99 matches found
CVE-2026-49834 sigstore-go: Multi-log threshold bypass via single compromised log
sigstore-go is a Go library for Sigstore signing and verification. Prior to 1.2.0, a verifier configured with WithTransparencyLogN1 or WithSignedCertificateTimestampsN1 counts verified witnesses per entry or per validation path rather than per log authority, allowing a single compromised...
CLEANSTART-2026-LY44407 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61731, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-26958, CVE-2026-27139, CVE-2026-27140, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-29181, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289, CVE-2026-33186, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-33816, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-40179, CVE-2026-41889, CVE-2026-42151, CVE-2026-42154, CVE-2026-42499, CVE-2026-42501, CVE-2026-44903, ghsa-9jj7-4m8r-rfcm, ghsa-f6x5-jh6r-wrfv, ghsa-fw7p-63qq-7hpr, ghsa-fw8g-cg8f-9j28, ghsa-j5w8-q4qc-rx2x, ghsa-j88v-2chj-qfwx, ghsa-mh2q-q3fh-2475, ghsa-p77j-4mvh-x3m3, ghsa-vffh-x6r8-xx99, ghsa-wg65-39gg-5wfj applied in versions: 1.3.2-r0, 1.3.2-r1, 1.3.2-r2
Multiple security vulnerabilities affect the certificate-transparency-trillian-ctserver package. These issues are resolved in later releases. See references for individual vulnerability details...
EUVD-2026-41207
Description: To issue and renew TLS certificates on behalf of customers, Cloudflare's Universal SSL feature automatically manages the CAA RRset for the customer's zone. This auto-managed RRset is permissive by design e.g. 'issue "letsencrypt.org"' without parameters. On Universal SSL zones,...
CVE-2026-14440
Description: To issue and renew TLS certificates on behalf of customers, Cloudflare's Universal SSL feature automatically manages the CAA RRset for the customer's zone. This auto-managed RRset is permissive by design e.g. 'issue "letsencrypt.org"' without parameters. On Universal SSL zones,...
CVE-2026-14440
Description: To issue and renew TLS certificates on behalf of customers, Cloudflare's Universal SSL feature automatically manages the CAA RRset for the customer's zone. This auto-managed RRset is permissive by design e.g. 'issue "letsencrypt.org"' without parameters. On Universal SSL zones,...
CLEANSTART-2026-GZ11549 Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations
Multiple security vulnerabilities affect the certificate-transparency-trillian-ctserver package. Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations. See references for individual vulnerability details...
CVE-2026-44903 vulnerabilities
Vulnerabilities for packages: telegraf, karma, loki, amazon-cloudwatch-agent-operator, opentelemetry-operator, splunk-otel-collector, trillian, istio, minio-operator, prometheus-pushgateway, prometheus, cloud-sql-proxy, k8sgpt, jaeger, minio-object-browser, fluent-bit-plugin-loki,...
CVE-2026-44903 vulnerabilities
Vulnerabilities for packages: cloud-sql-proxy, prometheus-fips, datadog-agent-fips, fluent-bit-plugin-loki, node-problem-detector-fips, trillian-fips, splunk-otel-collector, opentelemetry-collector, opentelemetry-operator, nrdot-collector-k8s, cloud-sql-proxy-fips, datadog-agent, loki-fips,...
CVE-2026-41889 vulnerabilities
Vulnerabilities for packages: step-ca, goose, splunk-otel-collector, envoy-gateway-fips, sftpgo, cloudprober-fips, ory-kratos, opentelemetry-collector-contrib, temporal, kine, openbao, seaweedfs-fips, cloudprober, gitlab-cng, sftpgo-plugin-eventstore, falcosidekick, peerdb-flow, grafana-alloy-fip...
Google's Android Apps Get Public Verification to Stop Supply Chain Attacks
Google has announced expanded Binary Transparency for Android as a way to safeguard the ecosystem from supply chain attacks. "This new public ledger ensures the Google apps on your device are exactly what we intended to build and distribute," Google's product and security teams said. The initiati...
GHSA-7MR4-XJXG-34G6 vulnerabilities
Vulnerabilities for packages: descheduler, caddy, redka, redpanda, temporal-ui-server, terraform-provider-pagerduty, verticadb-operator, grafana-agent-operator, envoy-gateway, kubernetes, policy-controller, kube-arangodb, hubble, istio, opentofu, docker-machine-driver-linode, kargo, cilium-envoy,...
CVE-2026-32281 vulnerabilities
Vulnerabilities for packages: descheduler, nri-mysql, terraform-provider-pagerduty, kubernetes-dashboard-metrics-scraper, q, otel-cli, rancher, terraform-provider-kubernetes, swagger, conjur-cli, cloudnative-pg, controller-gen, aws-efs-csi-driver, timestamp-authority, smokescreen, opencost, nsc,...
CLEANSTART-2026-YR14817 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68119, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 1.3.2-r0
Multiple security vulnerabilities affect the certificate-transparency-trillian-ctserver package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2026-24122
Cosign
GHSA-FW7P-63QQ-7HPR vulnerabilities
Vulnerabilities for packages: step-issuer, nri-mysql, telegraf, caddy, loki, hydra, kubeflow-pipelines, fulcio, nuclei, flux-kustomize-controller, wolfictl, envoy-gateway, grafana-alloy, splunk-otel-collector, tailscale, trillian, openfga, croc, age, rekor, step, temporal-server, ratify, cerbos,...
Astra Linux – Vulnerability in gnutls28
A heap-buffer-overread vulnerability was discovered in GnuTLS regarding its handling of the Certificate Transparency CT Signed Certificate Timestamp SCT extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension OID...
Siemens SIMATIC S7-1500 Improper Certificate Validation (CVE-2025-32989)
A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency CT Signed Certificate Timestamp SCT extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension OID...
Security Bulletin: Allocation of resources without limits, heap-buffer-overread, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service
Summary IBM Storage Defender - Resiliency service is vulnerable to allocation of resources without limits, heap-buffer-overread, and others. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-32988 DESCRIPTION: A flaw was found in GnuTLS. A double-free vulnerability...
EUVD-2017-2993
Malware in sbrugna...
gnutls: Vulnerability in GnuTLS SCT extension parsing
A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency CT Signed Certificate Timestamp SCT extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension OID...