29 matches found
CVE-2026-44544
gittuf is a platform-agnostic Git security system. Prior to 0.14.0, an attacker with push access to gittuf's Reference State Log RSL can roll back the current policy to any previous policy trusted by the current set of root keys. gittuf determines the policy to load by inspecting the RSL. Except...
CVE-2026-44544
gittuf is a platform-agnostic Git security system. Prior to 0.14.0, an attacker with push access to gittuf's Reference State Log RSL can roll back the current policy to any previous policy trusted by the current set of root keys. gittuf determines the policy to load by inspecting the RSL. Except...
CVE-2026-44544
gittuf is a platform-agnostic Git security system. Prior to 0.14.0, an attacker with push access to gittuf's Reference State Log RSL can roll back the current policy to any previous policy trusted by the current set of root keys. gittuf determines the policy to load by inspecting the RSL. Except...
UBUNTU-CVE-2026-44544
gittuf is a platform-agnostic Git security system. Prior to 0.14.0, an attacker with push access to gittuf's Reference State Log RSL can roll back the current policy to any previous policy trusted by the current set of root keys. gittuf determines the policy to load by inspecting the RSL. Except...
CVE-2026-44544 gittuf: Policy can be rolled back to prior valid version
gittuf is a platform-agnostic Git security system. Prior to 0.14.0, an attacker with push access to gittuf's Reference State Log RSL can roll back the current policy to any previous policy trusted by the current set of root keys. gittuf determines the policy to load by inspecting the RSL. Except...
CVE-2026-44544 gittuf: Policy can be rolled back to prior valid version
gittuf is a platform-agnostic Git security system. Prior to 0.14.0, an attacker with push access to gittuf's Reference State Log RSL can roll back the current policy to any previous policy trusted by the current set of root keys. gittuf determines the policy to load by inspecting the RSL. Except...
CVE-2026-44544
Summary of the vulnerability (CVE-2026-44544) : In gittuf, before version 0.14.0, an attacker with push access to the Reference State Log (RSL) could roll back the current policy to a previously trusted version by inserting an RSL entry that references an older policy. This works because policy l...
EUVD-2026-30348
gittuf is a platform-agnostic Git security system. Prior to 0.14.0, an attacker with push access to gittuf's Reference State Log RSL can roll back the current policy to any previous policy trusted by the current set of root keys. gittuf determines the policy to load by inspecting the RSL. Except...
gittuf's policy can be rolled back to prior valid versions
Summary An attacker with push access to gittuf's Reference State Log RSL can roll back the current policy to any previous policy trusted by the current set of root keys. Impact gittuf determines the policy to load by inspecting the RSL. Except for the very first policy which is automatically...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the RSL policy validation. An attacker can revert the system to a previous trusted state by creating a new Reference State Log entry that references an older policy, provided it i...
GHSA-VXVC-CG7J-RWQJ gittuf's policy can be rolled back to prior valid versions
Summary An attacker with push access to gittuf's Reference State Log RSL can roll back the current policy to any previous policy trusted by the current set of root keys. Impact gittuf determines the policy to load by inspecting the RSL. Except for the very first policy which is automatically...
PT-2026-38414
Name of the Vulnerable Software and Affected Versions gittuf versions prior to 0.14.0 Description An attacker with push access to the Reference State Log RSL can roll back the current policy to any previous policy trusted by the current set of root keys. This occurs because gittuf determines the...
Exploit for Missing Authentication for Critical Function in Cpanel
Based on Watch Tower P...
This Android vulnerability can break your lock screen in under 60 seconds
A vulnerability in Android devices can allow attackers to gain access to a phone in less than a minute. The vulnerability, tracked as CVE-2026-20435, affects certain MediaTek SoCs System-on-a-Chip using Trustonic’s TEE Trusted Execution Environment. That may sound rare, but reportedly that’s abou...
CVE-2023-53618
In the Linux kernel, the following vulnerability has been resolved: btrfs: reject invalid reloc tree root keys with stack dump BUG Syzbot reported a crash that an ASSERT got triggered inside preparetomerge. That ASSERT makes sure the reloc tree is properly pointed back by its subvolume tree. CAUS...
CVE-2023-53618 btrfs: reject invalid reloc tree root keys with stack dump
In the Linux kernel, the following vulnerability has been resolved: btrfs: reject invalid reloc tree root keys with stack dump BUG Syzbot reported a crash that an ASSERT got triggered inside preparetomerge. That ASSERT makes sure the reloc tree is properly pointed back by its subvolume tree. CAUS...
CVE-2023-53618 btrfs: reject invalid reloc tree root keys with stack dump
In the Linux kernel, the following vulnerability has been resolved: btrfs: reject invalid reloc tree root keys with stack dump BUG Syzbot reported a crash that an ASSERT got triggered inside preparetomerge. That ASSERT makes sure the reloc tree is properly pointed back by its subvolume tree. CAUS...
CVE-2023-53618
The CVE-2023-53618 entry corresponds to a Linux kernel issue affecting Btrfs reloc trees. The problem was an invalid reloc tree root key being present for quota-related reloc trees, which could lead to a crash via an ASSERT() in prepare_to_merge() when the reloc tree is not properly referenced by...
EUVD-2025-32818
In the Linux kernel, the following vulnerability has been resolved: btrfs: reject invalid reloc tree root keys with stack dump BUG Syzbot reported a crash that an ASSERT got triggered inside preparetomerge. That ASSERT makes sure the reloc tree is properly pointed back by its subvolume tree. CAUS...
PT-2025-41062
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to the BTRFS file system. Specifically, the issue involves the handling of reloc trees, which are used for managing shared tree blocks between...