Ransomfeed ransomfeed

Alerts & Advisory dai CERTs

Gli ultimi avvisi di sicurezza dai Computer Emergency Response Teams governativi e non-governativi rilevanti del mondo cybersec

Mostrando 3026-3050 di 3852 risultati
Pagina 122 di 155

Avvisi di Sicurezza

CERT Alert Data #
MSRC Security UpdateCVE-2025-50099 Vulnerability in the MySQL Server product of Oracle MySQL18-02-20263026
MSRC Security UpdateCVE-2025-21735 NFC: nci: Add bounds checking in nci_hci_create_pipe()18-02-20263027
MSRC Security UpdateCVE-2024-36910 uio_hv_generic: Don't free decrypted memory18-02-20263028
MSRC Security UpdateCVE-2024-44974 mptcp: pm: avoid possible UaF when selecting endp18-02-20263029
MSRC Security UpdateCVE-2025-39745 rcutorture: Fix rcutorture_one_extend_check() splat in RT kernels18-02-20263030
MSRC Security UpdateCVE-2025-32463 Sudo before 1.9.17p1 allows local users to obtain root access18-02-20263031
MSRC Security UpdateCVE-2022-47085 An issue was discovered in ostree before 2022.7 allows attackers to cause a denial of service or other unspecified impacts via the print_panic function in repo_checkout_filter.rs.18-02-20263032
MSRC Security UpdateCVE-2023-52696 powerpc/powernv: Add a null pointer check in opal_powercap_init()18-02-20263033
MSRC Security UpdateCVE-2025-21613 go-git has an Argument Injection via the URL field18-02-20263034
MSRC Security UpdateCVE-2025-50077 Vulnerability in the MySQL Server product of Oracle MySQL18-02-20263035
MSRC Security UpdateCVE-2024-47718 wifi: rtw88: always wait for both firmware loading attempts18-02-20263036
MSRC Security UpdateCVE-2023-35945 Envoy vulnerable to HTTP/2 memory leak in nghttp2 codec18-02-20263037
MSRC Security UpdateCVE-2024-28757 libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).18-02-20263038
MSRC Security UpdateCVE-2025-21779 KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel18-02-20263039
MSRC Security UpdateCVE-2024-44971 net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()18-02-20263040
MSRC Security UpdateCVE-2025-32462 Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL18-02-20263041
MSRC Security UpdateCVE-2022-48716 ASoC: codecs: wcd938x: fix incorrect used of portid18-02-20263042
MSRC Security UpdateCVE-2024-56769 media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg18-02-20263043
MSRC Security UpdateCVE-2025-49809 mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTR_PACKET environment variable. NOTE: mtr on macOS may often have Sudo rules, as an indirect consequence of Homebrew not installing setuid binaries.18-02-20263044
MSRC Security UpdateCVE-2024-43849 soc: qcom: pdr: protect locator_addr with the main mutex18-02-20263045
MSRC Security UpdateCVE-2023-51385 In ssh in OpenSSH before 9.6 OS command injection might occur if a user name or host name has shell metacharacters and this name is referenced by an expansion token in certain situations. For example an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.18-02-20263046
MSRC Security UpdateCVE-2025-21776 USB: hub: Ignore non-compliant devices with too many configs or interfaces18-02-20263047
MSRC Security UpdateCVE-2024-20505 ClamAV Memory Handling DoS18-02-20263048
MSRC Security UpdateCVE-2021-20197 There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar objcopy strip ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users) an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.18-02-20263049
MSRC Security UpdateCVE-2022-43551 A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded.18-02-20263050
Nessun risultato trovato

Prova a modificare i termini di ricerca

Le Fonti

Questa selezione di advisories è una lista ordinata per data di tutte le pubblicazioni dalle seguenti fonti:

US-CERT CISA
Twitter
NCSC
Twitter
Center of Internet Security
Twitter
FR-CERT Alertes
Twitter
FR-CERT Avis
Twitter
EU-ENISA Publications
Twitter
Google TAG
Microsoft Security
SANS
Twitter
Unit42
Twitter
MSRC Security Update
Twitter
CERT-Bund DE
Twitter
CSIRT IT
Twitter
Consiglio Federale CH
Twitter