Sicherheitswarnungen

.NET and Visual Studio Denial of Service Vulnerability

.NET Framework Information Disclosure Vulnerability

An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1.

arm64: dts: qcom: sdm845-db845c: Mark cont splash memory region as reserved

Azure C SDK Integer Wraparound Vulnerability

Azure Data Studio Elevation of Privilege Vulnerability

Azure SDK Spoofing Vulnerability

bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers

btrfs: remove BUG() after failure to insert delayed dir index item

cifs: Fix UAF in cifs_demultiplex_thread()

Comments in display names are incorrectly handled in net/mail

drm/amd/display: Fix variable deferencing before NULL check in edp_setup_replay()

drm/amd/display: Refactor DMCUB enter/exit idle interface

drm/amd/display: Wake DMCUB before executing GPINT commands

drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()

drm/msm/dpu: Add mutex lock in control vblank irq

Errors returned from JSON marshaling may break template escaping in html/template

Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability

If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

If kernel headers need to be extracted bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.

If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.

In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.

In Fluent Bit 2.1.8 through 2.2.1 a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. It crashes and does not restart. This could result in logs not being delivered properly.

In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). (Earlier and later versions are unaffected.)

Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http

jfs: fix array-index-out-of-bounds in dbAdjTree

Libdwarf: crashes randomly on fuzzed object

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

Libvirt: null pointer dereference in udevconnectlistallinterfaces()

media: rkisp1: Fix IRQ disable race issue

Memory exhaustion in multipart form parsing in net/textproto and net/http

Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

Microsoft AllJoyn API Denial of Service Vulnerability

Microsoft Authenticator Elevation of Privilege Vulnerability

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

Microsoft Defender Security Feature Bypass Vulnerability

Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Microsoft Edge for Android Spoofing Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Intune Linux Agent Elevation of Privilege Vulnerability

Microsoft ODBC Driver Remote Code Execution Vulnerability

Microsoft ODBC Driver Remote Code Execution Vulnerability

Microsoft ODBC Driver Remote Code Execution Vulnerability

Microsoft ODBC Driver Remote Code Execution Vulnerability