4.7

CVE-2018-5407

Exploit
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version18.10
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
NodejsNode.Js Version < 6.14.4
NodejsNode.Js Version >= 8.0.0 < 8.11.4
NodejsNode.Js Version >= 10.0.0 < 10.9.0
OpenSSLOpenSSL Version >= 1.0.2 < 1.0.2q
OpenSSLOpenSSL Version >= 1.1.0 < 1.1.0i
TenableNessus Version < 8.1.1
OracleApi Gateway Version11.1.2.4.0
OracleApplication Server Version0.9.8
OracleApplication Server Version1.0.0
OracleApplication Server Version1.0.1
OracleMysql Enterprise Backup Version <= 3.12.3
OracleMysql Enterprise Backup Version >= 3.12.4 <= 4.1.2
OracleTuxedo Version12.1.1.0.0
OracleVm Virtualbox Version < 6.0.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.42% 0.873
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.7 1 3.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 1.9 3.4 2.9
AV:L/AC:M/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-203 Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

https://www.oracle.com/security-alerts/cpujan2020.html
Patch
Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Patch
Third Party Advisory
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Patch
Vendor Advisory
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html
Patch
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3932
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3933
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3935
Third Party Advisory
https://www.debian.org/security/2018/dsa-4348
Third Party Advisory
https://www.debian.org/security/2018/dsa-4355
Third Party Advisory
https://www.tenable.com/security/tns-2018-17
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html
Third Party Advisory
Mailing List
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
Third Party Advisory
https://usn.ubuntu.com/3840-1/
Third Party Advisory
https://www.tenable.com/security/tns-2018-16
Third Party Advisory
http://www.securityfocus.com/bid/105897
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2019:0483
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0651
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0652
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2125
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3929
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3931
Third Party Advisory
https://eprint.iacr.org/2018/1060.pdf
Third Party Advisory
Technical Description
https://github.com/bbbrumley/portsmash
Third Party Advisory
Exploit
https://security.gentoo.org/glsa/201903-10
Third Party Advisory
https://security.netapp.com/advisory/ntap-20181126-0001/
Third Party Advisory
https://support.f5.com/csp/article/K49711130?utm_source=f5support&amp%3Butm_medium=RSS
https://www.exploit-db.com/exploits/45785/
Third Party Advisory
Exploit
VDB Entry