CVSS: 6.5EPSS: 0%CPEs: 1589EXPL: 0CVE-2018-12207 – hw: Machine Check Error on Page Size Change (IFU)
https://notcve.org/view.php?id=CVE-2018-12207
Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. Una invalidación inapropiada de las actualizaciones de la tabla de páginas por parte de un sistema operativo invitado virtual para múltiples procesadores Intel® puede habilitar a un usuario autenticado para permitir potencialmente una denegación de servicio del sistema host por medio de un acceso local. A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor, resulting in a severe DoS scenario by halting the processor. System software like OS OR Virtual Machine Monitor (VMM) use virtual memory system for storing program instructions and data in memory. Virtual Memory system uses Paging structures like Page Tables and Page Directories to manage system memory. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html https://access.redhat.com/errata/RHSA-2019:3916 https://access.redhat.com/errata/RHSA-2019:3936 https://access.redhat.com/errata/RHSA-2019:3941 https://access.redhat.com/errata/RHSA-2020:0026 https://access.redhat.com/errata/RHSA-2020:0028 https://access.redhat.com/errata/RHSA-2020:0204 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW https:/&#x • CWE-20: Improper Input Validation CWE-226: Sensitive Information in Resource Not Removed Before Reuse •
CVSS: 9.1EPSS: 2%CPEs: 81EXPL: 2CVE-2019-10744 – nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties
https://notcve.org/view.php?id=CVE-2019-10744
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload. Las versiones de lodash inferiores a 4.17.12, son vulnerables a la Contaminación de Prototipo. La función defaultsDeep podría ser engañada para agregar o modificar las propiedades de Object.prototype usando una carga útil de constructor. A Prototype Pollution vulnerability was found in lodash. • https://github.com/ossf-cve-benchmark/CVE-2019-10744 https://access.redhat.com/errata/RHSA-2019:3024 https://security.netapp.com/advisory/ntap-20191004-0005 https://snyk.io/vuln/SNYK-JS-LODASH-450202 https://support.f5.com/csp/article/K47105354?utm_source=f5support&%3Butm_medium=RSS https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpuoct2020.html https://access.redhat.com/security/cve/CVE-2019-10744 https://bugzilla.redhat.com/show_ • CWE-20: Improper Input Validation CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 5.9EPSS: 1%CPEs: 180EXPL: 0CVE-2019-1559 – 0-byte record padding oracle
https://notcve.org/view.php?id=CVE-2019-1559
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html http://www.securityfocus.com/bid/107174 https://access. • CWE-203: Observable Discrepancy CWE-325: Missing Cryptographic Step •
CVSS: 5.6EPSS: 0%CPEs: 665EXPL: 5CVE-2018-3639 – AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass
https://notcve.org/view.php?id=CVE-2018-3639
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. Los sistemas con microprocesadores que emplean la ejecución especulativa y que realizan la ejecución especulativa de lecturas de memoria antes de que se conozcan las direcciones de todas las anteriores escrituras de memoria podrían permitir la divulgación no autorizada de información a un atacante con acceso de usuario local mediante un análisis de canal lateral. Esto también se conoce como Speculative Store Bypass (SSB), Variant 4. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). • https://www.exploit-db.com/exploits/44695 https://github.com/mmxsrup/CVE-2018-3639 https://github.com/Shuiliusheng/CVE-2018-3639-specter-v4- https://github.com/malindarathnayake/Intel-CVE-2018-3639-Mitigation_RegistryUpdate http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html http://support.lenovo.com/us/en/solutions/LEN-2213 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 5.6EPSS: 97%CPEs: 1467EXPL: 3CVE-2017-5753 – Multiple CPUs - 'Spectre' Information Disclosure
https://notcve.org/view.php?id=CVE-2017-5753
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Los sistemas con microprocesadores con ejecución especulativa y predicción de ramas podrían permitir la revelación no autorizada de información al atacante con acceso de usuario local mediante un análisis de un canal lateral. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. • https://www.exploit-db.com/exploits/43427 https://github.com/sachinthaBS/Spectre-Vulnerability-CVE-2017-5753- http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html http://nvidia.custhe • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •