Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Notary Security Vulnerabilities

cve
cve

CVE-2020-29601

The official notary docker images before signer-0.6.1-1 contain a blank password for a root user. System using the notary docker container deployed by affected versions of the docker image may allow an remote attacker to achieve root access with a blank...

9.8CVSS

9.5AI Score

0.007EPSS

2020-12-08 04:15 PM
24
4
cve
cve

CVE-2015-9258

In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might (for example) be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as...

7.5CVSS

7.3AI Score

0.001EPSS

2018-03-31 09:29 PM
28
cve
cve

CVE-2015-9259

In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to an old root.json...

9.8CVSS

9.2AI Score

0.002EPSS

2018-03-31 09:29 PM
21