3 matches found
EUVD-2026-42505
A compromised or malicious BOSH Director can execute arbitrary shell commands on the operator's workstation when the operator runs bosh ssh or bosh scp/bosh logs -f with default flags. Affected versions: BOSH CLI versions prior to 7.10.5...
Cosign verification accepts any valid Rekor entry under certain conditions
Impact A Cosign bundle can be crafted to successfully verify an artifact even if the embedded Rekor entry does not reference the artifact's digest, signature or public key. When verifying a Rekor entry, Cosign verifies the Rekor entry signature, and also compares the artifact's digest, the user's...
PT-2024-5765
Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.1.0647 Description The issue exists due to a double-free error in the src/alloc.c file, specifically in the tagstack clear entry function. When a window is closed, the corresponding tagstack data is cleared and freed...