CVE-2018-3639 – AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass
https://notcve.org/view.php?id=CVE-2018-3639
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. Los sistemas con microprocesadores que emplean la ejecución especulativa y que realizan la ejecución especulativa de lecturas de memoria antes de que se conozcan las direcciones de todas las anteriores escrituras de memoria podrían permitir la divulgación no autorizada de información a un atacante con acceso de usuario local mediante un análisis de canal lateral. Esto también se conoce como Speculative Store Bypass (SSB), Variant 4. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). • https://www.exploit-db.com/exploits/44695 https://github.com/mmxsrup/CVE-2018-3639 https://github.com/Shuiliusheng/CVE-2018-3639-specter-v4- https://github.com/malindarathnayake/Intel-CVE-2018-3639-Mitigation_RegistryUpdate http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html http://support.lenovo.com/us/en/solutions/LEN-2213 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVE-2011-2039 – Cisco AnyConnect VPN Client - ActiveX URL Property Download and Execute
https://notcve.org/view.php?id=CVE-2011-2039
The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904. La aplicación de ayuda en Cisco Secure Mobility AnyConnect Client (anteriormente AnyConnect VPN Client) antes de v2.3.185 para Windows y Windows Mobile, descarga un archivo de cliente ejecutable, sin verificar su autenticidad, lo que permite a atacantes remotos ejecutar código arbitrario por suplantación de identidad del servidor VPN. Error también conocido como Bug ID CSCsy00904. • https://www.exploit-db.com/exploits/17366 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=909 http://osvdb.org/72714 http://securityreason.com/securityalert/8272 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml http://www.kb.cert.org/vuls/id/490097 http://www.securitytracker.com/id?1025591 https://exchange.xforce.ibmcloud.com/vulnerabilities/67739 • CWE-20: Improper Input Validation •
CVE-2011-2041
https://notcve.org/view.php?id=CVE-2011-2041
The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.254 on Windows, and on Windows Mobile, allows local users to gain privileges via unspecified user-interface interaction, aka Bug ID CSCta40556. La funcionalidad de comienzo Antes de inicio de sesión (SBL) en Cisco Secure Mobility AnyConnect Client (anteriormente AnyConnect VPN Client) antes de v2.3.254 en Windows, y Windows Mobile, permite a usuarios locales conseguir privilegios a través de una interacción no especificada con la interfaz de usuario. Error también conocido como Bug ID CSCta40556. • http://osvdb.org/72716 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml http://www.securityfocus.com/bid/48077 http://www.securitytracker.com/id?1025591 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2009-0244 – HTC / Android OBEX FTP Service Directory Traversal
https://notcve.org/view.php?id=CVE-2009-0244
Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder. Vulnerabilidad de salto de directorio en el Servicio OBEX FTP en la pila de Microsoft Bluetooth en Windows Mobile 6 Professional, y probablemente Windows Mobile 5.0 para Pocket PC y 5.0 para Pocket PC Phone Edition, permite a usuarios remotamente autentificados listar directorios de su elección y crear o leer archivos de su elección mediante .. (punto punto) en un nombre de ruta. • http://secunia.com/advisories/33598 http://securityreason.com/securityalert/4938 http://www.securityfocus.com/archive/1/500199/100/0/threaded http://www.securityfocus.com/bid/33359 http://www.seguridadmobile.com/windows-mobile/windows-mobile-security/Microsoft-Bluetooth-Stack-Directory-Traversal.html https://exchange.xforce.ibmcloud.com/vulnerabilities/48124 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2008-4540
https://notcve.org/view.php?id=CVE-2008-4540
Windows Mobile 6 on the HTC Hermes device makes WLAN passwords available to an auto-completion mechanism for the password input field, which allows physically proximate attackers to bypass password authentication and obtain WLAN access. Windows Mobile 6 en dispositivos HTC Hermes deja activado el mecanismo de auto-completado de las contraseñas de la WLAN, lo cual permite a atacantes físicamente próximos al dispositivo evitar la autenticación de la contraseña y obtener acceso a la WLAN. • http://securityreason.com/securityalert/4402 http://www.securityfocus.com/archive/1/497151/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/45857 • CWE-255: Credentials Management Errors •