CVE-2017-2682
The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery (CSRF) attack, potentially allowing an attacker to execute administrative operations, provided the targeted user has an active session and is induced to trigger a malicious request.
Source: CVE-2017-2682
CVE-2017-2683
A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting (XSS) attack, potentially resulting in obtaining administrative permissions.
Source: CVE-2017-2683
CVE-2017-5927 (a64, athlon_ii_640_x4, atom_c2750, celeron_n2840, core_i5_m480, core_i7-2620qm, core_i7-3632qm, core_i7-4500u, core_i7-6700k, core_i7_920, e-350, exynos_5800, fx-8120_8-core, fx-8320_8-core, fx-8350_8-core, phenom_9550_4-core, tegra_k1_cd570m-a1, tegra_k1_cd580m-a1, xeon_e3-1240_v5, xeon_e5-2658_v2)
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.
CVE-2017-5926 (a64, athlon_ii_640_x4, atom_c2750, celeron_n2840, core_i5_m480, core_i7-2620qm, core_i7-3632qm, core_i7-4500u, core_i7-6700k, core_i7_920, e-350, exynos_5800, fx-8120_8-core, fx-8320_8-core, fx-8350_8-core, phenom_9550_4-core, tegra_k1_cd570m-a1, tegra_k1_cd580m-a1, xeon_e3-1240_v5, xeon_e5-2658_v2)
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.
CVE-2017-5925 (a64, athlon_ii_640_x4, atom_c2750, celeron_n2840, core_i5_m480, core_i7-2620qm, core_i7-3632qm, core_i7-4500u, core_i7-6700k, core_i7_920, e-350, exynos_5800, fx-8120_8-core, fx-8320_8-core, fx-8350_8-core, phenom_9550_4-core, tegra_k1_cd570m-a1, tegra_k1_cd580m-a1, xeon_e3-1240_v5, xeon_e5-2658_v2)
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.
CVE-2017-6350 (vim)
An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.
Source: CVE-2017-6350 (vim)
CVE-2017-6349 (vim)
An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.
Source: CVE-2017-6349 (vim)
CVE-2017-5925
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.
Source: CVE-2017-5925
CVE-2017-5926
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.
Source: CVE-2017-5926
CVE-2017-5927
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.
Source: CVE-2017-5927