Ransomfeed ransomfeed

Alerts & Advisory dai CERTs

Gli ultimi avvisi di sicurezza dai Computer Emergency Response Teams governativi e non-governativi rilevanti del mondo cybersec

Mostrando 626-650 di 4595 risultati
Pagina 26 di 184

Avvisi di Sicurezza

CERT Alert Data #
MSRC Security UpdateCVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html02-06-2026626
MSRC Security UpdateCVE-2026-39834 Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh02-06-2026627
MSRC Security UpdateCVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh02-06-2026628
MSRC Security UpdateCVE-2026-39830 Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh02-06-2026629
MSRC Security UpdateCVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh02-06-2026630
MSRC Security UpdateCVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh02-06-2026631
MSRC Security UpdateCVE-2026-39832 Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent02-06-2026632
MSRC Security UpdateCVE-2026-42508 Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts02-06-2026633
MSRC Security UpdateCVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent02-06-2026634
MSRC Security UpdateCVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html02-06-2026635
MSRC Security UpdateCVE-2026-21717 A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process. The most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table. This vulnerability affects **20.x, 22.x, 24.x, and 25.x**.02-06-2026636
MSRC Security UpdateCVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh02-06-2026637
MSRC Security UpdateCVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna02-06-2026638
MSRC Security UpdateCVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh02-06-2026639
MSRC Security UpdateCVE-2026-46595 Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh02-06-2026640
MSRC Security UpdateCVE-2026-39831 Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh02-06-2026641
MSRC Security UpdateCVE-2026-39824 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows02-06-2026642
MSRC Security UpdateCVE-2025-14575 Uncontrolled Search Path Element in Qt Network OpenSSL TLS backend allows rogue CA certificate loading02-06-2026643
MSRC Security UpdateCVE-2026-8723 qs.stringify crashes on null/undefined entries in comma-format arrays under encodeValuesOnly02-06-2026644
MSRC Security UpdateCVE-2026-42009 Gnutls: gnutls: denial of service via dtls packet reordering vulnerability02-06-2026645
MSRC Security UpdateCVE-2025-23167 A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination. Impact: * This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.02-06-2026646
MSRC Security UpdateCVE-2026-3592 Amplification vulnerabilities via self-pointed glue records02-06-2026647
MSRC Security UpdateCVE-2026-48959 IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward02-06-2026648
MSRC Security UpdateCVE-2026-6324 Libsoup: libsoup: http request smuggling via unsigned to signed conversion error02-06-2026649
MSRC Security UpdateCVE-2026-10028 Glib-networking: infinite loop in glib-networking gnutls backend allows remote denial of service via circular certificate chain02-06-2026650
Nessun risultato trovato

Prova a modificare i termini di ricerca

Le Fonti

Questa selezione di advisories è una lista ordinata per data di tutte le pubblicazioni dalle seguenti fonti:

US-CERT CISA
Twitter
NCSC
Twitter
Center of Internet Security
Twitter
FR-CERT Alertes
Twitter
FR-CERT Avis
Twitter
EU-ENISA Publications
Twitter
Google TAG
Microsoft Security
SANS
Twitter
Unit42
Twitter
MSRC Security Update
Twitter
CERT-Bund DE
Twitter
CSIRT IT
Twitter
Consiglio Federale CH
Twitter