CVE-2026-34464

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, NamedPipeServer::OpenHandler copies the server field from NAMEDPIPEOPENREQ into a fixed WCHAR pipename160 stack buffer using wcscat without verifying null termination. The handler only...

Sandboxie-Plus 安全漏洞

Sandboxie-Plus is a sandbox isolation software developed by Sandboxie-Plus Inc. Versions of Sandboxie-Plus 1.17.2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the use of wcscat to copy the server field in NamedPipeServer::OpenHandler, without verifying the...

CVE-2023-31019

NVIDIA GPU Display Driver for Windows contains a vulnerability in wksServicePlugin.dll, where the driver implementation does not restrict or incorrectly restricts access from the named pipe server to a connecting client, which may lead to potential impersonation to the client's secure context...

EUVD-2023-35356

Malicious code in bioql PyPI...

NVIDIA GPU Display Driver Security Vulnerability

The NVIDIA GPU Display Driver is a driver from NVIDIA Corporation for interactive support of graphics card display modules in operating systems. A security vulnerability exists in NVIDIA GPU Display Driver that originates from a vulnerability contained in wksServicePlugin.dll, where the driver...

CVE-2023-22466

Tokio is a runtime for writing applications with Rust. Starting with version 1.7.0 and prior to versions 1.18.4, 1.20.3, and 1.23.1, when configuring a Windows named pipe server, setting pipemode will reset rejectremoteclients to false. If the application has previously configured...

CVE-2023-22466

Tokio is a runtime for writing applications with Rust. Starting with version 1.7.0 and prior to versions 1.18.4, 1.20.3, and 1.23.1, when configuring a Windows named pipe server, setting pipemode will reset rejectremoteclients to false. If the application has previously configured...

CVE-2023-22466

Tokio (Rust) prior to v1.18.4, v1.20.3, and v1.23.1, and the 1.7.0–1.18.x range, has a Windows named pipe setting bug: when configuring pipe_mode for a named pipe server, reject_remote_clients is reset to false, undoing any prior true setting. This can allow remote clients access to the named pip...

RUSTSEC-2023-0001 reject_remote_clients Configuration corruption

On Windows, configuring a named pipe server with pipemode will force ServerOptions::rejectremoteclients as false. This drops any intended explicit configuration for the rejectremoteclients that may have been set as true previously. The default setting of rejectremoteclients is normally true meani...

CVE-2022-24141

The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to datastateiTopVPNPipeServer on a loop. An attacker that opened a named pipe with the same name can use it to gain the token of another user by listening for connections and abusing ImpersonateNamedPipeClient...