CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2024-26190 – Microsoft QUIC Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-26190
Microsoft QUIC Denial of Service Vulnerability Vulnerabilidad de denegación de servicio de Microsoft QUIC • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26190 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 17EXPL: 2CVE-2023-44216
https://notcve.org/view.php?id=CVE-2023-44216
PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin. PVRIC (PowerVR Image Compression) en Imagination 2018 y dispositivos GPU posteriores ofrece compresión transparente por software que permite ataques de robo de píxeles de origen cruzado contra feTurbulence y feBlend en la especificación del filtro SVG, también conocido como un problema GPU.zip. Por ejemplo, los atacantes a veces pueden determinar con precisión el texto contenido en una página web de un origen si controlan un recurso de un origen diferente. • https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack https://blog.imaginationtech.com/introducing-pvric4-taking-image-compression-to-the-next-level https://blog.imaginationtech.com/reducing-bandwidth-pvric https://github.com/UT-Security/gpu-zip https://news.ycombinator.com/item?id=37663159 https://www.bleepingcomputer.com/news/security/modern-gpus-vulnerable-to-new-gpuzip-side-channel-attack https://www.hertzbleed.com/gpu.zip https://www.her • CWE-203: Observable Discrepancy •
CVSS: 5.6EPSS: 0%CPEs: 301EXPL: 1CVE-2023-20569 – amd: Return Address Predictor vulnerability leading to information disclosure
https://notcve.org/view.php?id=CVE-2023-20569
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure. Una vulnerabilidad de canal lateral en algunas de las CPU de AMD puede permitir que un atacante influya en la predicción de la dirección de retorno. Esto puede dar lugar a una ejecución especulativa en una dirección controlada por el atacante, lo que podría conducir a la divulgación de información. A side channel vulnerability was found in hw amd. • http://www.openwall.com/lists/oss-security/2023/08/08/4 http://xenbits.xen.org/xsa/advisory-434.html https://comsec.ethz.ch/research/microarch/inception https://lists.debian.org/debian-lts-announce/2023/08/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HKKYIK2EASDNUV4I7EFJKNBVO3KCKGRR https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4E4TZNMLYL2KETY23IPA43QXFAVJ46V https://lists.fedoraproject.org/archives/list/pack • CWE-203: Observable Discrepancy •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-34367
https://notcve.org/view.php?id=CVE-2023-34367
Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. The vulnerability exists in Windows 7 (any Windows until Windows 8) and in any implementation of TCP/IP, which is vulnerable to the Idle scan attack (including many IoT devices). NOTE: The vendor considers this a low severity issue. • http://blog.pi3.com.pl/?p=850 https://portswigger.net/daily-swig/blind-tcp-ip-hijacking-is-resurrected-for-windows-7 https://pwnies.com/windows-7-blind-tcp-ip-hijacking • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 27EXPL: 0CVE-2022-35759 – Windows Local Security Authority (LSA) Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2022-35759
Windows Local Security Authority (LSA) Denial of Service Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35759 •