Peter Leibling – Seite 6

[UPDATE] [mittel] Arista EOS: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Arista EOS ausnutzen, um Sicherheitsvorkehrungen zu umgehen.

Google Chrome: Update schließt 429 Sicherheitslücken

Das Google-Chrome-Update aus dieser Woche stopft 429 Sicherheitslücken, davon gelten 22 als kritisches Risiko.

CVE-2026-48579 Microsoft Exchange Online Information Disclosure Vulnerability

Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network.

CVE-2026-42824 M365 Copilot Information Disclosure Vulnerability

Improper neutralization of special elements used in a command (‚command injection‘) in M365 Copilot allows an unauthorized attacker to disclose information over a network.

CVE-2026-47644 Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability

Improper neutralization of special elements in output used by a downstream component (‚injection‘) in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.

CVE-2026-48567 Azure HorizonDB Elevation of Privilege Vulnerability

Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network.

CVE-2026-45497 Microsoft M365 Copilot Remote Code Execution Vulnerability

Improper neutralization of special elements used in a command (‚command injection‘) in Microsoft Copilot allows an authorized attacker to execute code over a network.

CVE-2026-47655 Microsoft Graph Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to disclose information over a network.

CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html

Information published.

CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html