Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
rosalinuxROSA LABROSA-SA-2021-1838
HistoryJul 02, 2021 - 4:44 p.m.

Advisory ROSA-SA-2021-1838

2021-07-0216:44:11
ROSA LAB
abf.rosalinux.ru
4

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

68.9%

JSON

Software: gcc 4.8.5
OS: Cobalt 7.9

CVE-ID: CVE-2018-12886
CVE-Crit: HIGH
CVE-DESC: stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate sequences of instructions when targeting ARM targets that pass the address of the stack protection, allowing an attacker to bypass the -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit stack overflow protection by controlling what the stack canary is compared to.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2019-15847
CVE-Crit: HIGH
CVE-DESC: The POWER9 backend in the GNU Compiler Collection (GCC) prior to version 10 could optimize multiple calls to the __builtin_darn built-in function into a single call, thereby reducing the entropy of the random number generator. This occurred because an unstable operation was not specified. For example, within a single program execution, the result of each __builtin_darn () call could be the same.
CVE-STATUS: default
CVE-REV: default

OSVersionArchitecturePackageVersionFilename
Cobaltanynoarchgcc< 4.8.5UNKNOWN

Related

prion 2
openvas 10
osv 2
cve 2
ubuntucve 2
nessus 13
redhat 5
redhatcve 2
debiancve 2
alpinelinux 1
cbl_mariner 1
veracode 1
suse 3
oraclelinux 1
ibm 1
ics 2
prion
prion
Stack overflow
2019-05-22 19:29:00
Design/Logic Flaw
2019-09-02 23:15:00
openvas
openvas
Huawei EulerOS: Security Advisory for gcc (EulerOS-SA-2019-1825)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for gcc (EulerOS-SA-2019-2308)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for gcc (EulerOS-SA-2019-2073)
2020-01-23 00:00:00
osv
osv
CVE-2018-12886
2019-05-22 19:29:00
CVE-2019-15847
2019-09-02 23:15:10
cve
cve
CVE-2018-12886
2019-05-22 19:29:00
CVE-2019-15847
2019-09-02 23:15:00
ubuntucve
ubuntucve
CVE-2018-12886
2019-05-22 00:00:00
CVE-2019-15847
2019-09-02 00:00:00
nessus
nessus
EulerOS Virtualization for ARM 64 3.0.2.0 : gcc (EulerOS-SA-2019-2308)
2019-12-03 00:00:00
EulerOS 2.0 SP8 : gcc (EulerOS-SA-2019-1825)
2019-08-27 00:00:00
RHEL 7 : devtoolset-9-gcc (RHSA-2020:2274)
2023-01-23 00:00:00
redhat
redhat
(RHSA-2020:2274) Moderate: devtoolset-9-gcc security and bug fix update
2020-05-26 05:05:37
(RHSA-2020:1864) Moderate: gcc security and bug fix update
2020-04-28 09:24:50
(RHSA-2020:0924) Moderate: devtoolset-8-gcc security update
2020-03-23 10:19:37
redhatcve
redhatcve
CVE-2018-12886
2020-03-31 08:06:50
CVE-2019-15847
2020-01-19 09:45:46
debiancve
debiancve
CVE-2018-12886
2019-05-22 19:29:00
CVE-2019-15847
2019-09-02 23:15:00
alpinelinux
alpinelinux
CVE-2019-15847
2019-09-02 23:15:00
cbl_mariner
cbl_mariner
CVE-2019-15847 affecting package gcc 9.1.0-7
2020-10-08 18:09:57
veracode
veracode
Insecure Random Number Generator
2020-03-24 02:05:07
suse
suse
Security update for gcc9 (moderate)
2020-05-26 00:00:00
Security update for gcc7 (moderate)
2019-10-22 00:00:00
Security update for gcc7 (moderate)
2019-10-22 00:00:00
oraclelinux
oraclelinux
gcc security and bug fix update
2020-05-05 00:00:00
ibm
ibm
Security Bulletin: IBM Security QRadar Analyst Workflow add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
2021-01-27 23:48:48
ics
ics
Siemens SCALANCE Third-Party
2023-03-21 12:00:00
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

68.9%

JSON
Related for ROSA-SA-2021-1838
prion2openvas10osv2cve2ubuntucve2nessus13redhat5redhatcve2debiancve2alpinelinux1cbl_mariner1veracode1suse3oraclelinux1ibm1ics2