Sicherheitswarnungen

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

<vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner

<vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner

<vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner

<vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner

<vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner

An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in core/iwasm/interpreter/wasm_loader.c.

An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed because the presence of EOR does not lead to a treat-as-withdraw outcome.

An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).

ASP.NET Core Denial of Service Vulnerability

ASP.NET Security Feature Bypass Vulnerability

Azure CLI REST Command Information Disclosure Vulnerability

Azure DevOps Server Remote Code Execution Vulnerability

Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c

DHCP Server Service Denial of Service Vulnerability

DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics

HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.

Insecure parsing of Windows paths with a \??\ prefix in path/filepath

Kernel: the nfta_inner_num and nfta_expr_name netlink attributes accessed without checking its presence in nft_inner.c

Kernel: use after free in nvmet_tcp_free_crypto in nvme

Kubernetes - Windows nodes - Insufficient input sanitization in in-tree storage plugin leads to privilege escalation

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Security Feature Bypass Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server Spoofing Vulnerability

Microsoft Exchange Server Spoofing Vulnerability

Microsoft Exchange Server Spoofing Vulnerability

Microsoft Host Integration Server 2020 Remote Code Execution Vulnerability

Microsoft Office Graphics Remote Code Execution Vulnerability

Microsoft On-Prem Data Gateway Security Feature Bypass Vulnerability

Microsoft Remote Registry Service Remote Code Execution Vulnerability

Microsoft Remote Registry Service Remote Code Execution Vulnerability

Microsoft Send Customer Voice survey from Dynamics 365 Spoofing Vulnerability

Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Microsoft Windows Defender Elevation of Privilege Vulnerability

Openshift: modification of node role labels

Out-of-bounds write in exiv2

Request smuggling in aiohttp

Squid: denial of service in http digest authentication

Squid: dos against http and https

Use-after-free in Linux kernel's netfilter: nf_tables component

Use-after-free in parse_lease_state()

Visual Studio Code Jupyter Extension Spoofing Vulnerability