SUSE CVE-2024-51491

notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during Quarkslab's security audit on the Certificate Revocation List CRL based revocation check feature. After retrieving the CRL, notation-go...

SUSE CVE-2024-56138

notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. This issue was identified during Quarkslab's audit of the timestamp feature. During the timestamp signature generation, the revocation status of the certificates used to...

Denial Of Service (DoS)

github.com/notaryproject/notation-go is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of temporary file operations during CRL cache updates, specifically the use of the os.Rename method, which fails when moving files across different mount points, allows an...

GO-2025-3381 notation-go's timestamp signature generation lacks certificate revocation check in github.com/notaryproject/notation-go

notation-go's timestamp signature generation lacks certificate revocation check in github.com/notaryproject/notation-go...

PT-2025-3838 · Apple · Swift Asn.1

Name of the Vulnerable Software and Affected Versions: Swift ASN.1 affected versions not specified Description: The issue is caused by a confusion in the ASN.1 library, which assumes that certain objects can only be provided in either constructed or primitive forms. This can trigger a...

UBUNTU-CVE-2024-56138

notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. This issue was identified during Quarkslab's audit of the timestamp feature. During the timestamp signature generation, the revocation status of the certificates used to...

CVE-2024-51491 Process crash during CRL-based revocation check on OS using separate mount point for temp Directory in notation-go

notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during Quarkslab's security audit on the Certificate Revocation List CRL based revocation check feature. After retrieving the CRL, notation-go...

CVE-2024-51491

CVE-2024-51491 affects notation-go (CRL revocation cache). The root cause is CRL cache updates via os.Rename: when source and destination reside on different mount points, the operation can fail with EXDEV, causing a crash of notation and aborting signature verification. Affected component is crl...

CVE-2024-51491 Process crash during CRL-based revocation check on OS using separate mount point for temp Directory in notation-go

notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during Quarkslab's security audit on the Certificate Revocation List CRL based revocation check feature. After retrieving the CRL, notation-go...

firefox: Compartment mismatch when parsing JavaScript JSON module

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free...

notation-go 安全漏洞

notation-go is a collection of libraries that support signing and validating OCI artifacts for notaryproject individual developers. A security vulnerability exists in notation-go version 1.3.0-rc.1, which stems from a failed CRL cache update operation that results in an unexpected program...

PT-2025-3196 · Unknown +1 · Notation-Go +1

Name of the Vulnerable Software and Affected Versions: notation-go versions prior to 1.3.0-rc.2 Description: The issue arises from the failure to verify the revocation status of the certificates used to generate the timestamp signature during timestamp signature generation. This oversight creates...

firefox: Compartment mismatch when parsing JavaScript JSON module

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free...

PT-2025-53805

Name of the Vulnerable Software and Affected Versions qs versions prior to 6.14.1 Description A flaw exists in the qs parse modules library where the arrayLimit option does not properly enforce limits when using bracket notation in query strings, leading to a potential HTTP Denial of Service DoS...

Arbitrary File Read

moodle/moodle is vulnerable to Arbitrary file read. The vulnerability is due to insufficient sanitizing in the TeX notation filter, which allows file reading on sites where pdfTeX is available, such as those with TeX Live installed...

GHSA-GJCC-JVGW-WVWJ Litestar allows unbounded resource consumption (DoS vulnerability)

Summary Litestar offers multiple methods to return a parsed representation of the request body, as well as extractors that rely on those parsers to map request content to structured data types. Multiple of those parsers do not have size limits when reading the request body into memory, which allo...

CVE-2024-51809

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in intelligentDesign Keymaster Chord Notation Free keymaster-chord-notation-free allows Stored XSS.This issue affects Keymaster Chord Notation Free: from n/a through = 1.0.2...

CVE-2024-51809

CVE-2024-51809 involves a Stored XSS in the WordPress plugin Keymaster Chord Notation Free up to version 1.0.2, caused by improper input neutralization during web page generation. Public details confirm the issue affects Keymaster Chord Notation Free versions up to 1.0.2; no explicit exploitation...

CVE-2024-51809 WordPress Keymaster Chord Notation Free plugin <= 1.0.2 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in intelligentDesign Keymaster Chord Notation Free keymaster-chord-notation-free allows Stored XSS.This issue affects Keymaster Chord Notation Free: from n/a through = 1.0.2...

CVE-2024-51809 WordPress Keymaster Chord Notation Free plugin <= 1.0.2 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in intelligentDesign Keymaster Chord Notation Free keymaster-chord-notation-free allows Stored XSS.This issue affects Keymaster Chord Notation Free: from n/a through = 1.0.2...