Vulnerability & Exploit Database

Displaying all 10 entries

Results for: CVE-2018-18344 Back to search

Google Chrome Vulnerability: CVE-2018-18344 Vulnerability

  • Severity: 4
  • Published: December 11, 2018

Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension.

SUSE: CVE-2018-18344: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: December 07, 2018

Inappropriate allowance of the setDownloadBehavior devtools protocol feature in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker with control of an installed extension to access files on the local file system via a crafted Chrome Extension.

Debian: CVE-2018-18344: chromium-browser -- security update Vulnerability

  • Severity: 4
  • Published: December 07, 2018

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From DSA-4352:

Several vulnerabilities have been discovered in the chromium web browser.

SUSE: CVE-2017-18344: SUSE Linux Security Advisory Vulnerability

  • Severity: 2
  • Published: July 26, 2018

The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (...

Red Hat: CVE-2017-18344: Important: kernel-alt security, bug fix, and enhancement update (Multiple Advisories) Vulnerability

  • Severity: 2
  • Published: July 26, 2018

The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (...

Huawei EulerOS: CVE-2017-18344: kernel security update Vulnerability

  • Severity: 2
  • Published: July 26, 2018

The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (...

Huawei EulerOS: CVE-2017-18344: kernel security update Vulnerability

  • Severity: 2
  • Published: July 26, 2018

The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (...