Ransomfeed ransomfeed

Alerts & Advisory dai CERTs

Gli ultimi avvisi di sicurezza dai Computer Emergency Response Teams governativi e non-governativi rilevanti del mondo cybersec

Mostrando 1801-1825 di 3855 risultati
Pagina 73 di 155

Avvisi di Sicurezza

CERT Alert Data #
MSRC Security UpdateCVE-2022-27651 A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity.18-02-20261801
MSRC Security UpdateCVE-2022-48303 GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump18-02-20261802
MSRC Security UpdateCVE-2025-37967 usb: typec: ucsi: displayport: Fix deadlock18-02-20261803
MSRC Security UpdateCVE-2024-26648 drm/amd/display: Fix variable deferencing before NULL check in edp_setup_replay()18-02-20261804
MSRC Security UpdateCVE-2025-68366 nbd: defer config unlock in nbd_genl_connect18-02-20261805
MSRC Security UpdateCVE-2024-57900 ila: serialize calls to nf_register_net_hooks()18-02-20261806
MSRC Security UpdateCVE-2024-45296 path-to-regexp outputs backtracking regular expressions18-02-20261807
MSRC Security UpdateCVE-2025-21859 USB: gadget: f_midi: f_midi_complete to call queue_work18-02-20261808
MSRC Security UpdateCVE-2025-38215 fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var18-02-20261809
MSRC Security UpdateCVE-2025-21951 bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock18-02-20261810
MSRC Security UpdateCVE-2024-29041 Express.js Open Redirect in malformed URLs18-02-20261811
MSRC Security UpdateCVE-2022-46175 JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The `parse` method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named `__proto__` allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by `JSON5.parse` and not the global Object prototype which is the commonly understood definition of Prototype Pollution. However polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from `JSON5.parse`. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys but could include denial of service cross-site scripting elevation18-02-20261812
MSRC Security UpdateCVE-2021-3636 It was found in OpenShift before version 4.8 that the generated certificate for the in-cluster Service CA incorrectly included additional certificates. The Service CA is automatically mounted into all pods allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service.18-02-20261813
MSRC Security UpdateCVE-2024-39481 media: mc: Fix graph walk in media_pipeline_start18-02-20261814
MSRC Security UpdateCVE-2025-39721 crypto: qat - flush misc workqueue during device shutdown18-02-20261815
MSRC Security UpdateCVE-2025-23142 sctp: detect and prevent references to a freed transport in sendmsg18-02-20261816
MSRC Security UpdateCVE-2024-0340 Kernel: information disclosure in vhost/vhost.c:vhost_new_msg()18-02-20261817
MSRC Security UpdateCVE-2024-35854 mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash18-02-20261818
MSRC Security UpdateCVE-2025-3360 Glibc: glib prior to 2.82.5 is vulnerable to integer overflow and buffer under-read when parsing a very long invalid iso 8601 timestamp with g_date_time_new_from_iso8601().18-02-20261819
MSRC Security UpdateCVE-2025-21865 gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().18-02-20261820
MSRC Security UpdateCVE-2024-8096 OCSP stapling bypass with GnuTLS18-02-20261821
MSRC Security UpdateCVE-2025-68732 gpu: host1x: Fix race in syncpt alloc/free18-02-20261822
MSRC Security UpdateCVE-2025-38208 smb: client: add NULL check in automount_fullpath18-02-20261823
MSRC Security UpdateCVE-2025-40914 Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow18-02-20261824
MSRC Security UpdateCVE-2022-27649 A flaw was found in Podman where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.18-02-20261825
Nessun risultato trovato

Prova a modificare i termini di ricerca

Le Fonti

Questa selezione di advisories è una lista ordinata per data di tutte le pubblicazioni dalle seguenti fonti:

US-CERT CISA
Twitter
NCSC
Twitter
Center of Internet Security
Twitter
FR-CERT Alertes
Twitter
FR-CERT Avis
Twitter
EU-ENISA Publications
Twitter
Google TAG
Microsoft Security
SANS
Twitter
Unit42
Twitter
MSRC Security Update
Twitter
CERT-Bund DE
Twitter
CSIRT IT
Twitter
Consiglio Federale CH
Twitter