Alerts & Advisory dai CERTs

Gli ultimi avvisi di sicurezza dai Computer Emergency Response Teams governativi e non-governativi rilevanti del mondo cybersec

Mostrando 2176-2200 di 5359 risultati
Pagina 88 di 215

Avvisi di Sicurezza

CERT Alert Data #
MSRC Security UpdateCVE-2025-23167 A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination. Impact: * This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.02-06-20262176
MSRC Security UpdateCVE-2026-3592 Amplification vulnerabilities via self-pointed glue records02-06-20262177
MSRC Security UpdateCVE-2026-48959 IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward02-06-20262178
MSRC Security UpdateCVE-2026-6324 Libsoup: libsoup: http request smuggling via unsigned to signed conversion error02-06-20262179
MSRC Security UpdateCVE-2026-10028 Glib-networking: infinite loop in glib-networking gnutls backend allows remote denial of service via circular certificate chain02-06-20262180
MSRC Security UpdateCVE-2026-45495 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability01-06-20262181
MSRC Security UpdateCVE-2026-45494 Microsoft Edge (Chromium-based) Spoofing Vulnerability01-06-20262182
MSRC Security UpdateCVE-2026-42825 Windows Telephony Service Elevation of Privilege Vulnerability01-06-20262183
MSRC Security UpdateCVE-2025-54518 AMD: CVE-2025-54518 CPU OP Cache Corruption01-06-20262184
MSRC Security UpdateCVE-2025-6965 Integer Truncation on SQLite01-06-20262185
MSRC Security UpdateCVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh01-06-20262186
MSRC Security UpdateCVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna01-06-20262187
MSRC Security UpdateCVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh01-06-20262188
MSRC Security UpdateCVE-2026-21717 A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process. The most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table. This vulnerability affects **20.x, 22.x, 24.x, and 25.x**.31-05-20262189
MSRC Security UpdateType Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)31-05-20262190
MSRC Security UpdateType Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)31-05-20262191
MSRC Security UpdateType Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)31-05-20262192
MSRC Security UpdateCVE-2025-23167 A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination. Impact: * This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.31-05-20262193
MSRC Security UpdateCVE-2024-36137 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner and permissions of a file.31-05-20262194
MSRC Security UpdateCVE-2024-22018 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.31-05-20262195
MSRC Security UpdateCVE-2026-40034 gitoxide - Command Injection via Partial .gitmodules Override in gix-submodule31-05-20262196
MSRC Security UpdateCVE-2026-44839 RabbitMQ: Unsanitized vhost names allow for XSS in management UI31-05-20262197
MSRC Security UpdateCVE-2025-15649 IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date31-05-20262198
MSRC Security UpdateCVE-2026-48962 IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob31-05-20262199
MSRC Security UpdateCVE-2026-28387 Potential Use-after-free in DANE Client Code31-05-20262200
Nessun risultato trovato

Prova a modificare i termini di ricerca

Le Fonti

Questa selezione di advisories è una lista ordinata per data di tutte le pubblicazioni dalle seguenti fonti:

US-CERT CISA
Twitter
Center of Internet Security
Twitter
FR-CERT Alertes
Twitter
FR-CERT Avis
Twitter
EU-ENISA Publications
Twitter
Google TAG
Microsoft Security
Unit42
Twitter
MSRC Security Update
Twitter
CERT-Bund DE
Twitter
CSIRT IT
Twitter
Consiglio Federale CH
Twitter