Missing Report of Error Condition

Overview github.com/sigstore/cosign/cmd/cosign/cli/verify is a package that aims to make signatures invisible infrastructure. Affected versions of this package are vulnerable to Missing Report of Error Condition in the verify-blob-attestation module when used without --check-claims flag. An...

SUSE: Security Advisory (SUSE-SU-2026:1098-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2026-22772 vulnerabilities

Vulnerabilities for packages: kots, kubescape, cosign, sigstore-scaffolding, falcoctl, tekton-chains, gitsign, aactl, vexctl, witness, slsa-verifier, zarf, skopeo, falco-no-driver...

CVE-2025-66564 vulnerabilities

Vulnerabilities for packages: neuvector-sigstore-interface-fips, cloudbeat-fips, spire-server-fips, vexctl, chainctl, kyverno-policy-reporter-plugins-kyverno, falcoctl, crossplane-fips, docker-cli-buildx, aactl, image-factory-fips, flux-source-controller-fips, crossplane, skaffold-fips, cloudbeat...

openSUSE Security Advisory (SUSE-SU-2025:02592-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2025:02592-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2024:1486-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-46569 vulnerabilities

Vulnerabilities for packages: policy-controller, kots, cosign, tfsec, conftest, gatekeeper, kyverno, spire-server, kyverno-notation-aws, witness, trivy...

OPENSUSE-SU-2025:14988-1 cosign-2.5.0-1.1 on GA media

These are all security issues fixed in the cosign-2.5.0-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2024-45395 vulnerabilities

Vulnerabilities for packages: gh, slsa-verifier, cosign-fips, cosign...

cosign: Malicious artifects can cause machine-wide denial of service

A flaw was found in the Cosign package where maliciously crafted software artifacts can trigger uncontrolled resource consumption by allocating too much memory and starving out the system. A successful attack may result in a denial of service of the machine running Cosign, impacting availability...

OPENSUSE-SU-2024:11860-1 cosign-1.5.2-1.1 on GA media

These are all security issues fixed in the cosign-1.5.2-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:13863-1 cosign-2.2.4-1.1 on GA media

These are all security issues fixed in the cosign-2.2.4-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:13402-1 cosign-2.2.1-1.1 on GA media

These are all security issues fixed in the cosign-2.2.1-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12331-1 cosign-1.12.0-1.1 on GA media

These are all security issues fixed in the cosign-1.12.0-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2024-29902

A flaw was found in the Cosign package where a malicious attachment may trigger uncontrolled resource consumption by allocating too much memory. This flaw allows an attacker to craft a malicious attachment, resulting in a denial of service, possibly impacting other applications running on the sam...

CVE-2023-46737

A flaw was found in the cosign package. A attacker with control of a compromised registry or with privileges to make requests to the cluster can create a specific request that will trigger an infinite loop condition, resulting in a denial of service. Mitigation Mitigation for this issue is either...

openSUSE: Security Advisory for cosign (SUSE-SU-2022:3486-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2022-35929

A flaw was found in the cosign package. The cosign verify-attestation used with the --type flag will report a false positive verification when there is at least one attestation with a valid signature and when there are no attestations of the type being verified for example, —type defaults to...