Ransomfeed

Alerts & Advisory dai CERTs

Gli ultimi avvisi di sicurezza dai Computer Emergency Response Teams governativi e non-governativi rilevanti del mondo cybersec

Mostrando 751-775 di 4595 risultati

Pagina 31 di 184

Avvisi di Sicurezza

CERT	Alert	Data	#
MSRC Security Update	CVE-2026-33672 Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching	31-05-2026	751
MSRC Security Update	CVE-2026-34872 An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values (lack of contributory behavior). This is a problem for protocols that depend on contributory behavior (which is not the case for TLS). The attack can be carried by the peer, or depending on the protocol by an active network attacker (person in the middle).	31-05-2026	752
MSRC Security Update	CVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion	31-05-2026	753
MSRC Security Update	CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo	31-05-2026	754
MSRC Security Update	CVE-2017-3736 There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.	31-05-2026	755
MSRC Security Update	CVE-2025-66442 In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected.	31-05-2026	756
MSRC Security Update	CVE-2026-34876 An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by missing validation of the tag_len parameter against the size of the internal 16-byte authentication buffer. The issue affects the public multipart CCM API in Mbed TLS 3.x, where mbedtls_ccm_finish() can be invoked directly by applications. In Mbed TLS 4.x versions prior to the fix, the same missing validation exists in the internal implementation; however, the function is not exposed as part of the public API. Exploitation requires application-level invocation of the multipart CCM API.	31-05-2026	757
MSRC Security Update	CVE-2026-48864 Libsolv: heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data	31-05-2026	758
MSRC Security Update	CVE-2026-9804 Kubevirt: kubevirt: vmexport directory symlink escape enables exporter pod file read	31-05-2026	759
MSRC Security Update	CVE-2026-7374 Kubevirt: kubevirt virt-handler: privilege escalation and node compromise via symlink following vulnerability	31-05-2026	760
MSRC Security Update	CVE-2026-42012 Gnutls: gnutls: certificate validation bypass due to improper handling of uri and srv sans	31-05-2026	761
MSRC Security Update	CVE-2026-5260 Gnutls: gnutls: information disclosure via heap overread in rsa key exchange	31-05-2026	762
MSRC Security Update	CVE-2026-42015 Gnutls: gnutls: memory corruption due to off-by-one error in pkcs#12 bag handling	31-05-2026	763
MSRC Security Update	CVE-2026-42013 Gnutls: gnutls: certificate validation bypass due to oversized subject alternative name	31-05-2026	764
MSRC Security Update	CVE-2026-42790 nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification	31-05-2026	765
MSRC Security Update	CVE-2026-42789 Non-CA certificate accepted as intermediate issuer in public_key path validation	31-05-2026	766
MSRC Security Update	CVE-2026-42250 Off-by-One Leading to Out-of-Bounds Write in bzip2	31-05-2026	767
MSRC Security Update	CVE-2026-46242 eventpoll: fix ep_remove struct eventpoll / struct file UAF	31-05-2026	768
MSRC Security Update	CVE-2026-40510 OpenSC < 0.27.0-rc1 Stack Buffer Overflow via piv_process_history() in card-piv.c	31-05-2026	769
MSRC Security Update	CVE-2026-40528 OpenSC < 0.27.0 Buffer Overrun in do_key_value() via profile.c	31-05-2026	770
MSRC Security Update	CVE-2026-21711 A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce them. As a result, code running under `--permission` without `--allow-net` can create and expose local IPC endpoints, allowing communication with other processes on the same host outside of the intended network restriction boundary. This vulnerability affects Node.js 25.x processes using the Permission Model where `--allow-net` is intentionally omitted to restrict network access. Note that `--allow-net` is currently an experimental feature.	31-05-2026	771
MSRC Security Update	CVE-2026-46138 Bluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evt	30-05-2026	772
MSRC Security Update	CVE-2026-46150 fanotify: fix false positive on permission events	30-05-2026	773
MSRC Security Update	CVE-2026-46241 spi: mpc52xx: fix use-after-free on registration failure	30-05-2026	774
MSRC Security Update	CVE-2026-46156 LoongArch: Fix potential ADE in loongson_gpu_fixup_dma_hang()	30-05-2026	775