Security Warnings

.NET Denial of Service Vulnerability

.NET Framework Denial of Service Vulnerability

`serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access

<vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner

<vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner

A memory leak issue discovered in YASM v.1.3.0 allows a local attacker to cause a denial of service via the new_Token function in the modules/preprocs/nasm/nasm-pp:1512.

A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. This could have resulted in an exploitable crash. This vulnerability affects Firefox &lt; 122.

aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators

An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component.

An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_smacro function in the modules/preprocs/nasm/nasm-pp.c component.

An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_section_bcs_first function in the libyasm/section.c component.

An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which an event code falls outside of a bitmap.

An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an smb_strndup_from_utf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled.

An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox &lt; 122, Firefox ESR &lt; 115.7, and Thunderbird &lt; 115.7.

An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family)

Azure Storage Mover Remote Code Execution Vulnerability

BitLocker Security Feature Bypass Vulnerability

Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expr_delete_term function in the libyasm/expr.c component.

BuildKit possible panic when incorrect parameters sent from frontend

copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes and crash because of a missing param_kernel-&gt;data_size check. This is related to ctl_ioctl.

Cri-o: pods are able to break out of resource confinement on cgroupv2

Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.

Grub2: bypass the grub password protection feature

Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability

Improper Handling of Missing Values in Wireshark

In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1 there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation.

In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1 there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison resulting in out-of-bounds access.

In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox &lt; 122, Firefox ESR &lt; 115.7, and Thunderbird &lt; 115.7.

In the Linux kernel before 6.4.12 amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c has a fence use-after-free.

In the Linux kernel before 6.4.5 drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload.

In the Linux kernel before 6.5.9 there is a NULL pointer dereference in send_acknowledge in net/nfc/nci/spi.c.

In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c.

Integer overflow in raid5_cache_count in Linux kernel

io_uring UAF Unix SCM garbage collection

It was discovered that a nft object or expression could reference a nft set on a different nft table leading to a use-after-free once that table was deleted.

It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.

It was discovered that when exec'ing from a non-leader thread armed POSIX CPU timers would be left on a list but freed leading to a use-after-free.

Jinja vulnerable to Cross-Site Scripting (XSS)

Kernel: aoe: improper reference count leads to use-after-free vulnerability

Kernel: cifs filesystem decryption improper input validation remote code execution vulnerability in function receive_encrypted_standard of client

Kernel: deadlock leading to denial of service in tipc_crypto_key_revoke

Kernel: gc's deletion of an skb races with unix_stream_read_generic() leading to uaf

Kernel: information disclosure in vhost/vhost.c:vhost_new_msg()

Kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination

Kernel: potential deadlock on &amp;net-&gt;sctp.addr_wq_lock leading to dos

Kernel: refcount leak in ctnetlink_create_conntrack()

Kernel: use-after-free after removing device in wb_inode_writeback_end in mm/page-writeback.c

Kernel: use-after-free while changing the mount option in __ext4_remount leading

Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname

Libtiff: segment fault in libtiff in tiffreadrgbatileext() leading to denial of service