CVE-2018-3639 – AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass
https://notcve.org/view.php?id=CVE-2018-3639
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. Los sistemas con microprocesadores que emplean la ejecución especulativa y que realizan la ejecución especulativa de lecturas de memoria antes de que se conozcan las direcciones de todas las anteriores escrituras de memoria podrían permitir la divulgación no autorizada de información a un atacante con acceso de usuario local mediante un análisis de canal lateral. Esto también se conoce como Speculative Store Bypass (SSB), Variant 4. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). • https://www.exploit-db.com/exploits/44695 https://github.com/mmxsrup/CVE-2018-3639 https://github.com/Shuiliusheng/CVE-2018-3639-specter-v4- https://github.com/malindarathnayake/Intel-CVE-2018-3639-Mitigation_RegistryUpdate http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html http://support.lenovo.com/us/en/solutions/LEN-2213 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVE-2018-11237 – glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper
https://notcve.org/view.php?id=CVE-2018-11237
An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper. Una implementación optimizada para AVX-512 de la función mempcpy en GNU C Library (también conocido como glibc o libc6), en versiones 2.27 y anteriores, podría escribir datos más allá del búfer objetivo, lo que desemboca en un desbordamiento de búfer en __mempcpy_avx512_no_vzeroupper. A buffer overflow has been discovered in the GNU C Library (aka glibc or libc6) in the __mempcpy_avx512_no_vzeroupper function when particular conditions are met. An attacker could use this vulnerability to cause a denial of service or potentially execute code. GNU glibc versions prior to 2.27 suffer from a buffer overflow vulnerability. • http://www.securityfocus.com/bid/104256 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3092 https://security.netapp.com/advisory/ntap-20190329-0001 https://security.netapp.com/advisory/ntap-20190401-0001 https://sourceware.org/bugzilla/show_bug.cgi?id=23196 https://usn.ubuntu.com/4416-1 https://www.exploit-db.com/exploits/44750 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://access.redhat.com/security • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2018-11236 – glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow
https://notcve.org/view.php?id=CVE-2018-11236
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. stdlib/canonicalize.c en GNU C Library (también conocida como glibc o libc6), en versiones 2.27 y anteriores, al procesar argumentos con un nombre de ruta muy largo en la función realpath, podría encontrarse con un desbordamiento de enteros en arquitecturas de 32 bits. Esto podría desembocar en un desbordamiento de búfer basado en pila y en una potencial ejecución de código arbitrario. • http://www.securityfocus.com/bid/104255 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3092 https://security.netapp.com/advisory/ntap-20190329-0001 https://security.netapp.com/advisory/ntap-20190401-0001 https://sourceware.org/bugzilla/show_bug.cgi?id=22786 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=5460617d1567657621107d895ee2dd83bc1f88f2 https://usn.ubuntu.com/4416-1 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.h • CWE-121: Stack-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVE-2018-1000301 – curl: Out-of-bounds heap read when missing RTSP headers allows information leak or denial of service
https://notcve.org/view.php?id=CVE-2018-1000301
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0. curl en su versión 7.20.0 hasta la 7.59.0 contiene una vulnerabilidad CWE-126: sobrelectura de búfer y denegación de servicio (DoS) que puede resultar en que se puede engañar a curl para que lea datos más allá del final de un búfer de memoria dinámica (heap) que se usa para almacenar contenido RTSP descargado. La vulnerabilidad parece haber sido solucionada en las versiones anteriores a la 7.20.0 y en la 7.60.0 y posteriores. • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/104225 http://www.securitytracker.com/id/1040931 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3157 https://access.redhat.com/errata/RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2020:0544 https://access.redhat.com/errata/RHSA-2020:0594 https://curl • CWE-125: Out-of-bounds Read •
CVE-2018-11212 – libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c
https://notcve.org/view.php?id=CVE-2018-11212
An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file. Se ha descubierto un problema en libjpeg 9a y 9d. La función alloc_sarray en jmemmgr.c permite que los atacantes remotos provoquen una denegación de servicio (error de división entre cero) mediante un archivo manipulado. A divide by zero vulnerability has been discovered in libjpeg-turbo in alloc_sarray function of jmemmgr.c file. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html http://www.ijg.org http://www.securityfocus.com/bid/106583 https://access.redhat.com/errata/RHSA-2019:0469 https://access.redhat.com/errata/RHSA-2019:0472 https://access.redhat.com/errata/RHSA-2019:0473 https://access.redhat.com/errata/RHSA-2019:0474 https:/ • CWE-369: Divide By Zero •