5 matches found
EUVD-2024-0257
Malicious code in bioql PyPI...
PT-2025-12664 · Kyverno · Kyverno
Name of the Vulnerable Software and Affected Versions: Kyverno versions prior to 1.14.0-alpha.1 Description: Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores the subjectRegExp and issuerRegExp fields when verifying...
GO-2023-1829 Notation vulnerable to denial of service from high number of artifact signatures in github.com/notaryproject/notation
Notation vulnerable to denial of service from high number of artifact signatures in github.com/notaryproject/notation...
CVE-2024-23332
CVE-2024-23332 affects the Notary Project: client configurations using permissive trust policies can enable rollback attacks if a compromised registry serves outdated artifacts. The connected sources describe that artifact publishers can set signature expiry and revoke certificates to keep artifa...
Notation vulnerable to denial of service from high number of artifact signatures
Impact An attacker who controls or compromises a registry can make the registry serve an infinite number of signatures for the artifact, causing a denial of service to the host machine running notation verify. Patches The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade the...