CVSS: 4.8EPSS: 0%CPEs: 41EXPL: 2CVE-2018-5407 – Intel (Skylake / Kaby Lake) - 'PortSmash' CPU SMT Side-Channel
https://notcve.org/view.php?id=CVE-2018-5407
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. SMT (Simultaneous Multi-threading) en los procesadores puede habilitar que usuarios locales exploten software vulnerable a ataques de sincronización mediante un ataques de sincronización de canal lateral en la "contención de puertos". A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information. • https://www.exploit-db.com/exploits/45785 http://www.securityfocus.com/bid/105897 https://access.redhat.com/errata/RHSA-2019:0483 https://access.redhat.com/errata/RHSA-2019:0651 https://access.redhat.com/errata/RHSA-2019:0652 https://access.redhat.com/errata/RHSA-2019:2125 https://access.redhat.com/errata/RHSA-2019:3929 https://access.redhat.com/errata/RHSA-2019:3931 https://access.redhat.com/errata/RHSA-2019:3932 https://access.redhat.com/errata/RHSA-2019:3933 https& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-16847
https://notcve.org/view.php?id=CVE-2018-16847
An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process. Se ha encontrado un problema de acceso fuera de límites al búfer de memoria dinámica (heap) r/w en la emulación NVM Express Controller en QEMU. Podría ocurrir en las rutinas nvme_cmb_ops en el dispositivo nvme. • http://www.securityfocus.com/bid/105866 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16847 https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html https://usn.ubuntu.com/3826-1 https://www.openwall.com/lists/oss-security/2018/11/02/1 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 0CVE-2016-6328
https://notcve.org/view.php?id=CVE-2016-6328
A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data). Se ha encontrado una vulnerabilidad en libexif. Hay un desbordamiento de enteros al analizar los datos de la entrada MNOTE del archivo de entradas. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-6328 https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html https://security.gentoo.org/glsa/202007-05 https://usn.ubuntu.com/4277-1 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 1CVE-2018-18873
https://notcve.org/view.php?id=CVE-2018-18873
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c. Se ha descubierto un problema en JasPer 2.0.14. Hay una desreferencia de puntero NULL en la función ras_putdatastd en ras/ras_enc.c. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html https://github.com/mdadams/jasper/issues/184 https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html https://security.gentoo.org/glsa/201908-03 https://www.oracle.com/security-alerts/cpuapr2020.html • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-16840 – curl: Use-after-free when closing "easy" handle in Curl_close()
https://notcve.org/view.php?id=CVE-2018-16840
A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct. Se ha detectado un error de uso de memoria dinámica (heap) previamente liberada en Curl, desde la versión 7.59.0 hasta la 7.61.1, en el código relacionado con el cierre de un controlador "easy". Al cerrar y limpiar un controlador "easy" en la función "Curl_close()", el código de la biblioteca libera, en primer lugar, un struct (sin pasar el puntero a null) y, después, podría escribir erróneamente en un campo struct dentro del struct ya liberado. • http://www.securitytracker.com/id/1042013 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16840 https://curl.haxx.se/docs/CVE-2018-16840.html https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f https://security.gentoo.org/glsa/201903-03 https://usn.ubuntu.com/3805-1 https://access.redhat.com/security/cve/CVE-2018-16840 https://bugzilla.redhat.com/show_bug.cgi?id=1642203 • CWE-416: Use After Free •