CVE-2024-56138 Timestamp signature generation lacks certificate revocation check in notion-go

notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. This issue was identified during Quarkslab's audit of the timestamp feature. During the timestamp signature generation, the revocation status of the certificates used to...

CVE-2024-56138 Timestamp signature generation lacks certificate revocation check in notion-go

notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. This issue was identified during Quarkslab's audit of the timestamp feature. During the timestamp signature generation, the revocation status of the certificates used to...

CVE-2024-56138

CVE-2024-56138 affects notion-go, a library for signing/verifying OCI artifacts. The timestamp signature generation path did not verify the revocation status of certificates in the TSA chain, enabling a potential MITM-era countersignature that could be stored by notation and cause CI/CD signature...

CVE-2024-56138

notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. This issue was identified during Quarkslab's audit of the timestamp feature. During the timestamp signature generation, the revocation status of the certificates used to...

GHSA-45V3-38PC-874V notation-go's timestamp signature generation lacks certificate revocation check

This issue was identified during Quarkslab's audit of the timestamp feature. Summary During the timestamp signature generation, the revocation status of the certificates used to generate the timestamp signature was not verified. Details During timestamp signature generation, notation-go did not...

Exploit for CVE-2024-12856

CVE-2024-12856 This is an exploit for Four-Faith router models...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python312 (SUSE-SU-2025:0048-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:0048-1 advisory. - Properly quote path names provided when creating a virtual environment bsc1232241, CVE-2024-9287 Tenabl...

CVE-2025-21613

go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...

The vulnerability of the Command Line Interface (CLI) of the Skupper package, a software management and microservice integration tool for cloud and hybrid environments under Red Hat Service Interconnect, allows an attacker to gain unauthorized access to protected information or cause service failures.

The vulnerability of the Command Line Interface CLI of the Skupper package, a software tool for managing and integrating microservices in cloud and hybrid environments of Red Hat Service Interconnect, relates to the bypassing of authentication by using the default mode. Exploiting this...

PT-2025-11592

Name of the Vulnerable Software and Affected Versions cifs-utils affected versions not specified Description The issue concerns cifs-utils, specifically the cifs.upcall component, which makes an upcall to the wrong namespace in containerized environments. Recommendations At the moment, there is n...

Improper Authentication

AsyncHttpClient AHC is vulnerable to Improper Authentication. The vulnerability is due to improper management of the CookieStore, which silently replaces explicitly defined cookies with those from the cookie jar if they share the same name, potentially leading to user session confusion in...

CVE-2024-53220

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to account dirty data in getsecsrequired It will trigger system panic w/ testcase in 1: ------------ cut here ------------ kernel BUG at fs/f2fs/segment.c:2752! RIP: 0010:newcurseg+0xc81/0x2110 Call Trace:...

[SECURITY] Fedora 41 Update: prometheus-podman-exporter-1.14.0-1.fc41

Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...

[SECURITY] Fedora 40 Update: prometheus-podman-exporter-1.14.0-1.fc40

Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information...

The vulnerability of the software protection tool for accessing applications in Docker environments. IBM Security Verify Access Docker, which is related to errors in privilege management, allows attackers to elevate their privileges.

The vulnerability of the application access protection software in Docker environments is related to errors in privilege management. Exploiting this vulnerability can allow attackers to enhance their privileges...

Dell RecoverPoint for Virtual Machines Command Injection Vulnerability

Dell RecoverPoint for Virtual Machines is a simple, efficient operations and disaster recovery solution from Dell, Inc. For virtualized applications in VMware environments. A command injection vulnerability exists in Dell RecoverPoint for Virtual Machines version 6.0 SP1 and version 6.0 SP1 P1,...

Onyxia 代码注入漏洞

Onyxia is an open source web application from InseeFrLab designed to be the glue between multiple open source backend technologies. A code injection vulnerability exists in Onyxia versions prior to 4.2.0, prior to 3.1.1, and prior to 2.8.2, which originates from the ability of an authenticated us...

编号撤回

Red Hat Satellite 6 is an application system from Red Hat, Inc. provides an infrastructure management product specifically designed to keep Red Hat EnterpriseLinux® environments and other Red Hat infrastructures running efficiently, securely, and in compliance with various standards. This CVE...

Unpacking Diicot - Evolving Campaign Targeting Linux Environments

Wiz Threat Research uncovered a new malware campaign targeting Linux environments attributed to the Diicot threat group...

New Developments in LLM Hijacking Activity

Discover the latest in LLM hijacking activity, including a dive into the JINX-2401 campaign targeting AWS environments with IAM privilege escalation tactics...