Sicherheitswarnungen

.NET and Visual Studio Remote Code Execution Vulnerability

<vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner

ACPI: CPPC: Use access_width over bit_width for system memory accesses

amd/amdkfd: sync all devices to wait all processes being evicted

An HTTP digest authentication nonce value was generated using `rand()` which could lead to predictable values. This vulnerability affects Firefox &lt; 126.

An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.

An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.

An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.

An iterator stop condition was missing when handling WASM code in the built-in profiler, potentially leading to invalid memory access and undefined behavior. *Note:* This issue only affects the application when the profiler is running. This vulnerability affects Firefox &lt; 126.

Arbitrary code execution during build on Darwin in cmd/go

ax25: Fix netdev refcount issue

ax25: fix use-after-free bugs caused by ax25_ds_del_timer

Azure Migrate Cross-Site Scripting Vulnerability

Azure Monitor Agent Elevation of Privilege Vulnerability

block: fix overflow in blk_ioctl_discard()

block: Fix page refcounts for unaligned buffers in __bio_release_pages()

Bluetooth: L2CAP: Fix not validating setsockopt user input

Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()

Bluetooth: msft: fix slab-use-after-free in msft_do_close()

bpf skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue

bpf: Guard stack limits against 32bit overflow

btrfs: fix deadlock with fiemap and extent locking

btrfs: fix information leak in btrfs_ioctl_logical_to_ino()

btrfs: lock the inode in shared mode before starting fiemap

btrfs: make sure that WRITTEN is set on all metadata blocks

btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations

ceph: blocklist the kclient when receiving corrupted snap trace

cpu/hotplug: Don't offline the last non-isolated CPU

crypto: iaa - Fix nr_cpus &lt; nr_iaa case

crypto: sun8i-ce - Fix use after free in unprepare

Denial of service when trying to parse malformed POST requests in aiohttp

DHCP Server Service Denial of Service Vulnerability

dma-direct: Leak pages on dma_set_decrypted() failure

dma: xilinx_dpdma: Fix locking

dmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup

Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted

Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails

Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl

drm/amd: check num of link levels when update pcie param

drm/amd/display: Add a dc_state NULL check in dc_state_release

drm/amd/display: Atom Integrated System Info v2_2 for DCN35

drm/amd/display: Disable idle reallow as part of command/gpint execution

drm/amd/display: Fix hang/underflow when transitioning to ODM4:1

drm/amd/display: fix NULL checks for adev-&gt;dm.dc in amdgpu_dm_fini()

drm/amd/display: Prevent crash when disable stream

drm/amd/display: Skip on writeback when it's not applicable

drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2

drm/amdgpu: Skip do PCI error slot reset during RAS recovery

drm/amdgpu/pm: Fix NULL pointer dereference when get power limit