CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7807
https://notcve.org/view.php?id=CVE-2018-7807
Data Center Expert, versions 7.5.0 and earlier, allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code. Data Center Expert, en versiones 7.5.0 y anteriores, permite la subida de un archivo .zip desde su interfaz de usuario al servidor. • https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.9EPSS: 0%CPEs: 1095EXPL: 0CVE-2018-3693 – Kernel: speculative bounds check bypass store
https://notcve.org/view.php?id=CVE-2018-3693
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. Los sistemas con microprocesadores que emplean la ejecución especulativa y la predicción de ramas podría permitir la divulgación no autorizada de información a un atacante con acceso de usuario local mediante un desbordamiento de búfer especulativo y el análisis de canal lateral. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). • https://access.redhat.com/errata/RHSA-2018:2384 https://access.redhat.com/errata/RHSA-2018:2390 https://access.redhat.com/errata/RHSA-2018:2395 https://access.redhat.com/errata/RHSA-2019:1946 https://access.redhat.com/errata/RHSA-2020:0174 https://cdrdv2.intel.com/v1/dl/getContent/685359 https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 https://security.netapp.com/advisory/ntap-20180823-0001 https://www.oracle.com/s • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 2CVE-2018-1124 – Procps-ng - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-1124
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users. procps-ng en versiones anteriores a la 3.3.15 es vulnerable a múltiples desbordamientos de enteros que conducen a una corrupción de la memoria dinámica (heap) en la función file2strvec. Esto permite el escalado de privilegios para un atacante local que puede crear entradas en procfs empezando procesos, lo que podría resultar en cierres inesperados o la ejecución de código arbitrario en las utilidades proc ejecutadas por otros usuarios. Multiple integer overflows leading to heap corruption flaws were discovered in file2strvec(). These vulnerabilities can lead to privilege escalation for a local attacker who can create entries in procfs by starting processes, which will lead to crashes or arbitrary code execution in proc utilities run by other users (eg pgrep, pkill, pidof, w). • https://www.exploit-db.com/exploits/44806 http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html http://seclists.org/oss-sec/2018/q2/122 http://www.securityfocus.com/bid/104214 http://www.securitytracker.com/id/1041057 https://access.redhat.com/errata/RHSA-2018:1700 https://access.redhat.com/errata/RHSA-2018:1777 https://access.redhat.com/errata/RHSA-2018:1820 https://access.redha • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 1CVE-2018-1126 – procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues
https://notcve.org/view.php?id=CVE-2018-1126
procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124. procps-ng en versiones anteriores a la 3.3.15 es vulnerable a un tamaño de entero incorrecto en proc/alloc.* que conduce a problemas de truncado/desbordamiento de enteros. Este error está relacionado con CVE-2018-1124. A flaw was found where procps-ng provides wrappers for standard C allocators that took `unsigned int` instead of `size_t` parameters. On platforms where these differ (such as x86_64), this could cause integer truncation, leading to undersized regions being returned to callers that could then be overflowed. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html http://seclists.org/oss-sec/2018/q2/122 http://www.securityfocus.com/bid/104214 http://www.securitytracker.com/id/1041057 https://access.redhat.com/errata/RHSA-2018:1700 https://access.redhat.com/errata/RHSA-2018:1777 https://access.redhat.com/errata/RHSA-2018:1820 https://access.redhat.com/errata/RHSA-2018:2267 https://access • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.6EPSS: 0%CPEs: 665EXPL: 5CVE-2018-3639 – AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass
https://notcve.org/view.php?id=CVE-2018-3639
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. Los sistemas con microprocesadores que emplean la ejecución especulativa y que realizan la ejecución especulativa de lecturas de memoria antes de que se conozcan las direcciones de todas las anteriores escrituras de memoria podrían permitir la divulgación no autorizada de información a un atacante con acceso de usuario local mediante un análisis de canal lateral. Esto también se conoce como Speculative Store Bypass (SSB), Variant 4. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). • https://www.exploit-db.com/exploits/44695 https://github.com/mmxsrup/CVE-2018-3639 https://github.com/Shuiliusheng/CVE-2018-3639-specter-v4- https://github.com/malindarathnayake/Intel-CVE-2018-3639-Mitigation_RegistryUpdate http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html http://support.lenovo.com/us/en/solutions/LEN-2213 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •