CVE-2017-2682

CVE-2017-2682

The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery (CSRF) attack, potentially allowing an attacker to execute administrative operations, provided the targeted user has an active session and is induced to trigger a malicious request.

Source: CVE-2017-2682

CVE-2017-5927 (a64, athlon_ii_640_x4, atom_c2750, celeron_n2840, core_i5_m480, core_i7-2620qm, core_i7-3632qm, core_i7-4500u, core_i7-6700k, core_i7_920, e-350, exynos_5800, fx-8120_8-core, fx-8320_8-core, fx-8350_8-core, phenom_9550_4-core, tegra_k1_cd570m-a1, tegra_k1_cd580m-a1, xeon_e3-1240_v5, xeon_e5-2658_v2)

CVE-2017-5927 (a64, athlon_ii_640_x4, atom_c2750, celeron_n2840, core_i5_m480, core_i7-2620qm, core_i7-3632qm, core_i7-4500u, core_i7-6700k, core_i7_920, e-350, exynos_5800, fx-8120_8-core, fx-8320_8-core, fx-8350_8-core, phenom_9550_4-core, tegra_k1_cd570m-a1, tegra_k1_cd580m-a1, xeon_e3-1240_v5, xeon_e5-2658_v2)

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.

Source: CVE-2017-5927 (a64, athlon_ii_640_x4, atom_c2750, celeron_n2840, core_i5_m480, core_i7-2620qm, core_i7-3632qm, core_i7-4500u, core_i7-6700k, core_i7_920, e-350, exynos_5800, fx-8120_8-core, fx-8320_8-core, fx-8350_8-core, phenom_9550_4-core, tegra_k1_cd570m-a1, tegra_k1_cd580m-a1, xeon_e3-1240_v5, xeon_e5-2658_v2)

CVE-2017-5926 (a64, athlon_ii_640_x4, atom_c2750, celeron_n2840, core_i5_m480, core_i7-2620qm, core_i7-3632qm, core_i7-4500u, core_i7-6700k, core_i7_920, e-350, exynos_5800, fx-8120_8-core, fx-8320_8-core, fx-8350_8-core, phenom_9550_4-core, tegra_k1_cd570m-a1, tegra_k1_cd580m-a1, xeon_e3-1240_v5, xeon_e5-2658_v2)

CVE-2017-5926 (a64, athlon_ii_640_x4, atom_c2750, celeron_n2840, core_i5_m480, core_i7-2620qm, core_i7-3632qm, core_i7-4500u, core_i7-6700k, core_i7_920, e-350, exynos_5800, fx-8120_8-core, fx-8320_8-core, fx-8350_8-core, phenom_9550_4-core, tegra_k1_cd570m-a1, tegra_k1_cd580m-a1, xeon_e3-1240_v5, xeon_e5-2658_v2)

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.

Source: CVE-2017-5926 (a64, athlon_ii_640_x4, atom_c2750, celeron_n2840, core_i5_m480, core_i7-2620qm, core_i7-3632qm, core_i7-4500u, core_i7-6700k, core_i7_920, e-350, exynos_5800, fx-8120_8-core, fx-8320_8-core, fx-8350_8-core, phenom_9550_4-core, tegra_k1_cd570m-a1, tegra_k1_cd580m-a1, xeon_e3-1240_v5, xeon_e5-2658_v2)

CVE-2017-5925 (a64, athlon_ii_640_x4, atom_c2750, celeron_n2840, core_i5_m480, core_i7-2620qm, core_i7-3632qm, core_i7-4500u, core_i7-6700k, core_i7_920, e-350, exynos_5800, fx-8120_8-core, fx-8320_8-core, fx-8350_8-core, phenom_9550_4-core, tegra_k1_cd570m-a1, tegra_k1_cd580m-a1, xeon_e3-1240_v5, xeon_e5-2658_v2)

CVE-2017-5925 (a64, athlon_ii_640_x4, atom_c2750, celeron_n2840, core_i5_m480, core_i7-2620qm, core_i7-3632qm, core_i7-4500u, core_i7-6700k, core_i7_920, e-350, exynos_5800, fx-8120_8-core, fx-8320_8-core, fx-8350_8-core, phenom_9550_4-core, tegra_k1_cd570m-a1, tegra_k1_cd580m-a1, xeon_e3-1240_v5, xeon_e5-2658_v2)

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.

Source: CVE-2017-5925 (a64, athlon_ii_640_x4, atom_c2750, celeron_n2840, core_i5_m480, core_i7-2620qm, core_i7-3632qm, core_i7-4500u, core_i7-6700k, core_i7_920, e-350, exynos_5800, fx-8120_8-core, fx-8320_8-core, fx-8350_8-core, phenom_9550_4-core, tegra_k1_cd570m-a1, tegra_k1_cd580m-a1, xeon_e3-1240_v5, xeon_e5-2658_v2)