Sicherheitswarnungen

<vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner

An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition.

An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition.

An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-after-free because of a rose_accept race condition.

Azure Connected Machine Agent Elevation of Privilege Vulnerability

Azure DevOps Server Spoofing Vulnerability

Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability

Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel

Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because push_pop_frame_ref_offset is mishandled.

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c.

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c.

Command 'go get' may unexpectedly fallback to insecure git in cmd/go

Command substitution output can trigger shell expansion in fish shell

Denial of service via chunk extensions in net/http

DHCP Server Service Denial of Service Vulnerability

DHCP Server Service Information Disclosure Vulnerability

DHCP Server Service Information Disclosure Vulnerability

Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow

Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c.

Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c.

Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow via the function CountVowelPosition at synthdata.c.

In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.

Internet Connection Sharing (ICS) Denial of Service Vulnerability

Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

Internet Connection Sharing (ICS) Remote Code Execution Vulnerability

Kernel: gsm multiplexing race condition leads to privilege escalation

Kernel: io_uring out of boundary memory access in __io_uaddr_map()

Kernel: null pointer dereference vulnerability in nft_dynset_init()

Libssh: missing checks for return values for digests

Libtiff: heap-based buffer overflow in cpstriptotile() in tools/tiffcp.c

Local Security Authority Subsystem Service Elevation of Privilege Vulnerability

Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR &lt; 115.6, Thunderbird &lt; 115.6, and Firefox &lt; 121.

Microsoft Defender Denial of Service Vulnerability

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Microsoft ODBC Driver Remote Code Execution Vulnerability

Microsoft Outlook for Mac Spoofing Vulnerability

Microsoft Outlook Information Disclosure Vulnerability

Microsoft Power Platform Connector Spoofing Vulnerability

Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Microsoft Word Information Disclosure Vulnerability

Out-of-bounds write in Linux kernel's Performance Events system component

Possible private key restoration in go package github.com/ecies/go

Postgresql: buffer overrun from integer overflow in array modification

Postgresql: memory disclosure in aggregate function calls