Ransomfeed ransomfeed

Alerts & Advisory dai CERTs

Gli ultimi avvisi di sicurezza dai Computer Emergency Response Teams governativi e non-governativi rilevanti del mondo cybersec

Mostrando 2451-2475 di 3856 risultati
Pagina 99 di 155

Avvisi di Sicurezza

CERT Alert Data #
MSRC Security UpdateCVE-2024-56769 media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg18-02-20262451
MSRC Security UpdateCVE-2025-49809 mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTR_PACKET environment variable. NOTE: mtr on macOS may often have Sudo rules, as an indirect consequence of Homebrew not installing setuid binaries.18-02-20262452
MSRC Security UpdateCVE-2024-43849 soc: qcom: pdr: protect locator_addr with the main mutex18-02-20262453
MSRC Security UpdateCVE-2023-51385 In ssh in OpenSSH before 9.6 OS command injection might occur if a user name or host name has shell metacharacters and this name is referenced by an expansion token in certain situations. For example an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.18-02-20262454
MSRC Security UpdateCVE-2025-21776 USB: hub: Ignore non-compliant devices with too many configs or interfaces18-02-20262455
MSRC Security UpdateCVE-2024-20505 ClamAV Memory Handling DoS18-02-20262456
MSRC Security UpdateCVE-2021-20197 There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar objcopy strip ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users) an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.18-02-20262457
MSRC Security UpdateCVE-2022-43551 A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded.18-02-20262458
MSRC Security UpdateCVE-2025-24294 18-02-20262459
MSRC Security UpdateCVE-2024-47726 f2fs: fix to wait dio completion18-02-20262460
MSRC Security UpdateCVE-2023-51384 In ssh-agent in OpenSSH before 9.6 certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys these constraints are only applied to the first key even if a PKCS#11 token returns multiple keys.18-02-20262461
MSRC Security UpdateCVE-2025-21785 arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array18-02-20262462
MSRC Security UpdateCVE-2024-44985 ipv6: prevent possible UAF in ip6_xmit()18-02-20262463
MSRC Security UpdateCVE-2007-2768 OpenSSH when using OPIE (One-Time Passwords in Everything) for PAM allows remote attackers to determine the existence of certain user accounts which displays a different response if the user account exists and is configured to use one-time passwords (OTP) a similar issue to CVE-2007-2243.18-02-20262464
MSRC Security UpdateCVE-2024-28180 Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)18-02-20262465
MSRC Security UpdateCVE-2025-52496 Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery.18-02-20262466
MSRC Security UpdateCVE-2024-56767 dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset18-02-20262467
MSRC Security UpdateCVE-2024-47723 jfs: fix out-of-bounds in dbNextAG() and diAlloc()18-02-20262468
MSRC Security UpdateCVE-2024-58071 team: prevent adding a device which is already a team device lower18-02-20262469
MSRC Security UpdateCVE-2024-58017 printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX18-02-20262470
MSRC Security UpdateCVE-2023-4535 Opensc: out-of-bounds read in myeid driver handling encryption using symmetric keys18-02-20262471
MSRC Security UpdateCVE-2024-39936 An issue was discovered in HTTP2 in Qt before 5.15.18 6.x before 6.2.13 6.3.x through 6.5.x before 6.5.7 and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early because the encrypted() signal has not yet been emitted and processed..18-02-20262472
MSRC Security UpdateCVE-2023-23914 A cleartext transmission of sensitive information vulnerability exists in curl 18-02-20262473
MSRC Security UpdateCVE-2025-49630 Apache HTTP Server: mod_proxy_http2 denial of service18-02-20262474
MSRC Security UpdateCVE-2024-42288 scsi: qla2xxx: Fix for possible memory corruption18-02-20262475
Nessun risultato trovato

Prova a modificare i termini di ricerca

Le Fonti

Questa selezione di advisories è una lista ordinata per data di tutte le pubblicazioni dalle seguenti fonti:

US-CERT CISA
Twitter
NCSC
Twitter
Center of Internet Security
Twitter
FR-CERT Alertes
Twitter
FR-CERT Avis
Twitter
EU-ENISA Publications
Twitter
Google TAG
Microsoft Security
SANS
Twitter
Unit42
Twitter
MSRC Security Update
Twitter
CERT-Bund DE
Twitter
CSIRT IT
Twitter
Consiglio Federale CH
Twitter