Sicherheitswarnungen

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

<vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner

<vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner

<vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner

<vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner

<vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner

<vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner

<vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner

<vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner

A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.

A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.

A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.

An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in core/iwasm/interpreter/wasm_loader.c.

An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.

An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed because the presence of EOR does not lead to a treat-as-withdraw outcome.

An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).

ASP.NET Core Denial of Service Vulnerability

ASP.NET Core Security Feature Bypass Vulnerability

ASP.NET Security Feature Bypass Vulnerability

Azure CLI REST Command Information Disclosure Vulnerability

Azure DevOps Server Remote Code Execution Vulnerability

Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c

cryptography vulnerable to NULL-dereference when loading PKCS7 certificates

DHCP Server Service Denial of Service Vulnerability

DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics

Excessive time spent in DH check / generation with large Q parameter value

Floating point Exception in adjust_plines_for_skipcol() in vim

Gnutls: timing side-channel in the rsa-psk authentication

HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.

Heap-buffer-overflow in extractimagesection()

HTTP request body disclosure in github.com/go-resty/resty/v2

Incorrect detection of reserved device names on Windows in path/filepath

Insecure parsing of Windows paths with a \??\ prefix in path/filepath

Kernel: kvm: svm: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs

Kernel: nvme: info leak due to out-of-bounds read in nvmet_ctrl_find_get

Kernel: qxl: race condition leading to use-after-free in qxl_mode_dumb_create()

Kernel: the nfta_inner_num and nfta_expr_name netlink attributes accessed without checking its presence in nft_inner.c

Kernel: use after free in nvmet_tcp_free_crypto in nvme

Kubernetes - Windows nodes - Insufficient input sanitization in in-tree storage plugin leads to privilege escalation

Libtiff: out-of-memory in tiffopen via a craft file

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

Microsoft Dynamics 365 Sales Spoofing Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability