ALT-PU-2018-2246-1
Closed vulnerabilities
Published: 2018-10-30
BDU:2018-01636
Уязвимость процессоров Intel архитектур Skylake и Kaby Lake, связанная с ошибками реализации технологии одновременной многопоточности (SMT), позволяющая нарушителю раскрыть защищаемую информацию
Severity: HIGH (7.1)
Vector: AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
References:
Published: 2018-06-12
BDU:2019-00186
Уязвимость библиотеки OpenSSL, связанная с ошибками обработки криптографических ключей при использовании протокола DH (E), позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2018-06-12
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-0732
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- 104442
- 104442
- 1041090
- 1041090
- RHSA-2018:2552
- RHSA-2018:2552
- RHSA-2018:2553
- RHSA-2018:2553
- RHSA-2018:3221
- RHSA-2018:3221
- RHSA-2018:3505
- RHSA-2018:3505
- RHSA-2019:1296
- RHSA-2019:1296
- RHSA-2019:1297
- RHSA-2019:1297
- RHSA-2019:1543
- RHSA-2019:1543
- https://cert-portal.siemens.com/productcert/pdf/ssa-419820.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-419820.pdf
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3984ef0b72831da8b3ece4745cac4f8575b19098
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3984ef0b72831da8b3ece4745cac4f8575b19098
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ea7abeeabf92b7aca160bdd0208636d4da69f4f4
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ea7abeeabf92b7aca160bdd0208636d4da69f4f4
- [debian-lts-announce] 20180728 [SECURITY] [DLA 1449-1] openssl security update
- [debian-lts-announce] 20180728 [SECURITY] [DLA 1449-1] openssl security update
- FEDORA-2019-db06efdea1
- FEDORA-2019-db06efdea1
- FEDORA-2019-9a0a7c0986
- FEDORA-2019-9a0a7c0986
- FEDORA-2019-00c25b9379
- FEDORA-2019-00c25b9379
- https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
- https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
- GLSA-201811-03
- GLSA-201811-03
- https://security.netapp.com/advisory/ntap-20181105-0001/
- https://security.netapp.com/advisory/ntap-20181105-0001/
- https://security.netapp.com/advisory/ntap-20190118-0002/
- https://security.netapp.com/advisory/ntap-20190118-0002/
- https://securityadvisories.paloaltonetworks.com/Home/Detail/133
- https://securityadvisories.paloaltonetworks.com/Home/Detail/133
- USN-3692-1
- USN-3692-1
- USN-3692-2
- USN-3692-2
- DSA-4348
- DSA-4348
- DSA-4355
- DSA-4355
- https://www.openssl.org/news/secadv/20180612.txt
- https://www.openssl.org/news/secadv/20180612.txt
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://www.tenable.com/security/tns-2018-12
- https://www.tenable.com/security/tns-2018-12
- https://www.tenable.com/security/tns-2018-13
- https://www.tenable.com/security/tns-2018-13
- https://www.tenable.com/security/tns-2018-14
- https://www.tenable.com/security/tns-2018-14
- https://www.tenable.com/security/tns-2018-17
- https://www.tenable.com/security/tns-2018-17
Published: 2018-08-21
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-12115
In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.
Severity: HIGH (7.5)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- 105127
- 105127
- RHSA-2018:2552
- RHSA-2018:2552
- RHSA-2018:2553
- RHSA-2018:2553
- RHSA-2018:2944
- RHSA-2018:2944
- RHSA-2018:2949
- RHSA-2018:2949
- RHSA-2018:3537
- RHSA-2018:3537
- https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
- https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/
- GLSA-202003-48
- GLSA-202003-48
Published: 2018-11-16
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-5407
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
Severity: MEDIUM (4.7)
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
References:
- 105897
- 105897
- RHSA-2019:0483
- RHSA-2019:0483
- RHSA-2019:0651
- RHSA-2019:0651
- RHSA-2019:0652
- RHSA-2019:0652
- RHSA-2019:2125
- RHSA-2019:2125
- RHSA-2019:3929
- RHSA-2019:3929
- RHSA-2019:3931
- RHSA-2019:3931
- RHSA-2019:3932
- RHSA-2019:3932
- RHSA-2019:3933
- RHSA-2019:3933
- RHSA-2019:3935
- RHSA-2019:3935
- https://eprint.iacr.org/2018/1060.pdf
- https://eprint.iacr.org/2018/1060.pdf
- https://github.com/bbbrumley/portsmash
- https://github.com/bbbrumley/portsmash
- [debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update
- [debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update
- https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
- https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
- GLSA-201903-10
- GLSA-201903-10
- https://security.netapp.com/advisory/ntap-20181126-0001/
- https://security.netapp.com/advisory/ntap-20181126-0001/
- https://support.f5.com/csp/article/K49711130?utm_source=f5support&%3Butm_medium=RSS
- https://support.f5.com/csp/article/K49711130?utm_source=f5support&%3Butm_medium=RSS
- USN-3840-1
- USN-3840-1
- DSA-4348
- DSA-4348
- DSA-4355
- DSA-4355
- 45785
- 45785
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.tenable.com/security/tns-2018-16
- https://www.tenable.com/security/tns-2018-16
- https://www.tenable.com/security/tns-2018-17
- https://www.tenable.com/security/tns-2018-17