Lucene search
K

6 matches found

Tenable Nessus
Tenable Nessus
added 2022/08/24 12:0 a.m.40 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : cosign (SUSE-SU-2022:2877-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:2877-1 advisory. - Updated to 1.10.1 jscSLE-23879: - CVE-2022-35929: Fixed an issue where cosign verify-attestation --type...

9.8CVSS7.3AI score0.00551EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2022/08/24 12:0 a.m.11 views

openSUSE: Security Advisory for cosign (SUSE-SU-2022:2877-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS9.6AI score0.00551EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2022/08/24 12:0 a.m.12 views

SUSE: Security Advisory (SUSE-SU-2022:2877-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.00551EPSS
Exploits1References2
OSV
OSV
added 2022/08/23 11:31 a.m.5 views

SUSE-SU-2022:2877-1 Security update for cosign

This update for cosign fixes the following issues: - Updated to 1.10.1 jscSLE-23879: - CVE-2022-35929: Fixed an issue where cosign verify-attestation --type could report false positives when there was at least one attestation with a valid signature and there were no attestations of the type being...

9.8CVSS9.5AI score0.00551EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/08/04 6:45 p.m.24 views

CVE-2022-35929 False positive signature verification in cosign

cosign is a container signing and verification utility. In versions prior to 1.10.1 cosign can report a false positive if any attestation exists. cosign verify-attestation used with the --type flag will report a false positive verification when there is at least one attestation with a valid...

7.1CVSS9.5AI score0.00551EPSS
Exploits1References2
CVE
CVE
added 2022/08/04 6:45 p.m.132 views

CVE-2022-35929

CVE-2022-35929 affects cosign prior to version 1.10.1. In cosign verify-attestation, using --type (default: custom) can yield a false positive when there is at least one attestation with a valid signature and no attestations of the type being verified. Repro example uses distroless image with a v...

9.8CVSS8AI score0.00551EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder