Lucene search
K

26 matches found

CVE
CVE
added 2026/06/25 8:56 p.m.22 views

CVE-2026-6331

CVE-2026-6331 describes an HMAC zero-length tag forgery in EVP_DigestVerifyFinal. The OpenSSL-compatibility HMAC verify path allowed a zero-length or truncated tag to pass because the signature length check only ensured it did not exceed the MAC length. The fixed behavior now requires the supplie...

7.5CVSS5.8AI score0.00147EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/19 8:47 p.m.15 views

GHSA-WFQX-GJRF-G28R Crossplane: Signature verification TOCTOU allows installing unverified package content via mutable tag

Summary Crossplane allows package signature verification to be configured via the ImageConfig mechanism. When enabled, the package manager uses cosign to verify that packages are correctly signed before pulling and installing them. When a package is installed using a tag reference e.g., a semanti...

9CVSS5.7AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/05 4:32 p.m.14 views

Source controller: Improper path handling allows traversal

Impact An actor with the ability to influence the contents of a bucket referenced by a Bucket resource can cause source-controller to write fetched object data to paths outside the per-reconciliation working directory. The corruption surface is bounded by source-controller's own and downstream Fl...

5.6AI score0.00052EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/05 4:32 p.m.4 views

GHSA-JJRM-HR5F-673X Source controller: Improper path handling allows traversal

Impact An actor with the ability to influence the contents of a bucket referenced by a Bucket resource can cause source-controller to write fetched object data to paths outside the per-reconciliation working directory. The corruption surface is bounded by source-controller's own and downstream Fl...

5.3CVSS5.6AI score0.00052EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/21 1:28 a.m.7 views

CVE-2026-26275

httpsig-hyper is a hyper extension for http message signatures. An issue was discovered in httpsig-hyper prior to version 0.0.23 where Digest header verification could incorrectly succeed due to misuse of Rust's matches! macro. Specifically, the comparison if matches!digest, expecteddigest treate...

7.5CVSS5.6AI score0.00162EPSS
Exploits0References1
NVD
NVD
added 2026/02/19 10:16 p.m.8 views

CVE-2026-26275

httpsig-hyper is a hyper extension for http message signatures. An issue was discovered in httpsig-hyper prior to version 0.0.23 where Digest header verification could incorrectly succeed due to misuse of Rust's matches! macro. Specifically, the comparison if matches!digest, expecteddigest treate...

7.5CVSS0.00162EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/19 9:25 p.m.5 views

CVE-2026-26275 httpsig-hyper has Improper Digest Verification that May Allow Message Integrity Bypass

httpsig-hyper is a hyper extension for http message signatures. An issue was discovered in httpsig-hyper prior to version 0.0.23 where Digest header verification could incorrectly succeed due to misuse of Rust's matches! macro. Specifically, the comparison if matches!digest, expecteddigest treate...

7.5CVSS5.7AI score0.00162EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/19 9:25 p.m.28 views

CVE-2026-26275 httpsig-hyper has Improper Digest Verification that May Allow Message Integrity Bypass

httpsig-hyper is a hyper extension for http message signatures. An issue was discovered in httpsig-hyper prior to version 0.0.23 where Digest header verification could incorrectly succeed due to misuse of Rust's matches! macro. Specifically, the comparison if matches!digest, expecteddigest treate...

7.5CVSS0.00162EPSS
Exploits0References5
OSV
OSV
added 2026/02/19 9:25 p.m.6 views

CVE-2026-26275 httpsig-hyper has Improper Digest Verification that May Allow Message Integrity Bypass

httpsig-hyper is a hyper extension for http message signatures. An issue was discovered in httpsig-hyper prior to version 0.0.23 where Digest header verification could incorrectly succeed due to misuse of Rust's matches! macro. Specifically, the comparison if matches!digest, expecteddigest treate...

7.5CVSS5.7AI score0.00162EPSS
Exploits0References7
CVE
CVE
added 2026/02/19 9:25 p.m.18 views

CVE-2026-26275

The CVE affects httpsig-hyper up to version 0.0.22, where Digest header verification could incorrectly succeed due to a misuse of Rust’s matches! macro, causing digest checks to pass even when the computed digest did not match the expected value. This could allow message body modifications to go ...

7.5CVSS5.6AI score0.00162EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/02/17 9:29 p.m.8 views

GHSA-7V42-G35V-XRCH Improper Digest Verification in httpsig-hyper May Allow Message Integrity Bypass

Impact An issue was discovered in httpsig-hyper where Digest header verification could incorrectly succeed due to misuse of Rust's matches! macro. Specifically, the comparison: rust if matches!digest, expecteddigest treated expecteddigest as a pattern binding rather than a value comparison,...

7.5CVSS5.6AI score0.00162EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.9 views

PT-2026-20344

Name of the Vulnerable Software and Affected Versions httpsig-hyper versions prior to 0.0.23 Description The httpsig-hyper library contains an issue where Digest header verification could incorrectly succeed due to an incorrect use of Rust’s matches! macro. The comparison if matches!digest,...

7.5CVSS5.5AI score0.00162EPSS
Exploits0References8
EUVD
EUVD
added 2026/01/13 2:58 p.m.5 views

EUVD-2026-1868

Cosign verification accepts any valid Rekor entry under certain conditions...

5.5CVSS6.1AI score0.00077EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 2026/01/10 6:11 a.m.7 views

CVE-2026-22703

Cosign provides code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, Cosign bundle can be crafted to successfully verify an artifact even if the embedded Rekor entry does not reference the artifact's digest, signature or public key. When verifying a Rekor...

5.5CVSS7.1AI score0.00077EPSS
Exploits1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-24326

Malware in sbrugna...

7.5CVSS7.5AI score0.01538EPSS
Exploits1References3
AstraLinux
AstraLinux
added 2025/06/16 11:28 a.m.2 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: x86/microcode/AMD: Fixed the return value of applymicrocodeamd. When verifysha256digest fails, applymicrocodeamd should propagate the failure by returning false rather than -1, which is promoted to true...

5.5CVSS6.2AI score0.00177EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 8:7 p.m.13 views

CVE-2021-37847

crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification...

7.5CVSS6.7AI score0.01538EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2025/05/06 12:51 a.m.6 views

kernel: nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()

An unchecked buffer bounds flaw was found in the Linux kernel's NVMe TCP Fabrics driver. An attacker with the ability to send a crafted packet to an affected NVMe host could exploit this flaw to alter kernel memory, leading to an escalation of privileges or a compromise of system integrity or...

7.8CVSS7.2AI score0.00209EPSS
Exploits0References5
OSV
OSV
added 2025/04/16 3:15 p.m.4 views

UBUNTU-CVE-2025-22047

In the Linux kernel, the following vulnerability has been resolved: x86/microcode/AMD: Fix applymicrocodeamd's return value When verifysha256digest fails, applymicrocodeamd should propagate the failure by returning false and not -1 which is promoted to true...

5.5CVSS6.2AI score0.00177EPSS
Exploits0References29
Positive Technologies
Positive Technologies
added 2024/08/05 12:0 a.m.5 views

PT-2024-39992 · Regclient · Regclient

Name of the Vulnerable Software and Affected Versions: regclient versions prior to 0.7.1 Description: A malicious registry could return a different digest for a pinned manifest without detection. This issue affects the regclient, a Docker and OCI Registry Client in Go. Recommendations: For versio...

5.8CVSS6.8AI score0.00172EPSS
Exploits0References10
Rows per page
Query Builder