arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +49 more potentially affected by CVE-2020-15205 via tensorflow-gpu (>=1.10.1 <=1.15.3)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.1.0, =0.1.0, =1.0.0, =0.2.3, =0.0.1, =0.0.7, =0.2.0 - keras-textclassification =0.1.6 and more Source cves: CVE-2020-15205 Source advisory: OSV:GHSA-G7P5-5759-QV46...

CVE-2020-0955

An information disclosure vulnerability exists when certain central processing units CPU speculatively access memory, aka 'Windows Kernel Information Disclosure in CPU Memory Access'...

CVE-2020-11450

Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerability to learn more about the environment the application is running in. This issue has been...

HTTP/2: flood using empty frames results in excessive resource consumption

A flaw was found in HTTP/2. Using frames with an empty payload, a flood could occur that results in excessive CPU usage and starvation of other clients. The highest threat from this vulnerability is to system availability...

hw: Intel SGX information leak

A flaw was found in the implementation of SGX around the access control of protected memory. This flaw allows a local attacker of a system with SGX enabled and an affected intel GPU with the ability to execute code to interpret the contents of the SGX protected memory...

jailbreakme-unified

This is a web-based jailbreak solution that unifies existing jailbreak solutions and new ones. It is created by Sem Voigtländer and supports various iOS versions, including 8.4.1, 9.3 up to 9.3.3, 11.3.1, and 12.0 up to 12.0.1 64-bit, as well as 3.1.2 up to 4.0.1 and 8.4.1 and 9.1 up to 9.3.4...

HTTP/2: flood using PRIORITY frames results in excessive resource consumption

A flaw was found in HTTP/2. An attacker, using PRIORITY frames to flood the system, could cause excessive CPU usage and starvation of other clients. The largest threat from this vulnerability is to system availability...

hw: Intel SGX information leak

A flaw was found in the implementation of SGX around the access control of protected memory. This flaw allows a local attacker of a system with SGX enabled and an affected intel GPU with the ability to execute code to interpret the contents of the SGX protected memory...

hw: Intel SGX information leak

A flaw was found in the implementation of SGX around the access control of protected memory. This flaw allows a local attacker of a system with SGX enabled and an affected intel GPU with the ability to execute code to interpret the contents of the SGX protected memory...

hw: Intel GPU Denial Of Service while accessing MMIO in lower power state

A flaw was found in Intel graphics hardware GPU where a local attacker with the ability to issue an ioctl could trigger a hardware level crash if MMIO registers were read while the graphics card was in a low-power state. This creates a denial of service situation and the GPU and connected display...

NVIDIA Windows GPU Display Driver Null Pointer Dereference Vulnerability

NVIDIA Windows GPU Display Driver is a graphics processor GPU graphics card driver from NVIDIA dedicated to the Windows platform. A null pointer dereference vulnerability exists in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape in the NVIDIA Windows GPU Display Driver. An attacker...

NVIDIA Windows GPU Display Driver Denial of Service Vulnerability (CNVD-2019-40475)

NVIDIA Windows GPU Display Driver is a graphics processor GPU graphics card driver from NVIDIA dedicated to the Windows platform. A denial of service vulnerability exists in the kernel mode layer nvlddmkm.sys of the NVIDIA Windows GPU Display Driver. The vulnerability stems from a program that...

HTTP/2: request for large response leads to denial of service

A vulnerability was found in HTTP/2. An attacker can open a HTTP/2 window so the peer can send without constraint. The TCP window remains closed so the peer cannot write the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the server's...

CVE-2019-4183

IBM Cognos Analytics 11.0, and 11.1 is vulnerable to a denial of service attack that could allow a remote user to send specially crafted requests that would consume all available CPU and memory resources. IBM X-Force ID: 158973...

Cisco Extends Patch for IPv6 DoS Vulnerability

Cisco has extended its patch for a high-severity IPv6 denial-of-service DoS vulnerability that was first addressed in 2016. The bug CVE-2016-1409 is a vulnerability in the IPv6 packet processing functions of multiple Cisco products, which could allow an unauthenticated, remote attacker to cause a...

qt5-qtimageformats: QTgaFile CPU exhaustion

An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption...

CVE-2018-17479

Incorrect object lifetime calculations in GPU code in Google Chrome prior to 70.0.3538.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS)

A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer...

USN-3904-1 nvidia-graphics-drivers-390 vulnerability

It was discovered that the NVIDIA graphics drivers incorrectly handled the GPU performance counters. A local attacker could possibly use this issue to access the application data processed on the GPU...

BSA-2018-740

Security Advisory ID : BSA-2018-740 Component : CPU featuring SMT Revision : 1.0: Initial A group a researchers has discover a new vulnerability being called PortSmash, impacting all CPUs that use a Simultaneous Multithreading SMT architecture. SMT is a technology that allows multiple computing...