5 matches found
openSUSE Security Advisory (SUSE-SU-2024:3911-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-47534 vulnerabilities
Vulnerabilities for packages: falcoctl, zarf, cosign, trivy, apko, spire-server, wolfictl, zot, policy-controller, slsa-verifier, tekton-chains, sigstore-scaffolding, kubescape, vexctl, gitsign, tkn, gh, neuvector-sigstore-interface, rekor, aactl...
CVE-2024-47534 vulnerabilities
Vulnerabilities for packages: gitsign, policy-controller-fips, tkn, rekor, vexctl, wolfictl, trivy-fips, trivy, melange, tkn-fips, zot, neuvector-sigstore-interface-fips, cosign-fips, falcoctl-fips, tekton-chains-fips, aactl, spire-server-fips, kubescape, sigstore-scaffolding,...
CVE-2024-47534
go-tuf is a Go implementation of The Update Framework TUF. The go-tuf client inconsistently traces the delegations. For example, if targets delegate to "A", and to "B", and "B" delegates to "C", then the client should trace the delegations in the order "A" then "B" then "C" but it may incorrectly...
CVE-2024-47534 Incorrect delegation lookups can make go-tuf download the wrong artifact
go-tuf is a Go implementation of The Update Framework TUF. The go-tuf client inconsistently traces the delegations. For example, if targets delegate to "A", and to "B", and "B" delegates to "C", then the client should trace the delegations in the order "A" then "B" then "C" but it may incorrectly...