USN-5927-1 linux-azure-4.15 vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

PUB-A-242203672

In ffamrdprot of sharedmem.c, there is a possible ID due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

K17839423: PHP vulnerability CVE-2021-21703

Security Advisory Description In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to...

SUSE CVE-2002-0839

The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service process kill or possibly other behaviors that would not normally be allowed, by modifying the...

SUSE CVE-2006-2071

Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC permissions and modify a readonly attachment of shared memory by using mprotect to give write permission to the attachment. NOTE: some original raw sources combined this issue with CVE-2006-1524, but they are different bug...

SUSE CVE-2006-3815

heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call for shared memory, which allows local users to cause an unspecified denial of service via unknown vectors, possibly during a short time window on startup...

SUSE CVE-2006-4342

The kernel in Red Hat Enterprise Linux 3, when running on SMP systems, allows local users to cause a denial of service deadlock by running the shmat function on an shm at the same time that shmctl is removing that shm IPCRMID, which prevents a spinlock from being unlocked...

SUSE CVE-2007-3100

usr/log.c in iscsid in open-iscsi iscsi-initiator-utils before 2.0-865 uses a semaphore with insecure permissions world-writable/world-readable for managing log messages using shared memory, which allows local users to cause a denial of service hang by grabbing the semaphore...

SUSE CVE-2007-6429

Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via 1 a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or 2 a request containing valu...

SUSE CVE-2008-1379

Integer overflow in the fbShmPutImage function in the MIT-SHM extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to read arbitrary process memory via crafted values for a Pixmap width and height...

SUSE CVE-2009-0859

The shmgetstat function in ipc/shm.c in the shm subsystem in the Linux kernel before 2.6.28.5, when CONFIGSHMEM is disabled, misinterprets the data type of an inode, which allows local users to cause a denial of service system hang via an SHMINFO shmctl call, as demonstrated by running the ipcs...

SUSE CVE-2010-2240

The doanonymouspage function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to t...

SUSE CVE-2011-0461

/etc/init.d/boot.localfs in the aaabase package before 11.2-43.48.1 in SUSE openSUSE 11.2, and before 11.3-8.7.1 in openSUSE 11.3, allows local users to overwrite arbitrary files via a symlink attack on /dev/shm/mtab...

SUSE CVE-2012-0031

scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service daemon crash during shutdown or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free...

SUSE CVE-2012-5154

Integer overflow in Google Chrome before 24.0.1312.52 on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to allocation of shared memory...

SUSE CVE-2013-0254

The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions world-readable and world-writable for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrat...

SUSE CVE-2013-0838

Google Chrome before 24.0.1312.52 on Linux uses weak permissions for shared memory segments, which has unspecified impact and attack vectors...

SUSE CVE-2013-2905

The SharedMemory::Create function in memory/sharedmemoryposix.cc in Google Chrome before 29.0.1547.57 uses weak permissions under /dev/shm/, which allows attackers to obtain sensitive information via direct access to a POSIX shared-memory file...

SUSE CVE-2013-7026

Multiple race conditions in ipc/shm.c in the Linux kernel before 3.12.2 allow local users to cause a denial of service use-after-free and system crash or possibly have unspecified other impact via a crafted application that uses shmctl IPCRMID operations in conjunction with other shm system calls...

SUSE CVE-2014-1744

Integer overflow in the AudioInputRendererHost::OnCreateStream function in content/browser/rendererhost/media/audioinputrendererhost.cc in Google Chrome before 35.0.1916.114 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a...