CVE-2024-46544

An Incorrect Default Permissions vulnerability was found in Apache Tomcat Connectors that allows local users to view and modify shared memory containing modjk configuration, which may lead to information disclosure and denial of service. Mitigation Mitigation for this issue is either not availabl...

CVE-2024-46544

Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing modjk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49...

UBUNTU-CVE-2024-46544

Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing modjk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49...

Apache Tomcat 安全漏洞

Apache Tomcat is a lightweight Web application server from the American Apache Apache Foundation. The program implements support for Servlets and JavaServer Page JSP. A security vulnerability exists in Apache Tomcat that stems from a default privilege error. An attacker exploiting this...

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix null pointer dereference on error CVE-2024-41098 In the Linux kernel, the following vulnerability has been resolved: ethtool: check device is present when getting link settings CVE-2024-46679...

Amazon Linux 2 : firefox (ALASFIREFOX-2024-030)

The version of firefox installed on the remote host is prior to 115.14.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2024-030 advisory. Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be...

Fedora 39 : apr (2024-318343049c)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-318343049c advisory. This update to the apr package fixes a security issue in the handling of shared memory permissions. SECURITY: CVE-2023-49582: Apache Portable Runtime APR:...

CVE-2024-46689

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: cmd-db: Map shared memory as WC, not WB Linux does not write into cmd-db region. This region of memory is write protected by XPU. XPU may sometime falsely detect clean cache eviction as "write" into the write protected...

CVE-2024-46689 soc: qcom: cmd-db: Map shared memory as WC, not WB

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: cmd-db: Map shared memory as WC, not WB Linux does not write into cmd-db region. This region of memory is write protected by XPU. XPU may sometime falsely detect clean cache eviction as "write" into the write protected...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from mapping shared memory as WC instead of WB, which could lead to a security outage and an infinite loop in the...

kernel: mm: cachestat: fix two shmem bugs

CVE-2024-35797 is a vulnerability in the Linux kernel’s memory management, specifically affecting the cachestat feature when handling shared memory. The flaw stems from race conditions during operations like swapping or invalidation, which can lead to out-of-bounds memory access or invalid pointe...

The vulnerability of the _umtx_op system call in FreeBSD allows a hacker to execute arbitrary code.

The vulnerability of the umtxop system call in FreeBSD systems is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using the UMTXOPSHM operation...

MGASA-2024-0292 Updated apr packages fix security vulnerability

Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. CVE-2023-49582...

Fedora: Security Advisory (FEDORA-2024-b40491b84b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6995-1 thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing,...

CVE-2024-43102

Concurrent removals of certain anonymous shared memory mappings by using the UMTXSHMDESTROY sub-request of UMTXOPSHM can lead to decreasing the reference count of the object representing the mapping too many times, causing it to be freed too early. A malicious code exercizing the UMTXSHMDESTROY...

CVE-2024-43102 umtx Kernel panic or Use-After-Free

Concurrent removals of certain anonymous shared memory mappings by using the UMTXSHMDESTROY sub-request of UMTXOPSHM can lead to decreasing the reference count of the object representing the mapping too many times, causing it to be freed too early. A malicious code exercizing the UMTXSHMDESTROY...

CVE-2024-43102

CVE-2024-43102 describes a kernel-level issue in FreeBSD involving concurrent removals of anonymous shared memory mappings via the UMTX_SHM_DESTROY sub-request of UMTX_OP_SHM. The root cause is that the reference count for the mapping object can be decremented too many times, causing premature fr...

CVE-2024-43102 umtx Kernel panic or Use-After-Free

Concurrent removals of certain anonymous shared memory mappings by using the UMTXSHMDESTROY sub-request of UMTXOPSHM can lead to decreasing the reference count of the object representing the mapping too many times, causing it to be freed too early. A malicious code exercizing the UMTXSHMDESTROY...

Fedora 40 : apr (2024-b40491b84b)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-b40491b84b advisory. This update to the apr package fixes a security issue in the handling of shared memory permissions. SECURITY: CVE-2023-49582: Apache Portable Runtime APR:...