cpe:2.3:o:microsoft:windows_11:-:*:*:*:professional:*:*:*
PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin.
Max CVSS
5.3
EPSS Score
0.13%
Published
2023-09-27
Updated
2023-10-05
A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
Max CVSS
6.7
EPSS Score
0.07%
Published
2022-08-26
Updated
2023-11-14
A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
Max CVSS
6.7
EPSS Score
0.07%
Published
2022-08-26
Updated
2023-11-14
A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
Max CVSS
6.7
EPSS Score
0.07%
Published
2022-08-26
Updated
2023-11-14
Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death (BSOD) crash of the Windows kernel. For most systems, this attack requires authentication, except in the special case of Windows Domain Controllers, where unauthenticated users can always open named pipes as long as they can establish an SMB session. Typically, after the BSOD, the victim SMBv3 server will reboot.
Max CVSS
7.8
EPSS Score
0.25%
Published
2022-06-14
Updated
2022-06-23
Windows Installer Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.04%
Published
2022-06-15
Updated
2023-12-20
Windows File History Remote Code Execution Vulnerability
Max CVSS
7.6
EPSS Score
0.47%
Published
2022-06-15
Updated
2023-12-20
Windows Container Manager Service Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.04%
Published
2022-06-15
Updated
2023-12-20
Win32 File Enumeration Remote Code Execution Vulnerability
Max CVSS
8.8
EPSS Score
1.05%
Published
2022-03-09
Updated
2023-06-29
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.04%
Published
2022-03-09
Updated
2023-06-29
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
Max CVSS
7.5
EPSS Score
0.18%
Published
2022-01-11
Updated
2023-12-21
Storage Spaces Controller Information Disclosure Vulnerability
Max CVSS
5.5
EPSS Score
0.04%
Published
2021-12-15
Updated
2023-12-28
Windows Common Log File System Driver Elevation of Privilege Vulnerability
Max CVSS
7.8
EPSS Score
0.04%
Published
2021-12-15
Updated
2023-12-28
Windows Common Log File System Driver Information Disclosure Vulnerability
Max CVSS
5.5
EPSS Score
0.04%
Published
2021-12-15
Updated
2022-05-23
Windows Encrypting File System (EFS) Remote Code Execution Vulnerability
Max CVSS
9.8
EPSS Score
1.74%
Published
2021-12-15
Updated
2022-07-12
15 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!