Уязвимости

  1. CVE-2026-45495 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

    Acknowledgement added. This is an informational change only.

  2. CVE-2026-45494 Microsoft Edge (Chromium-based) Spoofing Vulnerability

    Acknowledgement added. This is an informational change only.

  3. CVE-2026-42825 Windows Telephony Service Elevation of Privilege Vulnerability

    Updated Hotpatch links. This is in informational change only.

  4. CVE-2025-54518 AMD: CVE-2025-54518 CPU OP Cache Corruption

    Updated Hotpatch links. This is in informational change only.

  5. CVE-2025-6965 Integer Truncation on SQLite

    Added Visual Studio software to the Security Updates table. Customers that are running supported version of Visual Studio are encouraged to update to the indicated version to be protected from this vulnerability.

  6. CVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh

    Information published.

  7. CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh

    Information published.

  8. CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna

    Information published.

  9. Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

    Information published.

  10. Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

    Information published.

  11. Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

    Information published.

  12. CVE-2025-15504 lief-project LIEF ELF Binary Parser.tcc parse_binary null pointer dereference

    Information published.

  13. CVE-2024-36137 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner and permissions of a file.

    Information published.

  14. CVE-2024-22018 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

    Information published.

  15. CVE-2017-3736 There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.

    Information published.

  16. CVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion

    Information published.

  17. CVE-2026-28387 Potential Use-after-free in DANE Client Code

    Information published.

  18. CVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL

    Information published.

  19. CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo

    Information published.

  20. CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo

    Information published.

Приглашаю на лучшие дистанционные курсы повышения квалификации, курсы профессиональной переподготовки и курсы по специальностям на проверенной образовательной платформе «Знанио».

Воспользуйтесь моим купоном «9954514» при оформлении заказа, чтобы получить скидку -50% на https://znanio.ru на все курсы и другие услуги портала.

Прогноз погоды в Анадырь
world-weather.ru