CVSS: 6.4EPSS: 0%CPEs: 129EXPL: 0CVE-2018-3615
https://notcve.org/view.php?id=CVE-2018-3615
Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis. Los sistemas con microprocesadores que emplean ejecución especulativa y extensiones Intel software guard (Intel SGX) podría permitir la fuga no autorizada de información que reside en la caché de datos L1 desde un enclave a un atacante con acceso de usuario local mediante un análisis de canal lateral. • http://support.lenovo.com/us/en/solutions/LEN-24163 http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en http://www.securityfocus.com/bid/105080 http://www.securitytracker.com/id/1041451 https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf https://foreshadowattack.eu https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html https://psirt.global.sonicwall.com/vuln-detail/ • CWE-203: Observable Discrepancy •
CVSS: 7.6EPSS: 0%CPEs: 164EXPL: 0CVE-2018-3652
https://notcve.org/view.php?id=CVE-2018-3652
Existing UEFI setting restrictions for DCI (Direct Connect Interface) in 5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family allows a limited physical presence attacker to potentially access platform secrets via debug interfaces. Las restricciones de configuración UEFI existentes para DCI (Direct Connect Interface) en la familia E3 de procesadores Intel Xeon de 5ª y 6ª generación, los procesadores Intel Xeon Scalable y la familia D de procesadores Intel Xeon permiten que un atacante con presencia física limitada acceda potencialmente a los secretos de la plataforma mediante las interfaces de depuración. • https://security.netapp.com/advisory/ntap-20180802-0001 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00127.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 761EXPL: 0CVE-2018-3628
https://notcve.org/view.php?id=CVE-2018-3628
Buffer overflow in HTTP handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to execute arbitrary code via the same subnet. Desbordamiento de búfer en el manipulador HTTP en Intel Active Management Technology en Intel Converged Security Manageability Engine con versiones de firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x y 11.x podría permitir que un atacante ejecute código arbitrario mediante la misma subred. • http://www.securitytracker.com/id/1041362 https://security.netapp.com/advisory/ntap-20190327-0001 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03868en_us https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 1095EXPL: 0CVE-2018-3693 – Kernel: speculative bounds check bypass store
https://notcve.org/view.php?id=CVE-2018-3693
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. Los sistemas con microprocesadores que emplean la ejecución especulativa y la predicción de ramas podría permitir la divulgación no autorizada de información a un atacante con acceso de usuario local mediante un desbordamiento de búfer especulativo y el análisis de canal lateral. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). • https://access.redhat.com/errata/RHSA-2018:2384 https://access.redhat.com/errata/RHSA-2018:2390 https://access.redhat.com/errata/RHSA-2018:2395 https://access.redhat.com/errata/RHSA-2019:1946 https://access.redhat.com/errata/RHSA-2020:0174 https://cdrdv2.intel.com/v1/dl/getContent/685359 https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 https://security.netapp.com/advisory/ntap-20180823-0001 https://www.oracle.com/s • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.6EPSS: 0%CPEs: 500EXPL: 0CVE-2018-3640
https://notcve.org/view.php?id=CVE-2018-3640
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a. Los sistemas con microprocesadores que emplean la ejecución especulativa y que realizan lecturas especulativas de registros del sistema podrían permitir la divulgación no autorizada de parámetros del sistema a un atacante con acceso de usuario local mediante un análisis de canal lateral. Esto también se conoce como Rogue System Register Read (RSRE), Variant 3a. • http://support.lenovo.com/us/en/solutions/LEN-22133 http://www.fujitsu.com/global/support/products/software/security/products-f/cve-2018-3639e.html http://www.securityfocus.com/bid/104228 http://www.securitytracker.com/id/1040949 http://www.securitytracker.com/id/1042004 https://cert-portal.siemens.com/productcert/pdf/ssa-268644.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability https:&#x • CWE-203: Observable Discrepancy •