Ransomfeed

Alerts & Advisory dai CERTs

Gli ultimi avvisi di sicurezza dai Computer Emergency Response Teams governativi e non-governativi rilevanti del mondo cybersec

Mostrando 2501-2525 di 4099 risultati

Pagina 101 di 164

Avvisi di Sicurezza

CERT	Alert	Data	#
MSRC Security Update	CVE-2018-20505 SQLite 3.25.2 when queries are run on a table with a malformed PRIMARY KEY allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).	18-02-2026	2501
MSRC Security Update	CVE-2022-28506 There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45.	18-02-2026	2502
MSRC Security Update	CVE-2019-14193 An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the "if" block after calculating the new path length.	18-02-2026	2503
MSRC Security Update	CVE-2022-24999 qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has "deps: qs@6.9.7" in its release description, is not vulnerable).	18-02-2026	2504
MSRC Security Update	CVE-2024-50083 tcp: fix mptcp DSS corruption due to large pmtu xmit	18-02-2026	2505
MSRC Security Update	CVE-2025-38348 wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback()	18-02-2026	2506
MSRC Security Update	CVE-2023-24539 Improper sanitization of CSS values in html/template	18-02-2026	2507
MSRC Security Update	CVE-2020-10941 Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.	18-02-2026	2508
MSRC Security Update	CVE-2024-56635 net: avoid potential UAF in default_operstate()	18-02-2026	2509
MSRC Security Update	CVE-2025-38333 f2fs: fix to bail out in get_new_segment()	18-02-2026	2510
MSRC Security Update	CVE-2023-45237 Use of a Weak PseudoRandom Number Generator in EDK II Network Package	18-02-2026	2511
MSRC Security Update	CVE-2019-18222 The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.	18-02-2026	2512
MSRC Security Update	CVE-2025-38307 ASoC: Intel: avs: Verify content returned by parse_int_array()	18-02-2026	2513
MSRC Security Update	CVE-2023-42365 A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.	18-02-2026	2514
MSRC Security Update	CVE-2022-4968 netplan leaks the private key of wireguard to local users.	18-02-2026	2515
MSRC Security Update	CVE-2012-6708 jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions jQuery only deems the input to be HTML if it explicitly starts with the '<' character limiting exploitability only to attackers who can control the beginning of a string which is far less common.	18-02-2026	2516
MSRC Security Update	CVE-2025-38274 fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt()	18-02-2026	2517
MSRC Security Update	CVE-2022-33967 squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a specially crafted squashfs image may lead to a denial-of-service (DoS) condition or arbitrary code execution.	18-02-2026	2518
MSRC Security Update	CVE-2023-42364 A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.	18-02-2026	2519
MSRC Security Update	CVE-2025-38300 crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare()	18-02-2026	2520
MSRC Security Update	CVE-2022-45410 When a ServiceWorker intercepted a request with `FetchEvent`, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec and then in browsers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.	18-02-2026	2521
MSRC Security Update	CVE-2025-27810 Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays.	18-02-2026	2522
MSRC Security Update	CVE-2025-21672 afs: Fix merge preference rule failure condition	18-02-2026	2523
MSRC Security Update	CVE-2025-60753 An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).	18-02-2026	2524
MSRC Security Update	CVE-2022-27536 Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic.	18-02-2026	2525