1370 matches found
CVE-2017-1283
IBM WebSphere MQ 8.0 and 9.0 is affected by CVE-2017-1283 due to a shared memory leak caused by MQ applications using dynamic queues. An authenticated user can trigger the leak, potentially exhausting resources for other MQ applications. Affected versions include IBM MQ 8.0.0.0–8.0.0.6 and 9.0.0....
CVE-2017-1087
In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user th...
Privilege escalation
In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user th...
CVE-2017-1087
In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user th...
CVE-2017-1087
CVE-2017-1087 affects FreeBSD 10.x where named POSIX shared memory objects are globally scoped across jails and host. According to sources, a process in one jail can read/modify shared memory created by another jail or host, enabling malicious content injection into memory regions trusted by appl...
CVE-2017-1087
In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user th...
CVE-2017-1087
Removed by vendor...
FreeBSD-SA-17:09.shm
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-17:09.shm Security Advisory The FreeBSD Project Topic: POSIX shm allows jails to access global namespace Category: core Module: shm Announced: 2017-11-15...
FreeBSD -- POSIX shm allows jails to access global namespace
Problem Description: Named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. Impact: A malicious user that has access to a jailed system is able to abuse shared...
Ubuntu 14.04 LTS / 16.04 LTS : X.Org X server vulnerabilities (USN-3453-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3453-1 advisory. Michal Srb discovered that the X.Org X server incorrectly handled shared memory segments. An attacker able to connect to an X server, either...
USN-3453-1: X.Org X server vulnerabilities
Michal Srb discovered that the X.Org X server incorrectly handled shared memory segments. An attacker able to connect to an X server, either locally or remotely, could use this issue to crash the server, or possibly replace shared memory segments of other X clients in the same session...
USN-3453-1 xorg-server, xorg-server-hwe-16.04, xorg-server-lts-xenial vulnerabilities
Michal Srb discovered that the X.Org X server incorrectly handled shared memory segments. An attacker able to connect to an X server, either locally or remotely, could use this issue to crash the server, or possibly replace shared memory segments of other X clients in the same session...
CVE-2017-13721
In X.Org Server aka xserver and xorg-server before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session...
ALPINE-CVE-2017-13721
In X.Org Server aka xserver and xorg-server before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session...
CVE-2017-13721
In X.Org Server aka xserver and xorg-server before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session...
DEBIAN-CVE-2017-13721
In X.Org Server aka xserver and xorg-server before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session...
CVE-2017-13721
In X.Org Server aka xserver and xorg-server before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session...
Session fixation
In X.Org Server aka xserver and xorg-server before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session...
CVE-2017-13721
In X.Org Server aka xserver and xorg-server before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session...
CVE-2017-13721
In X.Org Server aka xserver and xorg-server before 1.19.4, an attacker authenticated to an X server with the X shared memory extension enabled can cause aborts of the X server or replace shared memory segments of other X clients in the same session...