CVE-2018-1410

IBM Notes Diagnostics IBM Client Application Access and IBM Notes could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138709...

CVE-2018-1409

IBM Notes Diagnostics IBM Client Application Access and IBM Notes could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138708...

CVE-2018-1409

The CVE-2018-1409 entry affects IBM Notes Diagnostics, IBM Client Application Access, and IBM Notes on Windows. It describes an elevation-of-privilege flaw where a local attacker could craft a command line via inter-process communication using shared memory to trick the system into executing an a...

CVE-2018-1410

IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) on Windows is affected by CVE-2018-1410. The issue arises when a local attacker crafts a command line sent via inter-process communication over shared memory, which could be tricked into executing an executable chosen by the atta...

CVE-2017-1720

IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully crafting a command line sent via the shared memory IPC. IBM X-Force ID: 134807...

Command injection

IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully crafting a command line sent via the shared memory IPC. IBM X-Force ID: 134807...

CVE-2017-1720

IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully crafting a command line sent via the shared memory IPC. IBM X-Force ID: 134807...

[SECURITY] Fedora 27 Update: tomcat-native-1.2.16-1.fc27

Tomcat can use the Apache Portable Runtime to provide superior scalability, performance, and better integration with native server technologies. The Apache Portable Runtime is a highly portable library that is at the heart of Apache HTTP Server 2.x. APR has many uses, including access to advanced...

Ubuntu 14.04 LTS / 16.04 LTS : OpenSSH vulnerabilities (USN-3538-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3538-1 advisory. Jann Horn discovered that OpenSSH incorrectly loaded PKCS11 modules from untrusted directories. A remote attacker could possibly use this iss...

Apache Httpd < 2.4.33 : Possible out of bound read in mod_cache_socache

A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.33 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of modcachesocache...

USN-3538-1: OpenSSH vulnerabilities

Jann Horn discovered that OpenSSH incorrectly loaded PKCS11 modules from untrusted directories. A remote attacker could possibly use this issue to execute arbitrary PKCS11 modules. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2016-10009 Jann Horn discovered that OpenSSH...

USN-3538-1 openssh vulnerabilities

Jann Horn discovered that OpenSSH incorrectly loaded PKCS11 modules from untrusted directories. A remote attacker could possibly use this issue to execute arbitrary PKCS11 modules. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2016-10009 Jann Horn discovered that OpenSSH...

FreeBSD : FreeBSD -- POSIX shm allows jails to access global namespace (5b1463dd-dab3-11e7-b5af-a4badb2f4699)

Named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. Impact : A malicious user that has access to a jailed system is able to abuse shared memory by injecting...

FreeBSD 10.3 / 10.4 : shm Insecure Memory Vulnerability (FreeBSD-SA-17:09.shm)

The version of the FreeBSD kernel running on the remote host is prior to 10.3-RELEASE-p24, or 10.4 prior to 10.4-RELEASE-p3. It is, therefore, affected by a potential information disclosure vulnerabilities in shm. An authenticated, remote attacker can exploit this issue by accessing the shared...

DEBIAN-CVE-2017-1000405

The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmdmkdirty in the touchpmd function inside the THP implementation. touchpmd can be reached by getuserpages. In such case, the pmd will become dirty. This scenario breaks the new canfollowwritepmd's logic - pmd can become dirt...

UBUNTU-CVE-2017-1000405

The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmdmkdirty in the touchpmd function inside the THP implementation. touchpmd can be reached by getuserpages. In such case, the pmd will become dirty. This scenario breaks the new canfollowwritepmd's logic - pmd can become dirt...

IBM WebSphere MQ Memory Disclosure Vulnerability

IBM WebSphere MQ is a messaging middleware product from IBM, USA. The product focuses on providing a reliable and proven messaging backbone for Service Oriented Architecture SOA. A memory leak vulnerability exists in IBM WebSphere MQ versions 8.0 and 9.0. An attacker could exploit the vulnerabili...

Memory corruption

IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM X-Force ID: 125144...

CVE-2017-1283

IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM X-Force ID: 125144...

CVE-2017-1283

IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM X-Force ID: 125144...