Alerts & Advisory dai CERTs

Gli ultimi avvisi di sicurezza dai Computer Emergency Response Teams governativi e non-governativi rilevanti del mondo cybersec

Mostrando 2101-2125 di 5359 risultati
Pagina 85 di 215

Avvisi di Sicurezza

CERT Alert Data #
MSRC Security UpdateCVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL02-06-20262101
MSRC Security UpdateCVE-2026-34873 An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.02-06-20262102
MSRC Security UpdateCVE-2026-34874 An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.02-06-20262103
MSRC Security UpdateCVE-2025-15504 lief-project LIEF ELF Binary Parser.tcc parse_binary null pointer dereference02-06-20262104
MSRC Security UpdateCVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group02-06-20262105
MSRC Security UpdateCVE-2026-34875 An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys.02-06-20262106
MSRC Security UpdateCVE-2026-34871 An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG).02-06-20262107
MSRC Security UpdateCVE-2026-21711 A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce them. As a result, code running under `--permission` without `--allow-net` can create and expose local IPC endpoints, allowing communication with other processes on the same host outside of the intended network restriction boundary. This vulnerability affects Node.js **25.x** processes using the Permission Model where `--allow-net` is intentionally omitted to restrict network access. Note that `--allow-net` is currently an experimental feature.02-06-20262108
MSRC Security UpdateCVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo02-06-20262109
MSRC Security UpdateCVE-2026-33671 Picomatch has a ReDoS vulnerability via extglob quantifiers02-06-20262110
MSRC Security UpdateCVE-2026-25835 Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).02-06-20262111
MSRC Security UpdateCVE-2026-33672 Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching02-06-20262112
MSRC Security UpdateCVE-2026-34872 An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values (lack of contributory behavior). This is a problem for protocols that depend on contributory behavior (which is not the case for TLS). The attack can be carried by the peer, or depending on the protocol by an active network attacker (person in the middle).02-06-20262113
MSRC Security UpdateCVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion02-06-20262114
MSRC Security UpdateCVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo02-06-20262115
MSRC Security UpdateCVE-2017-3736 There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.02-06-20262116
MSRC Security UpdateCVE-2025-66442 In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected.02-06-20262117
MSRC Security UpdateCVE-2026-34876 An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by missing validation of the tag_len parameter against the size of the internal 16-byte authentication buffer. The issue affects the public multipart CCM API in Mbed TLS 3.x, where mbedtls_ccm_finish() can be invoked directly by applications. In Mbed TLS 4.x versions prior to the fix, the same missing validation exists in the internal implementation; however, the function is not exposed as part of the public API. Exploitation requires application-level invocation of the multipart CCM API.02-06-20262118
MSRC Security UpdateCVE-2026-42015 Gnutls: gnutls: memory corruption due to off-by-one error in pkcs#12 bag handling02-06-20262119
MSRC Security UpdateCVE-2026-42250 Off-by-One Leading to Out-of-Bounds Write in bzip202-06-20262120
MSRC Security UpdateCVE-2026-41184 ServiceAccount token disclosure via install-cni container logs02-06-20262121
MSRC Security UpdateCVE-2026-9538 Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header02-06-20262122
MSRC Security UpdateCVE-2026-46157 ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger02-06-20262123
MSRC Security UpdateCVE-2026-46235 media: saa7164: add ioremap return checks and cleanups02-06-20262124
MSRC Security UpdateCVE-2026-46179 ASoC: SOF: Don't allow pointer operations on unconfigured streams02-06-20262125
Nessun risultato trovato

Prova a modificare i termini di ricerca

Le Fonti

Questa selezione di advisories è una lista ordinata per data di tutte le pubblicazioni dalle seguenti fonti:

US-CERT CISA
Twitter
Center of Internet Security
Twitter
FR-CERT Alertes
Twitter
FR-CERT Avis
Twitter
EU-ENISA Publications
Twitter
Google TAG
Microsoft Security
Unit42
Twitter
MSRC Security Update
Twitter
CERT-Bund DE
Twitter
CSIRT IT
Twitter
Consiglio Federale CH
Twitter