CVE-2025-48907

CVE-2025-48907 is a deserialization vulnerability in Huawei HarmonyOS IPC module. The issue stems from unsafe deserialization of data received by an application, with impact noted as availability loss (CVSSv3.1: AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, base score 6.2). Connected sources confirm Harmo...

PT-2025-24026 · Huawei · Harmonyos

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A deserialization vulnerability exists in the IPC module. Successful exploitation of this issue may affect availability. Recommendations: At the moment, there is no information about a newer...

CVE-2024-25391

A stack buffer overflow occurs in libc/posix/ipc/mqueue.c in RT-Thread through 5.0.2...

CVE-2024-32930

In pluginipchandler of slcplugin.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure of 4 bytes of stack memory with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-35222

Tauri is a framework for building binaries for all major desktop platforms. Remote origin iFrames in Tauri applications can access the Tauri IPC endpoints without being explicitly allowed in the dangerousRemoteDomainIpcAccess in v1 and in the capabilities in v2. Valid commands with potentially...

CVE-2024-33030

Memory corruption while parsing IPC frequency table parameters for LPLH that has size greater than expected size...

CVE-2024-33037

Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesnt validate the IPC message received from the firmware...

CVE-2023-28554

Information Disclosure in Qualcomm IPC while reading values from shared memory in VM...

CVE-2023-21451

A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRIL prior to Android S12 allows attacker to cause memory corruptions...

CVE-2023-1862

Cloudflare WARP client for Windows up to v2023.3.381.0 allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining...

CVE-2023-51438

A vulnerability has been identified in SIMATIC IPC1047E All versions with maxView Storage Manager V4.14.00.26068 on Windows, SIMATIC IPC647E All versions with maxView Storage Manager V4.14.00.26068 on Windows, SIMATIC IPC847E All versions with maxView Storage Manager V4.14.00.26068 on Windows. In...

CVE-2022-33301

Memory corruption due to incorrect type conversion or cast in audio while using audio playback/capture when crafted address is sent from AGM IPC to AGM...

CVE-2021-28134

Clipper before 1.0.5 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API...

CVE-2020-26272

The Electron framework lets users write cross-platform desktop applications using JavaScript, HTML and CSS. In versions of Electron IPC prior to 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9, messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame,...

CVE-2019-17652

A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to cause FortiClient processes running under root priviledge crashes via sending specially crafted "StartAvCustomScan" type IPC client requests to the fctsched process due the argv...

CVE-2019-16152

A Denial of service DoS vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not been correctly...

CVE-2017-1000122

The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service release assertion of the UI process. This vulnerability does not affect Apple products...

CVE-2016-11039

An issue was discovered on Samsung mobile devices with KK4.4, L5.0/5.1, and M6.0 AP + CP MDM9x35, or Qualcomm Onechip software. There is a NULL pointer dereference issue in the IPC socket code. The Samsung ID is SVE-2016-5980 July 2016...

AZL-61905 CVE-2025-40907 affecting package perl-FCGI 0.79-4

FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 aka fcgi library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow and resultant heap-based buffer overflow via crafted nameLen or valueLen values in data to the IPC...

CVE-2025-40907

FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 aka fcgi library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow and resultant heap-based buffer overflow via crafted nameLen or valueLen values in data to the IPC...