Lucene search
K

11 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2021-1579

Malware in sbrugna...

8.6CVSS8.5AI score0.01357EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2021/08/25 8:56 p.m.29 views

Improper verification of signature threshold in tough

Impact The tough library, prior to 0.7.1, does not properly verify the uniqueness of keys in the signatures provided to meet the threshold of cryptographic signatures. It allows someone with access to a valid signing key to create multiple valid signatures in order to circumvent TUF requiring a...

8.6CVSS0.5AI score0.01357EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2021/08/25 8:56 p.m.27 views

GHSA-5Q2R-92F9-4M49 Improper verification of signature threshold in tough

Impact The tough library, prior to 0.7.1, does not properly verify the uniqueness of keys in the signatures provided to meet the threshold of cryptographic signatures. It allows someone with access to a valid signing key to create multiple valid signatures in order to circumvent TUF requiring a...

8.6CVSS9AI score0.01357EPSS
Exploits0References6
OSV
OSV
added 2020/08/21 4:25 p.m.16 views

GHSA-PWQF-9H7J-7MV8 Incorrect threshold signature computation in TUF

Impact Metadadata signature verification, as used in tuf.client.updater, counted each of multiple signatures with identical authorized keyids separately towards the threshold. Therefore, an attacker with access to a valid signing key could create multiple valid signatures in order to meet the...

9.8CVSS9AI score0.00979EPSS
Exploits0References7
NVD
NVD
added 2020/07/09 7:15 p.m.26 views

CVE-2020-15093

The tough library Rust/crates.io prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A...

8.6CVSS0.01357EPSS
Exploits0References4
Prion
Prion
added 2020/07/09 7:15 p.m.18 views

Information disclosure

The tough library Rust/crates.io prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A...

5CVSS9AI score0.01357EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2020/07/09 6:45 p.m.70 views

CVE-2020-15093

The CVE-2020-15093 entry concerns the tough library (Rust/crates.io) prior to version 0.7.1, where the threshold of cryptographic signatures is not properly verified. This allows an attacker to duplicate a valid signature to bypass TUF’s minimum threshold of unique signatures before metadata is c...

8.6CVSS9AI score0.01357EPSS
Exploits0References4Affected Software1
RustSec
RustSec
added 2020/07/09 12:0 p.m.20 views

Improper uniqueness verification of signature threshold

The tough library, prior to 0.7.1, does not properly verify the uniqueness of keys in the signatures provided to meet the threshold of cryptographic signatures. It allows someone with access to a valid signing key to create multiple valid signatures in order to circumvent TUF requiring a minimum...

9.8CVSS1.5AI score0.00979EPSS
Exploits0Affected Software1
OSV
OSV
added 2020/07/09 12:0 p.m.76 views

RUSTSEC-2020-0024 Improper uniqueness verification of signature threshold

The tough library, prior to 0.7.1, does not properly verify the uniqueness of keys in the signatures provided to meet the threshold of cryptographic signatures. It allows someone with access to a valid signing key to create multiple valid signatures in order to circumvent TUF requiring a minimum...

8.6CVSS9AI score0.01357EPSS
Exploits0References3
CVE
CVE
added 2020/02/05 3:49 p.m.88 views

CVE-2020-6174

The CVE-2020-6174 issue affects the tough library (Rust/crates.io) prior to version 0.7.1, where signatures’ threshold verification is broken. Specifically, the vulnerability allows an attacker to duplicate a valid signature and circumvent the minimum threshold required for metadata validity. A f...

9.8CVSS9AI score0.00979EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2020/02/05 3:49 p.m.18 views

CVE-2020-6174

TUF aka The Update Framework through 0.12.1 has Improper Verification of a Cryptographic Signature...

9.8CVSS9.2AI score0.00979EPSS
Exploits0
Rows per page
Query Builder