CVSS: 6.5EPSS: 0%CPEs: 324EXPL: 0CVE-2019-11135 – hw: TSX Transaction Asynchronous Abort (TAA)
https://notcve.org/view.php?id=CVE-2019-11135
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. Una condición de tipo TSX Asynchronous Abort en algunas CPU que utilizan ejecución especulativa puede habilitar a un usuario autenticado para permitir potencialmente una divulgación de información por medio de un canal lateral con acceso local. A flaw was found in the way Intel CPUs handle speculative execution of instructions when the TSX Asynchronous Abort (TAA) error occurs. A local authenticated attacker with the ability to monitor execution times could infer the TSX memory state by comparing abort execution times. This could allow information disclosure via this observed side-channel for any TSX transaction being executed while an attacker is able to observe abort timing. Intel's Transactional Synchronisation Extensions (TSX) are set of instructions which enable transactional memory support to improve performance of the multi-threaded applications, in the lock-protected critical sections. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html http://packetstormsecurity.com/files/155375/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html http://www.openwall.com/lists/oss-security/2019/12/10/3 http://www.openwall.com/lists/oss-security/2019/12/10/4 http://www.openwall.com/lists/oss-security/2019/12 • CWE-203: Observable Discrepancy •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7120
https://notcve.org/view.php?id=CVE-2018-7120
A security vulnerability in the HPE Virtual Connect SE 16Gb Fibre Channel Module for HPE Synergy running firmware 5.00.50, which is part of the HPE Synergy Custom SPP 2018.11.20190205, could allow local or remote unauthorized elevation of privilege. Una vulnerabilidad de seguridad en HPE Virtual Connect SE 16Gb Fibre Channel Module para HPE Synergy que ejecuta firmware 5.00.50, que forma parte del HPE Synergy Custom SPP 2018.11.20190205, podría permitir la escalada no autorizada de privilegios local o remota. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03916en_us •
CVSS: 8.1EPSS: 0%CPEs: 15EXPL: 0CVE-2016-4377
https://notcve.org/view.php?id=CVE-2016-4377
HPE Smart Update in Storage Sizing Tool before 13.0, Converged Infrastructure Solution Sizer Suite (CISSS) before 2.13.1, Power Advisor before 7.8.2, Insight Management Sizer before 16.12.1, Synergy Planning Tool before 3.3, SAP Sizing Tool before 16.12.1, Sizing Tool for SAP Business Suite powered by HANA before 16.11.1, Sizer for ConvergedSystems Virtualization before 16.7.1, Sizer for Microsoft Exchange Server before 16.12.1, Sizer for Microsoft Lync Server 2013 before 16.12.1, Sizer for Microsoft SharePoint 2013 before 16.13.1, Sizer for Microsoft SharePoint 2010 before 16.11.1, and Sizer for Microsoft Skype for Business Server 2015 before 16.5.1 allows remote attackers to execute arbitrary code via unspecified vectors. HPE Smart Update en Storage Sizing Tool en versiones anteriores a 13.0, Converged Infrastructure Solution Sizer Suite (CISSS) en versiones anteriores a 2.13.1, Power Advisor en versiones anteriores a 7.8.2, Insight Management Sizer en versiones anteriores a 16.12.1, Synergy Planning Tool en versiones anteriores a 3.3, SAP Sizing Tool en versiones anteriores a 16.12.1, Sizing Tool para SAP Business Suite impulsado por HANA en versiones anteriores a 16.11.1, Sizer para ConvergedSystems Virtualization en versiones anteriores a 16.7.1, Sizer para Microsoft Exchange Server en versiones anteriores a 16.12.1, Sizer para Microsoft Lync Server 2013 en versiones anteriores a 16.12.1, Sizer para Microsoft SharePoint 2013 en versiones anteriores a 16.13.1, Sizer para Microsoft SharePoint 2010 en versiones anteriores a 16.11.1 y Sizer para Microsoft Skype para Business Server 2015 en versiones anteriores a 16.5.1 permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. • http://www.securityfocus.com/bid/92479 https://h20566.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05237578 •