Ransomfeed ransomfeed

Alerts & Advisory dai CERTs

Gli ultimi avvisi di sicurezza dai Computer Emergency Response Teams governativi e non-governativi rilevanti del mondo cybersec

Mostrando 3576-3600 di 3995 risultati
Pagina 144 di 160

Avvisi di Sicurezza

CERT Alert Data #
MSRC Security UpdateCVE-2025-32462 Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL18-02-20263576
MSRC Security UpdateCVE-2022-48716 ASoC: codecs: wcd938x: fix incorrect used of portid18-02-20263577
MSRC Security UpdateCVE-2024-56769 media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg18-02-20263578
MSRC Security UpdateCVE-2025-49809 mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTR_PACKET environment variable. NOTE: mtr on macOS may often have Sudo rules, as an indirect consequence of Homebrew not installing setuid binaries.18-02-20263579
MSRC Security UpdateCVE-2024-43849 soc: qcom: pdr: protect locator_addr with the main mutex18-02-20263580
MSRC Security UpdateCVE-2023-51385 In ssh in OpenSSH before 9.6 OS command injection might occur if a user name or host name has shell metacharacters and this name is referenced by an expansion token in certain situations. For example an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.18-02-20263581
MSRC Security UpdateCVE-2025-21776 USB: hub: Ignore non-compliant devices with too many configs or interfaces18-02-20263582
MSRC Security UpdateCVE-2024-20505 ClamAV Memory Handling DoS18-02-20263583
MSRC Security UpdateCVE-2021-20197 There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar objcopy strip ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users) an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.18-02-20263584
MSRC Security UpdateCVE-2022-43551 A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded.18-02-20263585
MSRC Security UpdateCVE-2025-24294 18-02-20263586
MSRC Security UpdateCVE-2024-47726 f2fs: fix to wait dio completion18-02-20263587
MSRC Security UpdateCVE-2023-51384 In ssh-agent in OpenSSH before 9.6 certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys these constraints are only applied to the first key even if a PKCS#11 token returns multiple keys.18-02-20263588
MSRC Security UpdateCVE-2025-21785 arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array18-02-20263589
MSRC Security UpdateCVE-2024-44985 ipv6: prevent possible UAF in ip6_xmit()18-02-20263590
MSRC Security UpdateCVE-2007-2768 OpenSSH when using OPIE (One-Time Passwords in Everything) for PAM allows remote attackers to determine the existence of certain user accounts which displays a different response if the user account exists and is configured to use one-time passwords (OTP) a similar issue to CVE-2007-2243.18-02-20263591
MSRC Security UpdateCVE-2024-28180 Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)18-02-20263592
MSRC Security UpdateCVE-2025-52496 Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery.18-02-20263593
MSRC Security UpdateCVE-2024-56767 dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset18-02-20263594
MSRC Security UpdateCVE-2024-47723 jfs: fix out-of-bounds in dbNextAG() and diAlloc()18-02-20263595
MSRC Security UpdateCVE-2024-58071 team: prevent adding a device which is already a team device lower18-02-20263596
MSRC Security UpdateCVE-2024-58017 printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX18-02-20263597
MSRC Security UpdateCVE-2023-4535 Opensc: out-of-bounds read in myeid driver handling encryption using symmetric keys18-02-20263598
MSRC Security UpdateCVE-2024-39936 An issue was discovered in HTTP2 in Qt before 5.15.18 6.x before 6.2.13 6.3.x through 6.5.x before 6.5.7 and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early because the encrypted() signal has not yet been emitted and processed..18-02-20263599
MSRC Security UpdateCVE-2023-23914 A cleartext transmission of sensitive information vulnerability exists in curl 18-02-20263600
Nessun risultato trovato

Prova a modificare i termini di ricerca

Le Fonti

Questa selezione di advisories è una lista ordinata per data di tutte le pubblicazioni dalle seguenti fonti:

US-CERT CISA
Twitter
NCSC
Twitter
Center of Internet Security
Twitter
FR-CERT Alertes
Twitter
FR-CERT Avis
Twitter
EU-ENISA Publications
Twitter
Google TAG
Microsoft Security
SANS
Twitter
Unit42
Twitter
MSRC Security Update
Twitter
CERT-Bund DE
Twitter
CSIRT IT
Twitter
Consiglio Federale CH
Twitter