Ransomfeed ransomfeed

Alerts & Advisory dai CERTs

Gli ultimi avvisi di sicurezza dai Computer Emergency Response Teams governativi e non-governativi rilevanti del mondo cybersec

Mostrando 2426-2450 di 3834 risultati
Pagina 98 di 154

Avvisi di Sicurezza

CERT Alert Data #
MSRC Security UpdateCVE-2024-56769 media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg18-02-20262426
MSRC Security UpdateCVE-2025-49809 mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTR_PACKET environment variable. NOTE: mtr on macOS may often have Sudo rules, as an indirect consequence of Homebrew not installing setuid binaries.18-02-20262427
MSRC Security UpdateCVE-2024-43849 soc: qcom: pdr: protect locator_addr with the main mutex18-02-20262428
MSRC Security UpdateCVE-2023-51385 In ssh in OpenSSH before 9.6 OS command injection might occur if a user name or host name has shell metacharacters and this name is referenced by an expansion token in certain situations. For example an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.18-02-20262429
MSRC Security UpdateCVE-2025-21776 USB: hub: Ignore non-compliant devices with too many configs or interfaces18-02-20262430
MSRC Security UpdateCVE-2024-20505 ClamAV Memory Handling DoS18-02-20262431
MSRC Security UpdateCVE-2021-20197 There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar objcopy strip ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users) an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.18-02-20262432
MSRC Security UpdateCVE-2022-43551 A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded.18-02-20262433
MSRC Security UpdateCVE-2025-24294 18-02-20262434
MSRC Security UpdateCVE-2024-47726 f2fs: fix to wait dio completion18-02-20262435
MSRC Security UpdateCVE-2023-51384 In ssh-agent in OpenSSH before 9.6 certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys these constraints are only applied to the first key even if a PKCS#11 token returns multiple keys.18-02-20262436
MSRC Security UpdateCVE-2025-21785 arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array18-02-20262437
MSRC Security UpdateCVE-2024-44985 ipv6: prevent possible UAF in ip6_xmit()18-02-20262438
MSRC Security UpdateCVE-2007-2768 OpenSSH when using OPIE (One-Time Passwords in Everything) for PAM allows remote attackers to determine the existence of certain user accounts which displays a different response if the user account exists and is configured to use one-time passwords (OTP) a similar issue to CVE-2007-2243.18-02-20262439
MSRC Security UpdateCVE-2024-28180 Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)18-02-20262440
MSRC Security UpdateCVE-2025-52496 Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery.18-02-20262441
MSRC Security UpdateCVE-2024-56767 dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset18-02-20262442
MSRC Security UpdateCVE-2024-47723 jfs: fix out-of-bounds in dbNextAG() and diAlloc()18-02-20262443
MSRC Security UpdateCVE-2024-58017 printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX18-02-20262444
MSRC Security UpdateCVE-2024-58071 team: prevent adding a device which is already a team device lower18-02-20262445
MSRC Security UpdateCVE-2023-4535 Opensc: out-of-bounds read in myeid driver handling encryption using symmetric keys18-02-20262446
MSRC Security UpdateCVE-2024-39936 An issue was discovered in HTTP2 in Qt before 5.15.18 6.x before 6.2.13 6.3.x through 6.5.x before 6.5.7 and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early because the encrypted() signal has not yet been emitted and processed..18-02-20262447
MSRC Security UpdateCVE-2023-23914 A cleartext transmission of sensitive information vulnerability exists in curl 18-02-20262448
MSRC Security UpdateCVE-2025-49630 Apache HTTP Server: mod_proxy_http2 denial of service18-02-20262449
MSRC Security UpdateCVE-2024-42288 scsi: qla2xxx: Fix for possible memory corruption18-02-20262450
Nessun risultato trovato

Prova a modificare i termini di ricerca

Le Fonti

Questa selezione di advisories è una lista ordinata per data di tutte le pubblicazioni dalle seguenti fonti:

US-CERT CISA
Twitter
NCSC
Twitter
Center of Internet Security
Twitter
FR-CERT Alertes
Twitter
FR-CERT Avis
Twitter
EU-ENISA Publications
Twitter
Google TAG
Microsoft Security
SANS
Twitter
Unit42
Twitter
MSRC Security Update
Twitter
CERT-Bund DE
Twitter
CSIRT IT
Twitter
Consiglio Federale CH
Twitter