Peter Leibling – Seite 83

[NEU] [mittel] Microsoft Authenticator App: Schwachstelle ermöglicht Offenlegung von Informationen

Ein lokaler Angreifer kann eine Schwachstelle in der Microsoft Authenticator App ausnutzen, um Informationen offenzulegen.

CVE-2026-26018 CoreDNS Loop Detection Denial of Service Vulnerability

Information published.

[NEU] [hoch] Microsoft Azure Komponenten: Mehrere Schwachstellen

Ein Angreifer kann mehrere Schwachstellen in Microsoft Windows Admin Center, Microsoft Azure und Microsoft Azure Linux ausnutzen, um seine Privilegien zu erhöhen, um Informationen offenzulegen, und um falsche Informationen darzustellen.

CVE-2026-27139 FileInfo can escape from a Root in os

Information published.

CVE-2025-69650 GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. As a result, process_got_section_contents() may pass an uninitialized r_symbol pointer to free(), leading to a double free and terminating the program with SIGABRT. No evidence of exploitable memory corruption or code execution was observed; the impact is limited to denial of service.

Information published.

CVE-2026-26017 CoreDNS ACL Bypass

Information published.

CVE-2024-14027 xattr: switch to CLASS(fd)

Information published.

CVE-2025-69646 Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_rnglists data. A logic error in the handling of the debug_rnglists header can cause objdump to repeatedly print the same warning message and fail to terminate, resulting in an unbounded logging loop until the process is interrupted. The issue was observed in binutils 2.44. A local attacker can exploit this vulnerability by supplying a malicious input file, leading to excessive CPU and I/O usage and preventing completion of the objdump analysis.

Information published.

CVE-2026-29786 node-tar: Hardlink Path Traversal via Drive-Relative Linkpath

Information published.

CVE-2026-3731 libssh SFTP Extension Name sftp.c sftp_extensions_get_data out-of-bounds

Information published.

Autor: Peter Leibling

[NEU] [mittel] Microsoft Authenticator App: Schwachstelle ermöglicht Offenlegung von Informationen

CVE-2026-26018 CoreDNS Loop Detection Denial of Service Vulnerability

[NEU] [hoch] Microsoft Azure Komponenten: Mehrere Schwachstellen

CVE-2026-27139 FileInfo can escape from a Root in os

CVE-2026-26017 CoreDNS ACL Bypass

CVE-2024-14027 xattr: switch to CLASS(fd)

CVE-2026-29786 node-tar: Hardlink Path Traversal via Drive-Relative Linkpath

CVE-2026-3731 libssh SFTP Extension Name sftp.c sftp_extensions_get_data out-of-bounds

Suchen