI score0.02676EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2021/03/11 10:15 p.m.18 views

Design/Logic Flaw

DISPUTED Camunda Modeler aka camunda-modeler through 4.6.0 allows arbitrary file access. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which manipulates the readFile and writeFile APIs. NOTE: the vendor states "The way we secured the app is...

6.4CVSS9.1AI score0.01481EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2021/03/11 12:15 a.m.18 views

Command injection

Clipper before 1.0.5 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API...

7.5CVSS9.4AI score0.05169EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2021/03/09 11:15 p.m.36 views

CVE-2021-28119

Twinkle Tray aka twinkle-tray through 1.13.3 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API...

9.8CVSS0.03578EPSS
Exploits1References1
Prion
Prion
added 2021/03/09 11:15 p.m.17 views

Command injection

Twinkle Tray aka twinkle-tray through 1.13.3 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API...

7.5CVSS9.4AI score0.03578EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/03/09 10:14 p.m.59 views

CVE-2021-28119

Twinkle Tray (twinkle-tray) up to version 1.13.3 is affected. A remote attacker can trigger remote command execution by sending a crafted IPC message to the exposed ipcRenderer IPC interface, which invokes the dangerous openExternal API. The issue is documented across multiple sources (NVD, Red H...

9.8CVSS9.5AI score0.03578EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2021/02/17 5:15 p.m.25 views

CVE-2021-1366

A vulnerability in the interprocess communication IPC channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture HostScan Module is installed on the AnyConnect client. This...

7.8CVSS0.01253EPSS
Exploits1References1
OSV
OSV
added 2020/08/17 6:15 p.m.3 views

CVE-2020-3433

A vulnerability in the interprocess communication IPC channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows...

7.8CVSS7.3AI score0.10049EPSS
Exploits5References3
Rows per page
Query Builder