crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

UBUNTU-CVE-2025-68121

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the...

EUVD-2025-206854

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the...

Malicious code in optimize-uglify-cluster-string-refactor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9357c297db533d262818f4d94e063b4ca7a1de545294cd6a542cd3cfd595d937 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in prayoga-poke3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c8caa0ea418cbcfef724814ba77db628011592117e42fbf20958142550fe6802 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-160406 Malicious code in miftaiky-doll-partly (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9752d4e909c55aa087b0f6dcf9283c9102d05fbba86ab4ec5dd865e75dd7e29c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148751 Malicious code in tool-rocket-impulse-dotenv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da69e02ea1de6c0283031e9f19b73ff166dcc8006bfd5f7ab0b19b6d484ba878 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in social_heron_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4bff1b88f85be32497685a9ee2e1d0f502d697c18f3e36e1f86b392bd1e2a0d8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in lutfi-peyek71-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c9932133444a4bb6860baccea63652786d6bec8b48eb751b5610ac533b27e1af This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-114205 Malicious code in gilang-menjes84-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe852e53bbd673a3e41caa5fb42fe200ee35bca3fcedf4295e68df42fb2305bf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-113783 Malicious code in extra_orangutan_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56d9359433375a4b45e0b6ef45164b90be8402541b45338427f927fda499b57a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in lutfi-ragi49-miaww (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 712066d72025828a5701f845f80a6508b1df1d2027c5413a225192fbe7e74991 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nosy_jay_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85ab844fe76bf6e56912f449b69cb62d69a7084947be09b8e3e97fe9c15238c2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in ogi-ongol-ongol88-breki (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b40d3e1cea504eca9f7857bbc02a7de53e094dbff1646ab636498d914ac1f21 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-71322 Malicious code in unknown-yellow-cattle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c881519c12a22b4922eb18d8c33b97c162cb66ba2b998b37817a850a5ce4547a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in cindy-martabak4-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1abf3ada57a9360763a442123075d61dba5b3be0ed1d630317263b7ee9323b9b The package cindy-martabak4-riris was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that...

CVE-2024-52921

In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block...

CVE-2024-52921

In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block...

PT-2024-35489 · Unknown · Bitcoin Core

Name of the Vulnerable Software and Affected Versions: Bitcoin Core versions prior to 25.0 Description: The issue allows a peer to affect the download state of other peers by sending a mutated block. This can potentially disrupt the normal functioning of the Bitcoin network. Recommendations: For...

CVE-2024-52921

In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block...