Google Chrome elevation of privilege vulnerability (CNVD-2018-09120)

Google Chrome is a web browser developed by the American company Google Google. A security vulnerability exists in versions prior to Google Chrome 65.0.3325.146, which stems from the program's failure to assign the correct permissions to shared memory. A remote attacker could exploit this...

Google Chrome elevation of privilege vulnerability (CNVD-2018-09121)

Google Chrome is a web browser developed by the American company Google Google. A security vulnerability exists in versions prior to Google Chrome 65.0.3325.146, which stems from the program's failure to assign the correct permissions to shared memory. A remote attacker could exploit this...

IBM DB2 Shared Memory Insecure Permissions Vulnerability

Summary An exploitable shared memory permissions vulnerability exists in the functionality of IBM DB2 10.5.0.7. An attacker can access the shared memory without any specific permissions to trigger this vulnerability. Tested Versions IBM DB2 10.5.0.7 Product URLs...

SUSE SLES12 Security Update : apache2 (SUSE-SU-2018:0879-1)

This update for apache2 fixes the following issues : - CVE-2018-1283: when modsession is configured to forward its session data to CGI applications SessionEnv on, not the default, a remote user may influence their content by using a 'Session' header leading to unexpected behavior bsc1086814. -...

ALPINE-CVE-2018-1303

A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of modcachesocache. The vulnerability is considere...

CVE-2018-1303

A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of modcachesocache. The vulnerability is considere...

DEBIAN-CVE-2018-1303

A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of modcachesocache. The vulnerability is considere...

Design/Logic Flaw

A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of modcachesocache. The vulnerability is considere...

CVE-2018-1303

A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of modcachesocache. The vulnerability is considere...

CVE-2018-1303

A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of modcachesocache. The vulnerability is considere...

CVE-2018-1303

A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of modcachesocache. The vulnerability is considere...

CVE-2018-1303

A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of modcachesocache. The vulnerability is considere...

Chromium: Calling "mojo::WrapSharedMemoryHandle" is insufficient to produce read-only descriptors for IPC(CVE-2018-6063)

VULNERABILITY DETAILS The "mojo::WrapSharedMemoryHandle" function is used to produce a "base::SharedBufferHandle" wrapping a given "base::SharedMemoryHandle". The created buffer handle can be sent over Mojo IPC to remote endpoints, including across process boundaries. In some cases, shared memory...

RHEL 6 : chromium-browser (RHSA-2018:0484)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2018:0484 advisory. Chromium is an open-source web browser, powered by WebKit Blink. This update upgrades Chromium to version 65.0.3325.146. Security Fixes:...

chromium-browser: incorrect permissions on shared memory

Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page...

chromium-browser: incorrect permissions on shared memory

Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page...

Google Chrome Multiple Security Vulnerabilities (Mar 2018) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

Google Chrome Multiple Security Vulnerabilities (Mar 2018) - Windows

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 65 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 65.0.3325.146 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcomin...

IBM Client Application Access and Notes Elevation of Privilege Vulnerability (CNVD-2018-03879)

IBM Client Application Access and IBM Notes are both products of IBM Corporation in the U.S. IBM Client Application Access is a set of tools for accessing local applications.IBM Notes is a set of collaborative office software. An elevation of privilege vulnerability exists in IBM Client Applicati...