DEBIAN-CVE-2020-29074

scan.c in x11vnc 0.9.16 uses IPCCREAT|0777 in shmget calls, which allows access by actors other than the current user...

UBUNTU-CVE-2020-29074

scan.c in x11vnc 0.9.16 uses IPCCREAT|0777 in shmget calls, which allows access by actors other than the current user...

Libvnc X11vnc Security Vulnerabilities

Libvnc X11vnc is a software for Unix platforms used to connect to remote desktops by the Libvnc community. A security vulnerability exists in x11vnc version 0.9.16, which stems from scan.c's use of IPC CREAT|0777 in the shmget call, which allows access by participants other than the current user...

x11vnc -- access to shared memory segments

[email protected] reports: scan.c in x11vnc 0.9.16 uses IPCCREAT|0777 in shmget calls, which allows access by actors other than the current user...

Security Bulletin: Multiple vulnerabilities in Db2 affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise

Summary IBM® Db2® shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise is vulnerable to information disclosure. Vulnerabilities have been identified in IBM Db2 and information about their fixes are published in a security bulletin. Vulnerability Details CVEID: CVE-2020-4387...

Linux: sysctl kernel.shmmax

This parameter defines the maximum size in bytes of a single shared memory segment that a Linux process can allocate in its virtual address space. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

Linux: sysctl kernel.shmall

This parameter sets the total amount of shared memory pages that can be used system wide. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Huawei EulerOS: Security Advisory for mesa (EulerOS-SA-2020-2415)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for mesa (EulerOS-SA-2020-2433)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux: noexec option on /dev/shm

The noexec mount option specifies that the filesystem cannot contain executable binaries. Setting this option on a file system prevents users from executing programs from shared memory. This deters users from introducing potentially malicious software on the system. SPDX-FileCopyrightText: 2020...

EulerOS 2.0 SP9 : mesa (EulerOS-SA-2020-2433)

According to the version of the mesa package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the...

EulerOS 2.0 SP9 : mesa (EulerOS-SA-2020-2415)

According to the version of the mesa package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the...

Security Bulletin: Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9.

Summary IBM DB2 is shipped with IBM License Metric Tool. Information about a security vulnerabilities affecting IBM DB2 has been published in a security bulletin. Vulnerability Details CVEID: CVE-2020-4386 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10....

CVE-2020-14375

A flaw was found in dpdk. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhostcrypto has validated it. The highest threat from this vulnerabilit...

CVE-2020-3622

u'Channel name string which has been read from shared memory is potentially subjected to string manipulations but not validated for NULL termination can results into memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity,...

CVE-2020-3620

u'Lack of check of integer overflow while doing a round up operation for data read from shared memory for G-link SMEM transport can lead to corruption and potential information leak' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity,...

CVE-2020-3621

u'Lack of check to ensure that the TX read index & RX write index that are read from shared memory are less than the FIFO size results into memory corruption and potential information leakage' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics...

Memory corruption

u'Lack of check to ensure that the TX read index & RX write index that are read from shared memory are less than the FIFO size results into memory corruption and potential information leakage' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics...

Design/Logic Flaw

u'Channel name string which has been read from shared memory is potentially subjected to string manipulations but not validated for NULL termination can results into memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity,...

Memory corruption

u'Lack of check that the current received data fragment size of a particular packet that are read from shared memory are less than the actual packet size can lead to memory corruption and potential information leakage' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon...