Page 40 of 400 results (0.038 seconds)

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2018-12126 – hardware: Microarchitectural Store Buffer Data Sampling (MSBDS)

https://notcve.org/view.php?id=CVE-2018-12126

Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf En Microarchitectural Store Buffer Data Sampling (MSBDS): los búferes de almacenamiento en algunos microprocesadores que usan ejecución especulativa pueden permitir que un usuario autenticado active potencialmente la divulgación de información por medio de un canal lateral con acceso local. Puede encontrar una lista de los productos impactados aquí: https://www.intel.com/content/dam/www/public/us/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf. Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en https://access.redhat.com/errata/RH • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-385: Covert Timing Channel •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2018-12127 – hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS)

https://notcve.org/view.php?id=CVE-2018-12127

Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf En Microarchitectural Load Port Data Sampling (MLPDS): los puertos de carga en algunos microprocesadores que usan ejecución especulativa pueden permitir que un usuario autenticado active potencialmente la divulgación de información por medio de un canal lateral con acceso local. Puede encontrar una lista de los productos impactados aquí: https://www.intel.com/content/dam/www/public/us/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en https://access.redhat.com/errata/RH • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-385: Covert Timing Channel •

CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0

CVE-2018-12130 – hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS)

https://notcve.org/view.php?id=CVE-2018-12130

Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf En Microarchitectural Fill Buffer Data Sampling (MFBDS): El llenado de los búfer en algunos microprocesadores que utilizan ejecución especulativa pueden permitir que un usuario autenticado active potencialmente la divulgación de información por medio de un canal lateral con acceso local. Puede encontrar una lista de los productos impactados aquí: https://www.intel.com/content/dam/www/public/us/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf. A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en https://access.redhat.com/errata/RH • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-226: Sensitive Information in Resource Not Removed Before Reuse •

CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0

CVE-2019-11091 – hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

https://notcve.org/view.php?id=CVE-2019-11091

Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf En Microarchitectural Data Sampling Uncacheable Memory (MDSUM): La memoria no almacenable en algunos microprocesadores que utilizan ejecución especulativa puede permitir a un usuario autenticado activar potencialmente la divulgación de información por medio de un canal lateral con acceso local. Puede encontrar una lista de los productos impactados aquí: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00053.html http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190712-01-mds-en https://access.redhat.com/errata/RHSA-2019:1455 https://access.redhat.com/errata/RHSA-2019:2553 https://cert-portal.siemen • CWE-385: Covert Timing Channel •

CVSS: 5.5EPSS: 0%CPEs: 32EXPL: 0

CVE-2019-11833 – kernel: fs/ext4/extents.c leads to information disclosure

https://notcve.org/view.php?id=CVE-2019-11833

fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. fs / ext4 / extents.c en el kernel de Linux hasta 5.1.2 no pone a cero la región de memoria no utilizada en el bloque del árbol de extensión, lo que podría permitir a los usuarios locales obtener información confidencial al leer datos no inicializados en el sistema de archivos. A flaw was found in the Linux kernel's implementation of ext4 extent management. The kernel doesn't correctly initialize memory regions in the extent tree block which may be exported to a local user to obtain sensitive information by reading empty/uninitialized data from the filesystem. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html http://www.securityfocus.com/bid/108372 https://access.redhat.com/errata/RHSA-2019:2029 https://access.redhat.com/errata/RHSA-2019:2043 https://access.redhat.com/errata/RHSA-2019 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-908: Use of Uninitialized Resource •