crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

Insecure Direct Object Reference (IDOR)

mautic/core is vulnerable to an Insecure Direct Object Reference IDOR. The vulnerability is due to missing authorization checks in the segment cloning function, which allows authenticated users to clone segments even if they don’t have the necessary permissions...

CVE-2020-36464

An issue was discovered in the heapless crate before 0.6.1 for Rust. The IntoIter Clone implementation clones an entire underlying Vec without considering whether it has already been partially consumed...

JetBrains YouTrack 访问控制错误漏洞

JetBrains YouTrack is a project management tool developed by JetBrains that supports cloud hosting and local deployment. JetBrains YouTrack suffers from an Access Control Error vulnerability that stems from the disclosure of restricted attachments during a cloning issue, which can be exploited by...

[SECURITY] [DLA 4158-1] fossil security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4158-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler May 09, 2025 https://wiki.debian.org/LTS -...

CVE-2024-50338

Git Credential Manager GCM is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format key=value. Git's documentation restricts the...

Important: git

Issue Overview: Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a...

extend2 安全漏洞

extend2 is a simple function for extending objects. Derived from node-extend, the difference is that deep cloning overwrites the array with the original array. extend2 suffers from a security vulnerability that stems from an unsafe recursive merge...

Debian Security Advisory DSA 015-1 (sash)

The remote host is missing an update to sash announced via advisory DSA 015-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...