CVSS: 4.8EPSS: 0%CPEs: 41EXPL: 2CVE-2018-5407 – Intel (Skylake / Kaby Lake) - 'PortSmash' CPU SMT Side-Channel
https://notcve.org/view.php?id=CVE-2018-5407
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. SMT (Simultaneous Multi-threading) en los procesadores puede habilitar que usuarios locales exploten software vulnerable a ataques de sincronización mediante un ataques de sincronización de canal lateral en la "contención de puertos". A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information. • https://www.exploit-db.com/exploits/45785 http://www.securityfocus.com/bid/105897 https://access.redhat.com/errata/RHSA-2019:0483 https://access.redhat.com/errata/RHSA-2019:0651 https://access.redhat.com/errata/RHSA-2019:0652 https://access.redhat.com/errata/RHSA-2019:2125 https://access.redhat.com/errata/RHSA-2019:3929 https://access.redhat.com/errata/RHSA-2019:3931 https://access.redhat.com/errata/RHSA-2019:3932 https://access.redhat.com/errata/RHSA-2019:3933 https& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 6.5EPSS: 0%CPEs: 20EXPL: 1CVE-2018-18897 – poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc
https://notcve.org/view.php?id=CVE-2018-18897
An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. Se ha descubierto un problema en Poppler 0.71.0. Hay una fuga de memoria en GfxColorSpace::setDisplayProfile in GfxState.cc, tal y como queda demostrado con pdftocairo. • https://access.redhat.com/errata/RHSA-2019:2022 https://access.redhat.com/errata/RHSA-2019:2713 https://gitlab.freedesktop.org/poppler/poppler/issues/654 https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html https://usn.ubuntu.com/4042-1 https://access.redhat.com/security/cve/CVE-2018-18897 https://bugzilla.redhat.com/show_bug.cgi?id=1646546 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-14652 – glusterfs: Buffer overflow in "features/locks" translator allows for denial of service
https://notcve.org/view.php?id=CVE-2018-14652
The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of service. El sistema de archivos Gluster hasta las versiones 3.12 y 4.1.4 es vulnerable a un desbordamiento de búfer en el traductor "features/index" mediante el código que maneja el xattr "GF_XATTR_CLRLK_CMD" en la función "pl_getxattr". Un atacante autenticado remoto podría explotar esta vulnerabilidad en un volumen montado para provocar una denegación de servicio (DoS). A buffer overflow was found in strncpy of the pl_getxattr() function. • https://access.redhat.com/errata/RHSA-2018:3431 https://access.redhat.com/errata/RHSA-2018:3432 https://access.redhat.com/errata/RHSA-2018:3470 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14652 https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html https://security.gentoo.org/glsa/201904-06 https://access.redhat.com/security/cve/CVE-2018-14652 https://bugzilla.redhat.com/show_bug.cg • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-14651 – glusterfs: glusterfs server exploitable via symlinks to relative paths
https://notcve.org/view.php?id=CVE-2018-14651
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths. Se ha descubierto que la solución para CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930 y CVE-2018-10926 estaba incompleta. Un atacante autenticado remoto podría emplear uno de estos errores para ejecutar código arbitrario, crear archivos arbitrarios o provocar una denegación de servicio en los nodos del servidor glusterfs mediante vínculos simbólicos a rutas relativas. • https://access.redhat.com/errata/RHSA-2018:3431 https://access.redhat.com/errata/RHSA-2018:3432 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14651 https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html https://security.gentoo.org/glsa/201904-06 https://access.redhat.com/security/cve/CVE-2018-14651 https://bugzilla.redhat.com/show_bug.cgi?id=1632557 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2018-14659 – glusterfs: Unlimited file creation via "GF_XATTR_IOSTATS_DUMP_KEY" xattr allows for denial of service
https://notcve.org/view.php?id=CVE-2018-14659
The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory. El sistema de archivos Gluster hasta las versiones 3.12 y 4.1.4 es vulnerable a un ataque de denegación de servicio (DoS) mediante el uso del xattr "GF_XATTR_IOSTATS_DUMP_KEY". Un atacante autenticado remoto podría explotar esta vulnerabilidad montando un volumen Gluster y llamando repetidamente a "setxattr(2)" para desencadenar un volcado de estado y crear un número arbitrario de archivos en el directorio runtime del servidor. A flaw was found in glusterfs server which allowed clients to create io-stats dumps on server node. • https://access.redhat.com/errata/RHSA-2018:3431 https://access.redhat.com/errata/RHSA-2018:3432 https://access.redhat.com/errata/RHSA-2018:3470 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14659 https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html https://security.gentoo.org/glsa/201904-06 https://access.redhat.com/security/cve/CVE-2018-14659 https://bugzilla.redhat.com/show_bug.cg • CWE-400: Uncontrolled Resource Consumption •