Sicherheitswarnungen

.NET and Visual Studio Denial of Service Vulnerability

.NET and Visual Studio Denial of Service Vulnerability

.NET and Visual Studio Denial of Service Vulnerability

<vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner

<vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner

<vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner

<vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner

<vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner

<vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner

<vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22.

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22.

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22.

A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.

A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a denial of service condition or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0.

A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.

A format string vulnerability was found in libinput

A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system.

A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system.

A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.

Active Directory Domain Services Elevation of Privilege Vulnerability

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S) IMAP(S) POP3(S) and LDAP(S) (openldap only).

An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.

An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb-&gt;private.

Buffer Over-read in function find_next_quote in vim/vim

Buffer Over-read in vim/vim

Buffer overflow in TCP syslog server (receiver) components in rsyslog

ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022

ClamAV HTML Scanning Memory Leak Vulnerability Affecting Cisco Products: April 2022

ClamAV TIFF File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022

Classic Buffer Overflow in vim/vim

Heap buffer overflow in vim_strncpy find_word in vim/vim

Heap-based Buffer Overflow in function cmdline_erase_chars in vim/vim

Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in vim/vim

Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.

Incorrect Default Permissions in runc

Key confusion through non-blocklisted public key formats in PyJWT

Linux Kernel could allow a local attacker to execute arbitrary code on the system caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Exchange Server Elevation of Privilege Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft Windows Media Foundation Remote Code Execution Vulnerability

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however it is shipped by some Linux distributions.

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in vim/vim

Out-of-bounds Read in vim/vim