CVE-2026-24122 Cosign Certificate Chain Expiry Validation Issue Allows Issuing Certificate Expiry to Be Overlooked

Cosign provides code signing and transparency for containers and binaries. In versions 3.0.4 and below, an issuing certificate with a validity that expires before the leaf certificate will be considered valid during verification even if the provided timestamp would mean the issuing certificate...

Amazon Linux 2 : openssl-snapsafe, --advisory ALAS2OPENSSL-SNAPSAFE-2026-009 (ALASOPENSSL-SNAPSAFE-2026-009)

The version of openssl-snapsafe installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2OPENSSL-SNAPSAFE-2026-009 advisory. Writing large, newline-free data into a BIO chain using the line-buffering filter where the next...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: openssl (UTSA-2026-005351)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005351 advisory. Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating...

AZL-75896 CVE-2025-69420 affecting package edk2 for versions less than 20240524git3e722403cd16-14

Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...

lakeFS security vulnerability

LakeFS is an open-source tool developed by Treeverse. It allows you to convert your object storage into a repository similar to Git. Versions of LakeFS prior to 1.75.0 contained security vulnerabilities. These vulnerabilities stemmed from the S3 gateway not verifying the timestamps in authenticat...

EUVD-2024-2485

Malicious code in bioql PyPI...

CVE-2024-55655

CVE-2024-55655 affects sigstore-python versions newer than 2.0.0 but before 3.6.0, with insufficient validation of the integration time in v2/v3 bundles during verification. The integration time is checked only when a source of signed time (e.g., an inclusion promise) exists; otherwise it is trus...

BIT-HYPERLEDGER-FABRIC-TOOLS-2024-45244

Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestamp within the expected time window...

Improper Authorization

github.com/hyperledger/fabric is vulnerable to Improper Authorization. the vulnerability is due to the improper verification of timestamp authenticity within the request handling process. An attacker can manipulate the timestamp to bypass security controls by sending a crafted request with a...

CVE-2024-45244

Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestamp within the expected time window...

CVE-2024-45244

Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestamp within the expected time window...

Hyperledger Fabric 安全漏洞

Hyperledger Fabric is an enterprise-licensed distributed ledger framework open-sourced by Hyperledger. It is used to develop solutions and applications. A security vulnerability exists in Hyperledger Fabric version 2.5.9 that stems from an inability to verify that a request is timestamped within...

CVE-2024-45244

Hyperledger Fabric (versions up to 3.0.0 and 2.5.x up to 2.5.9) is documented to fail to verify that a request’s timestamp falls within the expected time window. The vulnerability affects the timestamp validation path in Fabric’s request handling, enabling possible manipulation of timestamps to b...

CVE-2024-45244

Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestamp within the expected time window...

csicsergobudaors.hu Cross Site Scripting vulnerability OBB-2807486

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Man-in-the-Middle (MitM)

openstack keystone is vulnerable to man-in-the-middle attack. Lack of signature TTL check to verify the timestamp in the AWS Signature V4 token signature allows an attacker to sniff an Authorization header in a man-in-the-middle attack and reuse the header to reissue openstack tokens...

Update to add SHA-2 code signing support for Windows Server 2008 SP2

Update to add SHA-2 code signing support for Windows Server 2008 SP2 Summary This update provides support for the Secure Hash Algorithm-2 SHA-2 code signing and verification functionality in the 64-bit version of Windows Server 2008 Service Pack 2 SP2 which includes the following: Support for...