Ransomfeed ransomfeed

Alerts & Advisory dai CERTs

Gli ultimi avvisi di sicurezza dai Computer Emergency Response Teams governativi e non-governativi rilevanti del mondo cybersec

Mostrando 1151-1175 di 3755 risultati
Pagina 47 di 151

Avvisi di Sicurezza

CERT Alert Data #
MSRC Security UpdateCVE-2024-50082 blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race18-02-20261151
MSRC Security UpdateCVE-2019-16707 Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx.18-02-20261152
MSRC Security UpdateCVE-2018-20505 SQLite 3.25.2 when queries are run on a table with a malformed PRIMARY KEY allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).18-02-20261153
MSRC Security UpdateCVE-2019-14193 An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the "if" block after calculating the new path length.18-02-20261154
MSRC Security UpdateCVE-2022-28506 There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45.18-02-20261155
MSRC Security UpdateCVE-2022-24999 qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has "deps: qs@6.9.7" in its release description, is not vulnerable).18-02-20261156
MSRC Security UpdateCVE-2024-50083 tcp: fix mptcp DSS corruption due to large pmtu xmit18-02-20261157
MSRC Security UpdateCVE-2025-38348 wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback()18-02-20261158
MSRC Security UpdateCVE-2023-24539 Improper sanitization of CSS values in html/template18-02-20261159
MSRC Security UpdateCVE-2020-10941 Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.18-02-20261160
MSRC Security UpdateCVE-2024-56635 net: avoid potential UAF in default_operstate()18-02-20261161
MSRC Security UpdateCVE-2025-38333 f2fs: fix to bail out in get_new_segment()18-02-20261162
MSRC Security UpdateCVE-2023-45237 Use of a Weak PseudoRandom Number Generator in EDK II Network Package18-02-20261163
MSRC Security UpdateCVE-2019-18222 The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.18-02-20261164
MSRC Security UpdateCVE-2025-38307 ASoC: Intel: avs: Verify content returned by parse_int_array()18-02-20261165
MSRC Security UpdateCVE-2023-42365 A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.18-02-20261166
MSRC Security UpdateCVE-2022-4968 netplan leaks the private key of wireguard to local users.18-02-20261167
MSRC Security UpdateCVE-2012-6708 jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions jQuery only deems the input to be HTML if it explicitly starts with the '<' character limiting exploitability only to attackers who can control the beginning of a string which is far less common.18-02-20261168
MSRC Security UpdateCVE-2022-33967 squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a specially crafted squashfs image may lead to a denial-of-service (DoS) condition or arbitrary code execution.18-02-20261169
MSRC Security UpdateCVE-2025-38274 fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt()18-02-20261170
MSRC Security UpdateCVE-2023-42364 A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.18-02-20261171
MSRC Security UpdateCVE-2025-38300 crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare()18-02-20261172
MSRC Security UpdateCVE-2022-45410 When a ServiceWorker intercepted a request with FetchEvent, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec and then in browsers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.18-02-20261173
MSRC Security UpdateCVE-2025-27810 Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays.18-02-20261174
MSRC Security UpdateCVE-2025-21672 afs: Fix merge preference rule failure condition18-02-20261175
Nessun risultato trovato

Prova a modificare i termini di ricerca

Le Fonti

Questa selezione di advisories è una lista ordinata per data di tutte le pubblicazioni dalle seguenti fonti:

US-CERT CISA
Twitter
NCSC
Twitter
Center of Internet Security
Twitter
FR-CERT Alertes
Twitter
FR-CERT Avis
Twitter
EU-ENISA Publications
Twitter
Google TAG
Microsoft Security
SANS
Twitter
Unit42
Twitter
MSRC Security Update
Twitter
CERT-Bund DE
Twitter
CSIRT IT
Twitter
Consiglio Federale CH
Twitter