Lucene search
+L

72 matches found

NVD
NVD
added 2 days ago5 views

CVE-2026-49835

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.1.0, the global wrapMetrics middleware records raw HTTP request path r.URL.Path and raw HTTP request method r.Method as Prometheus labels for latency and request count metric vectors before routing, allowing an...

5.9CVSS0.00652EPSS
Exploits0References3
CVE
CVE
added 2 days ago26 views

CVE-2026-49835

CVE-2026-49835 affects Sigstore Timestamp Authority. The issue arises from the legacy wrapMetrics middleware, which records raw HTTP path and method as Prometheus labels for latency and request count, enabling an unauthenticated attacker to issue requests with arbitrary paths/methods and create u...

5.9CVSS5.3AI score0.00652EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago36 views

CVE-2026-49835 Sigstore Timestamp Authority: OOM due to unbounded metric label cardinality

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.1.0, the global wrapMetrics middleware records raw HTTP request path r.URL.Path and raw HTTP request method r.Method as Prometheus labels for latency and request count metric vectors before routing, allowing an...

5.9CVSS0.00652EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2 days ago5 views

CVE-2026-49835 Sigstore Timestamp Authority: OOM due to unbounded metric label cardinality

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.1.0, the global wrapMetrics middleware records raw HTTP request path r.URL.Path and raw HTTP request method r.Method as Prometheus labels for latency and request count metric vectors before routing, allowing an...

5.9CVSS5.3AI score0.00652EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 5 days ago7 views

CVE-2026-49835

A flaw was found in Sigstore Timestamp Authority. An unauthenticated remote attacker can exploit this vulnerability by sending requests with arbitrary HTTP paths and methods. This leads to the creation of an excessive number of unique metric labels, causing unbounded memory growth and a denial of...

5.9CVSS6.1AI score0.00652EPSS
Exploits0References4
OSV
OSV
added 2026/07/07 3:26 p.m.7 views

GO-2026-5851 Sigstore Timestamp Authority has OOM due to unbounded metric label cardinality in github.com/sigstore/timestamp-authority

Sigstore Timestamp Authority has OOM due to unbounded metric label cardinality in github.com/sigstore/timestamp-authority...

5.9CVSS5.9AI score0.00652EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.10 views

SUSE SLED15: docker / docker-bash-completion / docker-buildx / etc (SUSE-SU-2026:2692-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2692-1 advisory. This update for docker fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in...

9.6CVSS7.3AI score0.00781EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.11 views

openSUSE 16: docker / docker-bash-completion / docker-buildx / etc (openSUSE-SU-2026:21060-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21060-1 advisory. This update for docker fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad...

9.6CVSS7.5AI score0.00781EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2026/06/30 6:40 p.m.8 views

Sigstore Timestamp Authority has OOM due to unbounded metric label cardinality

Impact An unauthenticated remote attacker can trigger unbounded memory growth on the timestamp authority server. This vulnerability exists because the global wrapMetrics middleware records the raw HTTP request path r.URL.Path and raw HTTP request method r.Method as Prometheus labels for latency a...

5.9CVSS6AI score0.00652EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2026/06/25 10:34 p.m.5 views

GO-2026-5763 Sigstore Timestamp Authority has Improper Certificate Validation in verifier in github.com/sigstore/timestamp-authority

Sigstore Timestamp Authority has Improper Certificate Validation in verifier in github.com/sigstore/timestamp-authority...

5.5CVSS7.1AI score0.00099EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 12:44 p.m.10 views

SUSE-SU-2026:22285-1 Security update for docker

This update for docker fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265782. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation bypass...

9.6CVSS7.3AI score0.00781EPSS
Exploits0References9
OSV
OSV
added 2026/05/17 9:24 p.m.7 views

OPENSUSE-SU-2026:20809-1 Security update for trivy

This update for trivy fixes the following issues - CVE-2025-64702: github.com/quic-go/quic-go/http3: quic-go HTTP/3 QPACK Header Expansion DoS bsc1255366. - CVE-2025-69725: github.com/go-chi/chi/v5: incorrect input validation in the RedirectSlashes function can lead to an open redirect bsc1258513...

9.8CVSS6.6AI score0.01557EPSS
Exploits1References18
OSV
OSV
added 2026/04/27 6:33 p.m.18 views

JLSEC-2026-220 The X.509 GeneralName type is a generic type for representing different types of names. One of...

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERALNAMEcmp which compares different instances of a GENERALNAME to see if they are equal or not. This function behaves incorrect...

5.9CVSS6.6AI score0.06968EPSS
Exploits3References39
SUSE CVE
SUSE CVE
added 2026/04/20 11:26 p.m.5 views

SUSE CVE-2026-39984

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the VerifyTimestampResponse function. VerifyTimestampResponse correctly verifies the certificate chain signature, but the TSA-specific constraint...

5.5CVSS5.7AI score0.00099EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/04/16 2:8 p.m.6 views

CVE-2026-39984

A flaw was found in timestamp-authority, specifically in the timestamp-authority/v2/pkg/verification package. An attacker can exploit this issue by prepending a forged certificate to the certificate bag while the message is signed with an authorized key. This causes the library to validate the...

5.5CVSS5.7AI score0.00099EPSS
Exploits0References5
NVD
NVD
added 2026/04/15 4:17 a.m.5 views

CVE-2026-39984

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the VerifyTimestampResponse function. VerifyTimestampResponse correctly verifies the certificate chain signature, but the TSA-specific constraint...

5.5CVSS0.00099EPSS
Exploits0References2
OSV
OSV
added 2026/04/15 4:17 a.m.3 views

DEBIAN-CVE-2026-39984

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the VerifyTimestampResponse function. VerifyTimestampResponse correctly verifies the certificate chain signature, but the TSA-specific constraint...

5.5CVSS5.4AI score0.00099EPSS
Exploits0References1
OSV
OSV
added 2026/04/15 4:17 a.m.6 views

UBUNTU-CVE-2026-39984

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the VerifyTimestampResponse function. VerifyTimestampResponse correctly verifies the certificate chain signature, but the TSA-specific constraint...

5.5CVSS5.7AI score0.00099EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.10 views

Sigstore Timestamp Authority 安全漏洞

Sigstore Timestamp Authority is an open-source RFC3161 timestamp authorization software developed by sigstore. Versions of Sigstore Timestamp Authority 2.0.5 and earlier contained security vulnerabilities. These vulnerabilities stemmed from issues with the VerifyTimestampResponse function, which...

5.5CVSS5.8AI score0.00099EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/15 12:0 a.m.5 views

CVE-2026-39984

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the VerifyTimestampResponse function. VerifyTimestampResponse correctly verifies the certificate chain signature, but the TSA-specific constraint...

5.5CVSS5.8AI score0.00099EPSS
Exploits0References2
Rows per page
Query Builder