1995 matches found
notation-go 安全漏洞
notation-go is a collection of libraries that support signing and validating OCI artifacts for notaryproject individual developers. A security vulnerability exists in notation-go version 1.3.0-rc.1, which stems from a failed CRL cache update operation that results in an unexpected program...
notion-go 安全漏洞
notion-go is a collection of libraries that support signing and verifying OCI artifacts for notaryproject individual developers. A security vulnerability exists in notion-go versions 1.2.0-beta.1 through 1.3.0-rc.1, which stems from a failure to validate the revocation status of a certificate whe...
PT-2025-3196 · Unknown +1 · Notation-Go +1
Name of the Vulnerable Software and Affected Versions: notation-go versions prior to 1.3.0-rc.2 Description: The issue arises from the failure to verify the revocation status of the certificates used to generate the timestamp signature during timestamp signature generation. This oversight creates...
CVE-2025-22149
JWK Set JSON Web Key Set is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use...
JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh
Impact The project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use cases that utilize the provided auto-caching HTTP client and where key...
GHSA-675F-RQ2R-JW82 JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh
Impact The project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use cases that utilize the provided auto-caching HTTP client and where key...
CVE-2025-22149
The CVE-2025-22149 issue affects the JWK Set Go implementation’s auto-caching HTTP client (github.com/MicahParks/jwkset). Before v0.6.0, the local JWK Set cache could overwrite or append during remote refresh instead of performing a full replacement, potentially leaving revoked keys usable if rem...
CVE-2025-22149 JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh
JWK Set JSON Web Key Set is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use...
JWK Set 安全漏洞
JWK Set is a JWK and JWK-Set implementation by the individual developer Micah Parks. An auto-caching JWK-Set HTTP client is provided. A security vulnerability exists in versions prior to JWK Set 0.6.0, which stems from an HTTP client that incorrectly overwrites or appends the local cache when...
JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh
The project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use cases that utilize the provided auto-caching HTTP client and where key removal fr...
JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh
The project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use cases that utilize the provided auto-caching HTTP client and where key removal fr...
CVE-2024-56738
GNU GRUB aka GRUB2 through 2.12 does not use a constant-time algorithm for grubcryptomemcmp and thus allows side-channel attacks...
CVE-2024-56737
GNU GRUB aka GRUB2 through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem...
JetBrains TeamCity 代码问题漏洞
JetBrains TeamCity is a powerful continuous integration and continuous delivery CI/CD tool developed by JetBrains. A security vulnerability exists in JetBrains TeamCity that stems from an access token not being revoked after removing a user role. No details of the vulnerability are provided at th...
PT-2024-12773 · Beyondtrust · Beyondtrust Remote Support
Name of the Vulnerable Software and Affected Versions: BeyondTrust Remote Support SaaS affected versions not specified Description: A security issue allowed hackers to exploit and breach Remote Support SaaS instances, resulting in the resetting of local account passwords. The incident led to the...
FreeBSD : Gitlab -- vulnerabilities (2263ea04-ac81-11ef-998c-2cf05da270f3)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 2263ea04-ac81-11ef-998c-2cf05da270f3 advisory. Gitlab reports: Privilege Escalation via LFS Tokens DoS through uncontrolled resource...
Gitlab -- vulnerabilities
Gitlab reports: Privilege Escalation via LFS Tokens DoS through uncontrolled resource consumption when viewing a maliciously crafted cargo.toml file Unintended Access to Usage Data via Scoped Tokens Gitlab DOS via Harbor registry integration Resource exhaustion and denial of service with testrepo...
Live Webinar: Dive Deep into Crypto Agility and Certificate Management
In the fast-paced digital world, trust is everything—but what happens when that trust is disrupted? Certificate revocations, though rare, can send shockwaves through your operations, impacting security, customer confidence, and business continuity. Are you prepared to act swiftly when the...
Restarting a run with revoked script approval allowed by Jenkins Pipeline: Declarative Plugin
Jenkins Pipeline: Declarative Plugin 2.2214.vbb34b2ea9b83 and earlier does not check whether the main Jenkinsfile script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to restart a previous build whose Jenkinsfile script is no longer...
CVE-2024-49504
grub2 allowed attackers with access to the grub shell to access files on the encrypted disks...