CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 2CVE-2018-11218 – redis: Heap corruption in lua_cmsgpack.c
https://notcve.org/view.php?id=CVE-2018-11218
Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows. Se ha descubierto una corrupción de memoria en la biblioteca cmsgpack en el subsistema Lua en Redis en versiones anteriores a la 3.2.12, versiones 4.x anteriores a la 4.0.10 y versiones 5.x anteriores a la 5.0 RC2 debido a desbordamientos de búfer basados en pila. • http://antirez.com/news/119 http://www.securityfocus.com/bid/104553 https://access.redhat.com/errata/RHSA-2019:0052 https://access.redhat.com/errata/RHSA-2019:0094 https://access.redhat.com/errata/RHSA-2019:1860 https://github.com/antirez/redis/commit/52a00201fca331217c3b4b8b634f6a0f57d6b7d3 https://github.com/antirez/redis/commit/5ccb6f7a791bf3490357b00a898885759d98bab0 https://github.com/antirez/redis/issues/5017 https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES https://raw.git • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 2%CPEs: 8EXPL: 1CVE-2018-11219 – redis: Integer overflow in lua_struct.c:b_unpack()
https://notcve.org/view.php?id=CVE-2018-11219
An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking. Se ha descubierto un problema de desbordamiento de enteros en la biblioteca struct en el subsistema Lua en Redis en versiones anteriores a la 3.2.12, versiones 4.x anteriores a la 4.0.10 y versiones 5.x anteriores a la 5.0 RC2 que conduce a un error en la comprobación de límites. • http://antirez.com/news/119 http://www.securityfocus.com/bid/104552 https://access.redhat.com/errata/RHSA-2019:0052 https://access.redhat.com/errata/RHSA-2019:0094 https://access.redhat.com/errata/RHSA-2019:1860 https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3 https://github.com/antirez/redis/commit/e89086e09a38cc6713bcd4b9c29abf92cf393936 https://github.com/antirez/redis/issues/5017 https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES https://raw.git • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.2EPSS: 0%CPEs: 27EXPL: 0CVE-2018-11806 – Qemu Slirp Networking Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-11806
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. m_cat en slirp/mbuf.c en Qemu tiene un desbordamiento de búfer basado en memoria dinámica (heap) mediante los datagramas entrantes fragmentados. A heap buffer overflow issue was found in the way SLiRP networking back-end in QEMU processes fragmented packets. It could occur while reassembling the fragmented datagrams of an incoming packet. A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS or potentially leverage it to execute arbitrary code on the host with privileges of the QEMU process. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Qemu. • http://www.openwall.com/lists/oss-security/2018/06/07/1 http://www.securityfocus.com/bid/104400 https://access.redhat.com/errata/RHSA-2018:2462 https://access.redhat.com/errata/RHSA-2018:2762 https://access.redhat.com/errata/RHSA-2018:2822 https://access.redhat.com/errata/RHSA-2018:2887 https://access.redhat.com/errata/RHSA-2019:2892 https://bugzilla.redhat.com/show_bug.cgi?id=1586245 https://lists.debian.org/debian-lts-announce/2019/05/msg00010.html https://li • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.6EPSS: 0%CPEs: 665EXPL: 5CVE-2018-3639 – AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass
https://notcve.org/view.php?id=CVE-2018-3639
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. Los sistemas con microprocesadores que emplean la ejecución especulativa y que realizan la ejecución especulativa de lecturas de memoria antes de que se conozcan las direcciones de todas las anteriores escrituras de memoria podrían permitir la divulgación no autorizada de información a un atacante con acceso de usuario local mediante un análisis de canal lateral. Esto también se conoce como Speculative Store Bypass (SSB), Variant 4. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). • https://www.exploit-db.com/exploits/44695 https://github.com/mmxsrup/CVE-2018-3639 https://github.com/Shuiliusheng/CVE-2018-3639-specter-v4- https://github.com/malindarathnayake/Intel-CVE-2018-3639-Mitigation_RegistryUpdate http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html http://support.lenovo.com/us/en/solutions/LEN-2213 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0CVE-2018-1059 – dpdk: Information exposure in unchecked guest physical to host virtual address translations
https://notcve.org/view.php?id=CVE-2018-1059
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable. La interfaz vhost de usuario de DPDK no verifica que el rango físico invitado solicitado esté mapeado y sea contiguo al realizar traducciones de direcciones físicas de invitado a direcciones virtuales del host. Esto podría conducir a que un invitado malicioso exponga la memoria del proceso del backend del usuario vhost. • https://access.redhat.com/errata/RHSA-2018:1267 https://access.redhat.com/errata/RHSA-2018:2038 https://access.redhat.com/errata/RHSA-2018:2102 https://access.redhat.com/errata/RHSA-2018:2524 https://access.redhat.com/security/cve/cve-2018-1059 https://bugzilla.redhat.com/show_bug.cgi?id=1544298 https://usn.ubuntu.com/3642-1 https://usn.ubuntu.com/3642-2 https://access.redhat.com/security/cve/CVE-2018-1059 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •