CVE-2025-66406

CVE-2025-66406 affects Step CA (github.com/smallstep/certificates). Before version 0.29.0, there is an improper authorization check for SSH certificate revocation, impacting deployments configured with the SSHPOP provisioner. The root cause is inadequate authorization on revocation requests; the ...

SUSE CVE-2021-41035

In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods...

cmark-gfm 资源管理错误漏洞

cmark-gfm is an extended version of the C reference implementation of CommonMark, a rationalized version with canonical Markdown syntax. A resource management error vulnerability exists in versions prior to cmark-gfm 0.29.0.gfm.7. An attacker could exploit this vulnerability to cause unlimited...

AZL-41765 CVE-2022-2879 affecting package ig for versions less than 0.29.0-1

Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...

Eclipse Openj9 安全漏洞

Eclipse OpenJ9 is a Java application engine from the Eclipse Foundation. The product is primarily used to run Java applications. A security vulnerability exists in Eclipse Openj9 versions prior to 0.29.0 that stems from the JVM not throwing an IllegalAccessError exception for MethodHandles that...