5 matches found
GHSA-59JP-PJ84-45MR vulnerabilities
Vulnerabilities for packages: gitsign, falco-no-driver, skopeo, vexctl, falcoctl, kyverno, slsa-verifier, kubescape, aactl, sigstore-scaffolding, kots, tekton-chains, witness, zarf, cosign...
GHSA-4QG8-FJ49-PXJH vulnerabilities
Vulnerabilities for packages: tkn, tflint, skaffold, policy-controller, sigstore-scaffolding, gh, neuvector-sigstore-interface, zot, docker-cli-buildx, goreleaser, vexctl, falcoctl, kyverno, kubescape, aactl, kyverno-notation-aws, spire-server, teleport, tekton-chains, zarf, crossplane, cosign,...
cosign-2.5.0-1.1 on GA media (moderate)
cosign-2.5.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:14988-1 Rating: moderate Cross-References: CVE-2024-51744 CVE-2024-6104 CVE-2025-22868 CVE-2025-22869 CVE-2025-22870 CVE-2025-27144 CVSS scores: CVE-2024-51744 SUSE : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2024-51744 SUS...
CVE-2022-36056 Vulnerabilities with blob verification in sigstore cosign
Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior to 1.12.0 a number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should have failed. First...
CVE-2022-36056
Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior to 1.12.0 a number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should have failed. First...