CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1994 matches found

SUSE CVE•added 2025/01/17 12:22 a.m.•1 views

SUSE CVE-2024-56138

notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. This issue was identified during Quarkslab's audit of the timestamp feature. During the timestamp signature generation, the revocation status of the certificates used to...

4CVSS6.5AI score0.00008EPSS

Exploits0References4

Veracode•added 2025/01/16 2:32 a.m.•3 views

Man-in-the-middle(MitM) Attack

github.com/notaryproject/notation-go is vulnerable to Man-in-The-Middle attack. The vulnerability is due to the failure to verify the revocation status of the certificate chain during timestamp signature generation, allowing attackers to exploit compromised or revoked certificates to generate...

4CVSS4.1AI score0.00008EPSS

Exploits0References5Affected Software1

OSV•added 2025/01/14 3:57 p.m.•10 views

GO-2025-3381 notation-go's timestamp signature generation lacks certificate revocation check in github.com/notaryproject/notation-go

notation-go's timestamp signature generation lacks certificate revocation check in github.com/notaryproject/notation-go...

4CVSS4.3AI score0.00008EPSS

Exploits0References2

NVD•added 2025/01/13 10:15 p.m.•7 views

CVE-2024-56138

4CVSS0.00008EPSS

Exploits0References2

OSV•added 2025/01/13 10:15 p.m.•1 views

DEBIAN-CVE-2024-56138

4CVSS6.8AI score0.00008EPSS

Exploits0References1

NVD•added 2025/01/13 10:15 p.m.•7 views

CVE-2024-51491

notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during Quarkslab's security audit on the Certificate Revocation List CRL based revocation check feature. After retrieving the CRL, notation-go...

3.3CVSS0.00035EPSS

Exploits1References3

OSV•added 2025/01/13 10:15 p.m.•0 views

UBUNTU-CVE-2024-56138

4CVSS7AI score0.00008EPSS

Exploits0References4

OSV•added 2025/01/13 10:15 p.m.•1 views

UBUNTU-CVE-2024-51491

3.3CVSS7AI score0.00035EPSS

Exploits1References5

CVE•added 2025/01/13 9:42 p.m.•105 views

CVE-2024-51491

CVE-2024-51491 affects notation-go (CRL revocation cache). The root cause is CRL cache updates via os.Rename: when source and destination reside on different mount points, the operation can fail with EXDEV, causing a crash of notation and aborting signature verification. Affected component is crl...

3.3CVSS3.9AI score0.00035EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2025/01/13 9:42 p.m.•22 views

CVE-2024-51491 Process crash during CRL-based revocation check on OS using separate mount point for temp Directory in notation-go

3.3CVSS6.9AI score0.00035EPSS

Exploits1References3

OSV•added 2025/01/13 9:42 p.m.•4 views

CVE-2024-51491 Process crash during CRL-based revocation check on OS using separate mount point for temp Directory in notation-go

3.3CVSS6.8AI score0.00035EPSS

Exploits1References5

Cvelist•added 2025/01/13 9:37 p.m.•25 views

CVE-2024-56138 Timestamp signature generation lacks certificate revocation check in notion-go

4CVSS0.00008EPSS

Exploits0References2

CVE•added 2025/01/13 9:37 p.m.•262 views

CVE-2024-56138

CVE-2024-56138 affects notion-go, a library for signing/verifying OCI artifacts. The timestamp signature generation path did not verify the revocation status of certificates in the TSA chain, enabling a potential MITM-era countersignature that could be stored by notation and cause CI/CD signature...

4CVSS4.2AI score0.00008EPSS

Exploits0References2

Vulnrichment•added 2025/01/13 9:37 p.m.•17 views

CVE-2024-56138 Timestamp signature generation lacks certificate revocation check in notion-go

4CVSS6.6AI score0.00008EPSS

Exploits0References2

OSV•added 2025/01/13 9:37 p.m.•10 views

CVE-2024-56138 Timestamp signature generation lacks certificate revocation check in notion-go

4CVSS6.5AI score0.00008EPSS

Exploits0References4

Debian CVE•added 2025/01/13 9:37 p.m.•6 views

CVE-2024-56138

4CVSS6.8AI score0.00008EPSS

Exploits0

Github Security Blog•added 2025/01/13 4:14 p.m.•20 views

notation-go's timestamp signature generation lacks certificate revocation check

This issue was identified during Quarkslab's audit of the timestamp feature. Summary During the timestamp signature generation, the revocation status of the certificates used to generate the timestamp signature was not verified. Details During timestamp signature generation, notation-go did not...

4CVSS6.4AI score0.00008EPSS

Exploits0References6Affected Software1

OSV•added 2025/01/13 4:14 p.m.•8 views

GHSA-45V3-38PC-874V notation-go's timestamp signature generation lacks certificate revocation check

4CVSS4.1AI score0.00008EPSS

Exploits0References6

OSV•added 2025/01/13 4:13 p.m.•5 views

GHSA-QJH3-4J3H-VMWP notation-go has an OS error when setting CRL cache leads to denial of signature verification

Summary The issue was identified during Quarkslab's security audit on the Certificate Revocation List CRL based revocation check feature. After retrieving the CRL, notation-go attempts to update the CRL cache using the os.Rename method. However, this operation may fail due to operating...

3.3CVSS4AI score0.00035EPSS

Exploits1References6

CNNVD•added 2025/01/13 12:0 a.m.•2 views

notation-go 安全漏洞

notation-go is a collection of libraries that support signing and validating OCI artifacts for notaryproject individual developers. A security vulnerability exists in notation-go version 1.3.0-rc.1, which stems from a failed CRL cache update operation that results in an unexpected program...

3.3CVSS6.9AI score0.00035EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by