Ransomfeed ransomfeed

Alerts & Advisory dai CERTs

Gli ultimi avvisi di sicurezza dai Computer Emergency Response Teams governativi e non-governativi rilevanti del mondo cybersec

Mostrando 1551-1575 di 4596 risultati
Pagina 63 di 184

Avvisi di Sicurezza

CERT Alert Data #
MSRC Security UpdateCVE-2026-7246 Pallets Click contains a command injection via Unsanitized Filename "click.edit()"19-05-20261551
MSRC Security UpdateCVE-2026-43443 ASoC: amd: acp-mach-common: Add missing error check for clock acquisition19-05-20261552
MSRC Security UpdateCVE-2026-44662 rust-openssl: Heap buffer overflow when encrypting with AES key-wrap-with-padding19-05-20261553
MSRC Security UpdateCVE-2026-43352 i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue19-05-20261554
MSRC Security UpdateCVE-2026-31717 ksmbd: validate owner of durable handle on reconnect19-05-20261555
MSRC Security UpdateCVE-2026-41673 xmldom: Denial of service via uncontrolled recursion in XML serialization19-05-20261556
MSRC Security UpdateCVE-2026-41675 xmldom: XML node injection through unvalidated processing instruction serialization19-05-20261557
MSRC Security UpdateCVE-2026-41674 xmldom: XML injection through unvalidated DocumentType serialization19-05-20261558
MSRC Security UpdateCVE-2026-41672 xmldom: XML node injection through unvalidated comment serialization19-05-20261559
MSRC Security UpdateCVE-2026-43869 Apache Thrift: TSSLTransportFactory.java hostname verification19-05-20261560
MSRC Security UpdateCVE-2026-43870 Apache Thrift: Node.js web_server.js multi-vulnerability19-05-20261561
MSRC Security UpdateCVE-2026-43868 Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern19-05-20261562
MSRC Security UpdateCVE-2026-41082 In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory.19-05-20261563
MSRC Security UpdateCVE-2026-25833 Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function19-05-20261564
MSRC Security UpdateCVE-2026-25834 Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.19-05-20261565
MSRC Security UpdateCVE-2026-34872 An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values (lack of contributory behavior). This is a problem for protocols that depend on contributory behavior (which is not the case for TLS). The attack can be carried by the peer, or depending on the protocol by an active network attacker (person in the middle).19-05-20261566
MSRC Security UpdateCVE-2026-34871 An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).19-05-20261567
MSRC Security UpdateCVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection19-05-20261568
MSRC Security UpdateCVE-2026-34873 An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.19-05-20261569
MSRC Security UpdateCVE-2026-42011 Gnutls: gnutls: security bypass due to incorrect name constraint handling19-05-20261570
MSRC Security UpdateCVE-2025-66442 In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected.19-05-20261571
MSRC Security UpdateCVE-2026-25835 Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).19-05-20261572
MSRC Security UpdateCVE-2026-4892 CVE-2026-489219-05-20261573
MSRC Security UpdateCVE-2026-34876 An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by missing validation of the tag_len parameter against the size of the internal 16-byte authentication buffer. The issue affects the public multipart CCM API in Mbed TLS 3.x, where mbedtls_ccm_finish() can be invoked directly by applications. In Mbed TLS 4.x versions prior to the fix, the same missing validation exists in the internal implementation; however, the function is not exposed as part of the public API. Exploitation requires application-level invocation of the multipart CCM API.19-05-20261574
MSRC Security UpdateCVE-2026-34874 An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.19-05-20261575
Nessun risultato trovato

Prova a modificare i termini di ricerca

Le Fonti

Questa selezione di advisories è una lista ordinata per data di tutte le pubblicazioni dalle seguenti fonti:

US-CERT CISA
Twitter
NCSC
Twitter
Center of Internet Security
Twitter
FR-CERT Alertes
Twitter
FR-CERT Avis
Twitter
EU-ENISA Publications
Twitter
Google TAG
Microsoft Security
SANS
Twitter
Unit42
Twitter
MSRC Security Update
Twitter
CERT-Bund DE
Twitter
CSIRT IT
Twitter
Consiglio Federale CH
Twitter