Sicherheitswarnungen

acct: perform last write from workqueue

An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package. This issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8.

An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.

Arbitrary Code Execution via Crafted Keras Config for Model Loading

ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers

ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()

ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability

atop through 2.11.0 allows local users to cause a denial of service (e.g., assertion failure and application exit) or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop.

Azure Agent Installer for Backup and Site Recovery Elevation of Privilege Vulnerability

Azure Arc Installer Elevation of Privilege Vulnerability

Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability

Azure Health Bot Elevation of Privilege Vulnerability

Azure Playwright Elevation of Privilege Vulnerability

Azure Promptflow Remote Code Execution Vulnerability

bnxt: Do not read past the end of test names

bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type()

bpf: avoid holding freeze_mutex during mmap operation

bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT

bpf: Fix deadlock when freeing cgroup storage

btrfs: fix double accounting race when btrfs_run_delalloc_range() failed

cifs: fix potential memory leaks in session setup

cifs.upcall makes an upcall to the wrong namespace in containerized environments

containerd has an integer overflow in User ID handling

cpufreq: CPPC: Add u64 casts to avoid overflowing

DirectX Graphics Kernel File Denial of Service Vulnerability

drm/amdkfd: Add sync after creating vram bo

drm/i915: Fix a memory leak with reused mmap_offset

drm/i915: Fix request ref counting during error capture & debugfs dump

drop_monitor: fix incorrect initialization order

efi: Don't map the entire mokvar table to determine its size

encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data).

f2fs: initialize locks earlier in f2fs_fill_super()

geneve: Fix use-after-free in geneve_find_dev().

Gnuplot: gnuplot segmentation fault on plot3d_points

Gnuplot: gnuplot segmentation fault on x11_graphics

Gnuplot: gnuplot segmentation fault on xstrftime

go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment

Grub2: fs/bfs: integer overflow in the bfs parser.

Grub2: fs/bfs: integer overflow leads to heap oob read in the bfs parser

Grub2: fs/hfs: integer overflow may lead to heap based out-of-bounds write

Grub2: fs/hfs: strcpy() using the volume name (fs/hfs.c:382)

Grub2: fs/tar: integer overflow causes heap oob write

Grub2: jfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data

Grub2: reiserfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data

Grub2: romfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading dat

Grub2: squash4: integer overflow may lead to heap based out-of-bounds write when reading data

Grub2: udf: heap based buffer overflow in grub_udf_read_block() may lead to arbitrary code execution

gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().

HDF5 h5 File H5SM.c H5SM_delete heap-based overflow

HDF5 H5Faccum.c H5F__accum_free heap-based overflow