Ransomfeed ransomfeed

Alerts & Advisory dai CERTs

Gli ultimi avvisi di sicurezza dai Computer Emergency Response Teams governativi e non-governativi rilevanti del mondo cybersec

Mostrando 601-625 di 3853 risultati
Pagina 25 di 155

Avvisi di Sicurezza

CERT Alert Data #
MSRC Security UpdateCVE-2025-69873 ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. An attacker can inject a malicious regex pattern (e.g., "^(a|a)*$") combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with $data: true for dynamic schema validation.28-02-2026601
MSRC Security UpdateCVE-2025-71232 scsi: qla2xxx: Free sp in error path to fix system crash28-02-2026602
MSRC Security UpdateCVE-2025-71237 nilfs2: Fix potential block overflow that cause system hang28-02-2026603
MSRC Security UpdateCVE-2026-23220 ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths28-02-2026604
MSRC Security UpdateCVE-2025-71229 wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon()28-02-2026605
MSRC Security UpdateCVE-2025-71235 scsi: qla2xxx: Delay module unload while fabric scan in progress28-02-2026606
MSRC Security UpdateCVE-2026-23228 smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()28-02-2026607
MSRC Security UpdateCVE-2026-23222 crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly28-02-2026608
MSRC Security UpdateCVE-2026-23212 bonding: annotate data-races around slave->last_rx28-02-2026609
MSRC Security UpdateCVE-2026-23216 scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()28-02-2026610
MSRC Security UpdateCVE-2025-68358 btrfs: fix racy bitfield write in btrfs_clear_space_info_full()28-02-2026611
MSRC Security UpdateCVE-2025-68725 bpf: Do not let BPF test infra emit invalid GSO types to stack28-02-2026612
MSRC Security UpdateCVE-2025-68223 drm/radeon: delete radeon_fence_process in is_signaled, no deadlock28-02-2026613
MSRC Security UpdateCVE-2025-40164 usbnet: Fix using smp_processor_id() in preemptible code warnings28-02-2026614
MSRC Security UpdateCVE-2025-40005 spi: cadence-quadspi: Implement refcount to handle unbind during busy28-02-2026615
MSRC Security UpdateCVE-2025-38162 netfilter: nft_set_pipapo: prevent overflow in lookup table allocation28-02-2026616
MSRC Security UpdateCVE-2026-28364 In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock() function, which performs unbounded memcpy() operations using attacker-controlled lengths from crafted Marshal data.28-02-2026617
MSRC Security UpdateCVE-2025-40082 hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()28-02-2026618
MSRC Security UpdateCVE-2026-22999 net/sched: sch_qfq: do not free existing class in qfq_change_class()28-02-2026619
MSRC Security UpdateCVE-2026-22998 nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec28-02-2026620
MSRC Security UpdateCVE-2026-22997 net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts28-02-2026621
MSRC Security UpdateCVE-2026-22996 net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv28-02-2026622
MSRC Security UpdateCVE-2026-22992 libceph: return the handler error from mon_handle_auth_done()28-02-2026623
MSRC Security UpdateCVE-2026-22991 libceph: make free_choose_arg_map() resilient to partial allocation28-02-2026624
MSRC Security UpdateCVE-2026-22990 libceph: replace overzealous BUG_ON in osdmap_apply_incremental()28-02-2026625
Nessun risultato trovato

Prova a modificare i termini di ricerca

Le Fonti

Questa selezione di advisories è una lista ordinata per data di tutte le pubblicazioni dalle seguenti fonti:

US-CERT CISA
Twitter
NCSC
Twitter
Center of Internet Security
Twitter
FR-CERT Alertes
Twitter
FR-CERT Avis
Twitter
EU-ENISA Publications
Twitter
Google TAG
Microsoft Security
SANS
Twitter
Unit42
Twitter
MSRC Security Update
Twitter
CERT-Bund DE
Twitter
CSIRT IT
Twitter
Consiglio Federale CH
Twitter