Ransomfeed ransomfeed

Alerts & Advisory dai CERTs

Gli ultimi avvisi di sicurezza dai Computer Emergency Response Teams governativi e non-governativi rilevanti del mondo cybersec

Mostrando 726-750 di 4595 risultati
Pagina 30 di 184

Avvisi di Sicurezza

CERT Alert Data #
EU-ENISA PublicationsMultiples vulnérabilités dans les produits Mitel (01 juin 2026)01-06-2026726
MSRC Security UpdateCVE-2026-21717 A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process. The most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table. This vulnerability affects **20.x, 22.x, 24.x, and 25.x**.31-05-2026727
MSRC Security UpdateType Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)31-05-2026728
MSRC Security UpdateType Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)31-05-2026729
MSRC Security UpdateType Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)31-05-2026730
MSRC Security UpdateCVE-2025-23167 A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination. Impact: * This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.31-05-2026731
MSRC Security UpdateCVE-2024-36137 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner and permissions of a file.31-05-2026732
MSRC Security UpdateCVE-2024-22018 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.31-05-2026733
MSRC Security UpdateCVE-2026-40034 gitoxide - Command Injection via Partial .gitmodules Override in gix-submodule31-05-2026734
MSRC Security UpdateCVE-2026-44839 RabbitMQ: Unsanitized vhost names allow for XSS in management UI31-05-2026735
MSRC Security UpdateCVE-2025-15649 IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date31-05-2026736
MSRC Security UpdateCVE-2026-48962 IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob31-05-2026737
MSRC Security UpdateCVE-2026-28387 Potential Use-after-free in DANE Client Code31-05-2026738
MSRC Security UpdateCVE-2026-25833 Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function31-05-2026739
MSRC Security UpdateCVE-2026-25834 Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.31-05-2026740
MSRC Security UpdateCVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL31-05-2026741
MSRC Security UpdateCVE-2026-34873 An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.31-05-2026742
MSRC Security UpdateCVE-2026-34874 An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.31-05-2026743
MSRC Security UpdateCVE-2025-15504 lief-project LIEF ELF Binary Parser.tcc parse_binary null pointer dereference31-05-2026744
MSRC Security UpdateCVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group31-05-2026745
MSRC Security UpdateCVE-2026-34875 An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys.31-05-2026746
MSRC Security UpdateCVE-2026-34871 An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).31-05-2026747
MSRC Security UpdateCVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo31-05-2026748
MSRC Security UpdateCVE-2026-33671 Picomatch has a ReDoS vulnerability via extglob quantifiers31-05-2026749
MSRC Security UpdateCVE-2026-25835 Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).31-05-2026750
Nessun risultato trovato

Prova a modificare i termini di ricerca

Le Fonti

Questa selezione di advisories è una lista ordinata per data di tutte le pubblicazioni dalle seguenti fonti:

US-CERT CISA
Twitter
NCSC
Twitter
Center of Internet Security
Twitter
FR-CERT Alertes
Twitter
FR-CERT Avis
Twitter
EU-ENISA Publications
Twitter
Google TAG
Microsoft Security
SANS
Twitter
Unit42
Twitter
MSRC Security Update
Twitter
CERT-Bund DE
Twitter
CSIRT IT
Twitter
Consiglio Federale CH
Twitter