Ransomfeed ransomfeed

Alerts & Advisory dai CERTs

Gli ultimi avvisi di sicurezza dai Computer Emergency Response Teams governativi e non-governativi rilevanti del mondo cybersec

Mostrando 3001-3025 di 3852 risultati
Pagina 121 di 155

Avvisi di Sicurezza

CERT Alert Data #
MSRC Security UpdateCVE-2024-47705 block: fix potential invalid pointer dereference in blk_add_partition18-02-20263001
MSRC Security UpdateCVE-2025-53023 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication).18-02-20263002
MSRC Security UpdateCVE-2025-27219 In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.18-02-20263003
MSRC Security UpdateCVE-2024-43897 net: drop bad gso csum_start and offset in virtio_net_hdr18-02-20263004
MSRC Security UpdateCVE-2023-44488 VP9 in libvpx before 1.13.1 mishandles widths leading to a crash related to encoding.18-02-20263005
MSRC Security UpdateCVE-2012-2677 Integer overflow in the ordered_malloc function in boost/pool/pool.hpp in Boost Pool18-02-20263006
MSRC Security UpdateCVE-2016-2781 chroot in GNU coreutils when used with --userspec allows local users to escape to the parent session via a crafted TIOCSTI ioctl call which pushes characters to the terminal's input buffer.18-02-20263007
MSRC Security UpdateCVE-2025-38092 ksmbd: use list_first_entry_or_null for opinfo_get_list()18-02-20263008
MSRC Security UpdateCVE-2024-55553 In FRRouting (FRR) all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size18-02-20263009
MSRC Security UpdateCVE-2024-47707 ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()18-02-20263010
MSRC Security UpdateCVE-2024-22017 setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid(). This vulnerability affects all users using version greater or equal than Node.js 18.18.0 Node.js 20.4.0 and Node.js 21.18-02-20263011
MSRC Security UpdateCVE-2024-45506 HAProxy 2.9.x before 2.9.10 3.0.x before 3.0.4 and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions as exploited in the wild in 2024.18-02-20263012
MSRC Security UpdateCVE-2025-50102 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).18-02-20263013
MSRC Security UpdateCVE-2024-39472 xfs: fix log recovery buffer allocation for the legacy h_size fixup18-02-20263014
MSRC Security UpdateCVE-2023-46218 This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk` even though `co.uk` is listed as a PSL domain. 18-02-20263015
MSRC Security UpdateCVE-2025-21749 net: rose: lock the socket in rose_bind()18-02-20263016
MSRC Security UpdateCVE-2025-38091 drm/amd/display: check stream id dml21 wrapper to get plane_id18-02-20263017
MSRC Security UpdateCVE-2025-39788 scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE18-02-20263018
MSRC Security UpdateCVE-2022-1292 The c_rehash script allows command injection18-02-20263019
MSRC Security UpdateCVE-2024-43892 memcg: protect concurrent access to mem_cgroup_idr18-02-20263020
MSRC Security UpdateCVE-2025-21614 go-git clients vulnerable to DoS via maliciously crafted Git server replies18-02-20263021
MSRC Security UpdateCVE-2024-1441 Libvirt: off-by-one error in udevlistinterfacesbystatus()18-02-20263022
MSRC Security UpdateCVE-2024-49913 drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream18-02-20263023
MSRC Security UpdateCVE-2025-6170 Libxml2: stack buffer overflow in xmllint interactive shell command handling18-02-20263024
MSRC Security UpdateCVE-2024-52560 fs/ntfs3: Mark inode as bad as soon as error detected in mi_enum_attr()18-02-20263025
Nessun risultato trovato

Prova a modificare i termini di ricerca

Le Fonti

Questa selezione di advisories è una lista ordinata per data di tutte le pubblicazioni dalle seguenti fonti:

US-CERT CISA
Twitter
NCSC
Twitter
Center of Internet Security
Twitter
FR-CERT Alertes
Twitter
FR-CERT Avis
Twitter
EU-ENISA Publications
Twitter
Google TAG
Microsoft Security
SANS
Twitter
Unit42
Twitter
MSRC Security Update
Twitter
CERT-Bund DE
Twitter
CSIRT IT
Twitter
Consiglio Federale CH
Twitter