Lucene search
K

5 matches found

RedHat Linux
RedHat Linux
added 2022/07/25 10:9 p.m.89 views

Moderate: Red Hat Security Advisory: ACS 3.71 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes bug fixes and feature improvements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...

8.8CVSS7.3AI score0.00532EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2022/05/05 11:15 p.m.26 views

CVE-2022-29173

go-tuf is a Go implementation of The Update Framework TUF. go-tuf does not correctly implement the client workflow for updating the metadata files for roles other than the root role. Specifically, checks for rollback attacks are not implemented correctly meaning an attacker can cause clients to...

8.8CVSS7.2AI score0.00532EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/05/05 10:30 p.m.17 views

CVE-2022-29173 No protection against rollback attacks in go-tuf

go-tuf is a Go implementation of The Update Framework TUF. go-tuf does not correctly implement the client workflow for updating the metadata files for roles other than the root role. Specifically, checks for rollback attacks are not implemented correctly meaning an attacker can cause clients to...

8CVSS9AI score0.00532EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/05/05 10:30 p.m.3 views

CVE-2022-29173 No protection against rollback attacks in go-tuf

go-tuf is a Go implementation of The Update Framework TUF. go-tuf does not correctly implement the client workflow for updating the metadata files for roles other than the root role. Specifically, checks for rollback attacks are not implemented correctly meaning an attacker can cause clients to...

8CVSS8.7AI score0.00532EPSS
Exploits0References2
CVE
CVE
added 2022/05/05 10:30 p.m.76 views

CVE-2022-29173

The CVE-2022-29173 issue affects go-tuf, a Go implementation of The Update Framework (TUF). The root cause is rollback-attack vulnerabilities in the client workflow for non-root roles: the client may ignore previously trusted metadata and may treat timestamp/snapshot files as trusted before valid...

8.8CVSS8.3AI score0.00532EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder