CVE-2018-3639 – AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass
https://notcve.org/view.php?id=CVE-2018-3639
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. Los sistemas con microprocesadores que emplean la ejecución especulativa y que realizan la ejecución especulativa de lecturas de memoria antes de que se conozcan las direcciones de todas las anteriores escrituras de memoria podrían permitir la divulgación no autorizada de información a un atacante con acceso de usuario local mediante un análisis de canal lateral. Esto también se conoce como Speculative Store Bypass (SSB), Variant 4. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). • https://www.exploit-db.com/exploits/44695 https://github.com/mmxsrup/CVE-2018-3639 https://github.com/Shuiliusheng/CVE-2018-3639-specter-v4- https://github.com/malindarathnayake/Intel-CVE-2018-3639-Mitigation_RegistryUpdate http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html http://support.lenovo.com/us/en/solutions/LEN-2213 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVE-2018-9103
https://notcve.org/view.php?id=CVE-2018-9103
A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. A successful exploit could allow an attacker to execute arbitrary scripts. Una vulnerabilidad en el componente conferencing de Mitel MiVoice Connect, en versiones R1707-PREM SP1 (21.84.5535.0) y anteriores y Mitel ST 14.2, en versiones GA27 (19.49.5200.0) y anteriores, podría permitir que un atacante no autenticado lleve a cabo un ataque de Cross-Site Scripting (XSS) reflejado debido a la validación insuficiente de la página signin.php. Su explotación con éxito podría permitir que el atacante ejecute scripts arbitrarios. • https://www.mitel.com/mitel-product-security-advisory-18-0003 https://www.mitel.com/sites/default/files/2018-Security-Bulletin-18-0003-001.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-9104
https://notcve.org/view.php?id=CVE-2018-9104
A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the api.php page. A successful exploit could allow an attacker to execute arbitrary scripts. Una vulnerabilidad en el componente conferencing de Mitel MiVoice Connect, en versiones R1707-PREM SP1 (21.84.5535.0) y anteriores y Mitel ST 14.2, en versiones GA27 (19.49.5200.0) y anteriores, podría permitir que un atacante no autenticado lleve a cabo un ataque de Cross-Site Scripting (XSS) reflejado debido a la validación insuficiente de la página api.php. Su explotación con éxito podría permitir que el atacante ejecute scripts arbitrarios. • https://www.mitel.com/mitel-product-security-advisory-18-0003 https://www.mitel.com/sites/default/files/2018-Security-Bulletin-18-0003-001.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-9102
https://notcve.org/view.php?id=CVE-2018-9102
A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the signin interface. A successful exploit could allow an attacker to extract sensitive information from the database. Una vulnerabilidad en el componente conferencing de Mitel MiVoice Connect, en versiones R1707-PREM SP1 (21.84.5535.0) y anteriores y Mitel ST 14.2, en versiones GA27 (19.49.5200.0) y anteriores, podría permitir que un atacante no autenticado lleve a cabo un ataque de inyección SQL debido a la validación insuficiente de entradas de la interfaz signin. Su explotación con éxito podría permitir que el atacante extraiga información sensible de la base de datos. • https://www.mitel.com/mitel-product-security-advisory-18-0003 https://www.mitel.com/sites/default/files/2018-Security-Bulletin-18-0003-001.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2018-9101
https://notcve.org/view.php?id=CVE-2018-9101
A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the launch_presenter.php page. A successful exploit could allow an attacker to execute arbitrary scripts. Una vulnerabilidad en el componente conferencing de Mitel MiVoice Connect, en versiones R1707-PREM SP1 (21.84.5535.0) y anteriores y Mitel ST 14.2, en versiones GA27 (19.49.5200.0) y anteriores, podría permitir que un atacante no autenticado lleve a cabo un ataque de Cross-Site Scripting (XSS) reflejado debido a la validación insuficiente de la página launch_presenter.php. Su explotación con éxito podría permitir que el atacante ejecute scripts arbitrarios. • https://www.mitel.com/mitel-product-security-advisory-18-0003 https://www.mitel.com/sites/default/files/2018-Security-Bulletin-18-0003-001.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •