CVSS: 5.6EPSS: 0%CPEs: 665EXPL: 5CVE-2018-3639 – AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass
https://notcve.org/view.php?id=CVE-2018-3639
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. Los sistemas con microprocesadores que emplean la ejecución especulativa y que realizan la ejecución especulativa de lecturas de memoria antes de que se conozcan las direcciones de todas las anteriores escrituras de memoria podrían permitir la divulgación no autorizada de información a un atacante con acceso de usuario local mediante un análisis de canal lateral. Esto también se conoce como Speculative Store Bypass (SSB), Variant 4. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). • https://www.exploit-db.com/exploits/44695 https://github.com/mmxsrup/CVE-2018-3639 https://github.com/Shuiliusheng/CVE-2018-3639-specter-v4- https://github.com/malindarathnayake/Intel-CVE-2018-3639-Mitigation_RegistryUpdate http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html http://support.lenovo.com/us/en/solutions/LEN-2213 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0CVE-2018-1059 – dpdk: Information exposure in unchecked guest physical to host virtual address translations
https://notcve.org/view.php?id=CVE-2018-1059
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable. La interfaz vhost de usuario de DPDK no verifica que el rango físico invitado solicitado esté mapeado y sea contiguo al realizar traducciones de direcciones físicas de invitado a direcciones virtuales del host. Esto podría conducir a que un invitado malicioso exponga la memoria del proceso del backend del usuario vhost. • https://access.redhat.com/errata/RHSA-2018:1267 https://access.redhat.com/errata/RHSA-2018:2038 https://access.redhat.com/errata/RHSA-2018:2102 https://access.redhat.com/errata/RHSA-2018:2524 https://access.redhat.com/security/cve/cve-2018-1059 https://bugzilla.redhat.com/show_bug.cgi?id=1544298 https://usn.ubuntu.com/3642-1 https://usn.ubuntu.com/3642-2 https://access.redhat.com/security/cve/CVE-2018-1059 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 31EXPL: 0CVE-2018-2781 – mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)
https://notcve.org/view.php?id=CVE-2018-2781
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/103825 http://www.securitytracker.com/id/1040698 https://access.redhat.com/errata/RHSA-2018:1254 https://access.redhat.com/errata/RHSA-2018:2439 https://access.redhat.com/errata/RHSA-2018:2729 https://access.redhat.com/errata/RHSA-2018:3655 https://access.redhat.com/errata/RHSA-2019:1258 https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html https://lists. •
CVSS: 7.7EPSS: 0%CPEs: 31EXPL: 0CVE-2018-2755 – mysql: Server: Replication unspecified vulnerability (CPU Apr 2018)
https://notcve.org/view.php?id=CVE-2018-2755
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/103807 http://www.securitytracker.com/id/1040698 https://access.redhat.com/errata/RHSA-2018:1254 https://access.redhat.com/errata/RHSA-2018:2439 https://access.redhat.com/errata/RHSA-2018:2729 https://access.redhat.com/errata/RHSA-2018:3655 https://access.redhat.com/errata/RHSA-2019:1258 https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html https://lists. •
CVSS: 4.3EPSS: 0%CPEs: 29EXPL: 0CVE-2018-2813 – mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)
https://notcve.org/view.php?id=CVE-2018-2813
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/103830 http://www.securitytracker.com/id/1040698 https://access.redhat.com/errata/RHSA-2018:1254 https://access.redhat.com/errata/RHSA-2018:2439 https://access.redhat.com/errata/RHSA-2018:2729 https://access.redhat.com/errata/RHSA-2018:3655 https://access.redhat.com/errata/RHSA-2019:1258 https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html https://lists. •