[osy]

They are all denial of service bugs. I.e. crashes/hangs. No remote code execution or disclosure of sensitive data.

Glad they were able to figure out the branding though.

[jdiff]

> Glad they were able to figure out the branding though.

That's pretty obviously something someone threw together in a few minutes after grabbing a few [0] random images from the internet. This isn't one of those exploit sites with more effort poured into marketing than the exploits themselves.

[0] https://www.flaticon.com/free-icon/ghost_1227567

[coldpie]

The vulnerability branding trend is stupid, but I'm not sure it's worse for communicating what you're talking about than "CVE-2023-129038, 109239, and 120993" or "Those 5G vulnerabilities from uh I think 2022 or 2023? No not those, the other ones." Is there a better method?

[fragmede]

I don't think it's stupid because I can't, off the top of my head, tell you the CVE number for Heartbleed, despite being very involved with it for a couple of weeks.

Heartbleed I remember, along with Spectre/Meltdown, but I couldn't name the weak exploits that turn out to be nothing burgers. Log4j could have used a brand though, imo.

[andrewxdiamond]

How often do you need CVE numbers while simultaneously being unable to google for the CVE number?

[genmud]

Because everyone called it heartbleed.

I still remember some of the big ones like MS03-026/031, MS08-067, CVE-2005-1042.

[bryancoxwell]

> No [...] disclosure of sensitive data.

Not directly, but downgrading to LTE would almost certainly force a UE to expose its IMSI at least.

[gafage]

You don't need a baseband exploit for that, just a jammer.

[zapcto]

> At least two other vulnerabilities are not disclosed yet due to confidentiality.

[fulafel]

They observed just crashes and they didn't try to research exploitability. Absent more details, and knowing the usual exploitability distribution of C crash bugs, this would seem in doubt still.