Missing Report of Error Condition

Overview github.com/sigstore/cosign/cmd/cosign/cli/verify is a package that aims to make signatures invisible infrastructure. Affected versions of this package are vulnerable to Missing Report of Error Condition in the verify-blob-attestation module when used without --check-claims flag. An...

SUSE: Security Advisory (SUSE-SU-2026:1098-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2026-22772 vulnerabilities

Vulnerabilities for packages: falcoctl, gitsign, kubescape, kots, slsa-verifier, tekton-chains, aactl, witness, zarf, cosign, skopeo, vexctl, falco-no-driver, sigstore-scaffolding...

CVE-2025-66564 vulnerabilities

Vulnerabilities for packages: falcoctl-fips, gitsign, goreleaser, docker-cli-buildx, tekton-chains, skaffold, kyverno-fips, teleport-operator-fips, tflint-fips, cosign, spire-server-fips, ko-fips, kyverno-policy-reporter-plugins-kyverno, tekton-chains-fips, kubescape, aactl, crossplane,...

openSUSE Security Advisory (SUSE-SU-2025:02592-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2025:02592-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2024:1486-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-46569 vulnerabilities

Vulnerabilities for packages: kyverno, kots, policy-controller, witness, conftest, tfsec, cosign, kyverno-notation-aws, gatekeeper, trivy, spire-server...

OPENSUSE-SU-2025:14988-1 cosign-2.5.0-1.1 on GA media

These are all security issues fixed in the cosign-2.5.0-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2024-45395 vulnerabilities

Vulnerabilities for packages: gh, cosign-fips, slsa-verifier, cosign...

cosign: Malicious artifects can cause machine-wide denial of service

A flaw was found in the Cosign package where maliciously crafted software artifacts can trigger uncontrolled resource consumption by allocating too much memory and starving out the system. A successful attack may result in a denial of service of the machine running Cosign, impacting availability...

OPENSUSE-SU-2024:13863-1 cosign-2.2.4-1.1 on GA media

These are all security issues fixed in the cosign-2.2.4-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11860-1 cosign-1.5.2-1.1 on GA media

These are all security issues fixed in the cosign-1.5.2-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:13402-1 cosign-2.2.1-1.1 on GA media

These are all security issues fixed in the cosign-2.2.1-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12331-1 cosign-1.12.0-1.1 on GA media

These are all security issues fixed in the cosign-1.12.0-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2024-29902

A flaw was found in the Cosign package where a malicious attachment may trigger uncontrolled resource consumption by allocating too much memory. This flaw allows an attacker to craft a malicious attachment, resulting in a denial of service, possibly impacting other applications running on the sam...

CVE-2023-46737

A flaw was found in the cosign package. A attacker with control of a compromised registry or with privileges to make requests to the cluster can create a specific request that will trigger an infinite loop condition, resulting in a denial of service. Mitigation Mitigation for this issue is either...

openSUSE: Security Advisory for cosign (SUSE-SU-2022:3486-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2022-35929

A flaw was found in the cosign package. The cosign verify-attestation used with the --type flag will report a false positive verification when there is at least one attestation with a valid signature and when there are no attestations of the type being verified for example, —type defaults to...