SUSE CVE-2024-0564

A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging KSM, added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page...

SUSE CVE-2011-2183

Race condition in the scangetnextrmapitem function in mm/ksm.c in the Linux kernel before 2.6.39.3, when Kernel SamePage Merging KSM is enabled, allows local users to cause a denial of service NULL pointer dereference or possibly have unspecified other impact via a crafted application...

SUSE CVE-2015-2877

Kernel Samepage Merging KSM in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection CAIN attack. NOTE: the vendor states "Basically ...

PT-2017-4328

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 4.4.0-96.119 and later Description: A flaw in the Linux kernel's memory deduplication mechanism, specifically in the Kernel Samepage Merging KSM component, can create a side channel. This allows an attacker to potentiall...

The vulnerability of the Kernel Samepage Merging (KSM) component in the Linux operating system allows a hacker to influence the confidentiality of information.

The vulnerability of the Linux operating system’s Kernel Samepage Merging KSM component is related to the lack of protection for service data when the ASLR mechanism is used. Exploiting this vulnerability allows a local attacker to partially compromise the confidentiality of information through a...

UBUNTU-CVE-2015-2877

DISPUTED Kernel Samepage Merging KSM in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection CAIN attack. NOTE: the vendor states...

Cross site scripting

DISPUTED Kernel Samepage Merging KSM in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection CAIN attack. NOTE: the vendor states...

DEBIAN-CVE-2015-2877

Kernel Samepage Merging KSM in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection CAIN attack. NOTE: the vendor states "Basically ...

CVE-2015-2877

Kernel Samepage Merging KSM in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection CAIN attack. NOTE: the vendor states "Basically ...

CVE-2015-2877

CVE-2015-2877 affects Kernel Samepage Merging (KSM) in Linux kernels 2.6.32–4.x. The write-timing side channel allows a guest OS user to defeat ASLR on other guest instances via Cross-VM ASL Introspection (CAIN). The entry notes that disabling deduplication mitigates the attack vector. No explici...

CVE-2015-2877

Kernel Samepage Merging KSM in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection CAIN attack. NOTE: the vendor states "Basically ...

PT-2017-1614 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 2.6.32 through 4.x Description: The issue is related to the Kernel Samepage Merging KSM component in the Linux kernel, which does not prevent the use of a write-timing side channel. This allows guest OS users to defeat t...

eTouch SamePage <= 4.4.0.0.239 SQLi Vulnerability - Active Check

eTouch SamePage is prone to a blind SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ETouch Systems SamePage Enterprise Edition SQL Injection Vulnerability

ETouch Systems SamePage Enterprise Edition is an enterprise version of the Wiki WiKi solution for wikis and blogs from ETouch Systems, USA. The solution supports team collaboration, role management and document management. An SQL injection vulnerability exists in ETouch Systems SamePage Enterpris...

ETouch Systems SamePage Enterprise Edition Directory Traversal Vulnerability

ETouch Systems SamePage Enterprise Edition is an enterprise version of the Wiki WiKi solution for wikis and blogs from ETouch Systems, USA. The solution supports team collaboration, role management and document management. A directory traversal vulnerability exists in the cm/newui/blog/export.jsp...

CVE-2015-2071

Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote authenticated users to read arbitrary files via a .. dot dot in the filepath parameter...

CVE-2015-2070

SQL injection vulnerability in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote attackers to execute arbitrary SQL commands via the catId parameter to cm/blogrss/feed...

CVE-2015-2071

Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote authenticated users to read arbitrary files via a .. dot dot in the filepath parameter...

Sql injection

SQL injection vulnerability in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote attackers to execute arbitrary SQL commands via the catId parameter to cm/blogrss/feed...

Directory traversal

Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote authenticated users to read arbitrary files via a .. dot dot in the filepath parameter...