Peter Leibling – Seite 129

[UPDATE] [niedrig] ImageMagick: Mehrere Schwachstellen

Ein lokaler Angreifer kann mehrere Schwachstellen in ImageMagick ausnutzen, um Informationen offenzulegen und einen Heap-Pufferüberlauf auszulösen, wodurch die Integrität oder Verfügbarkeit des Systems beeinträchtigt werden kann.

CVE-2026-21863 Malformed Valkey Cluster bus message can lead to Remote DoS

Information published.

CVE-2025-61144 libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function.

Information published.

CVE-2021-20225 A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Information published.

CVE-2025-62878 Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern

Information published.

CVE-2021-20233 A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Information published.

CVE-2025-61145 libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c.

Information published.

[UPDATE] [hoch] VMware Aria Operations: Mehrere Schwachstellen

Ein Angreifer kann mehrere Schwachstellen in VMware Aria Operations, VMware Cloud Foundation und VMware vSphere ausnutzen, um beliebigen Programmcode auszuführen, um einen Cross-Site Scripting Angriff durchzuführen, und um seine Privilegien zu erhöhen.

CVE-2025-71230 hfs: ensure sb->s_fs_info is always cleaned up

Information published.

CVE-2026-23225 sched/mmcid: Don’t assume CID is CPU owned on mode switch

Information published.

Autor: Peter Leibling

[UPDATE] [niedrig] ImageMagick: Mehrere Schwachstellen

CVE-2026-21863 Malformed Valkey Cluster bus message can lead to Remote DoS

CVE-2025-61144 libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function.

CVE-2025-62878 Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern

CVE-2025-61145 libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c.

[UPDATE] [hoch] VMware Aria Operations: Mehrere Schwachstellen

CVE-2025-71230 hfs: ensure sb->s_fs_info is always cleaned up

CVE-2026-23225 sched/mmcid: Don’t assume CID is CPU owned on mode switch

Suchen