Lucene search
K

4 matches found

SUSE Linux
SUSE Linux
added 2026/03/03 1:22 p.m.3 views

Security update for cosign

This update for cosign fixes the following issues: Update to version 3.0.5 jscSLE-23879. Security issues fixed: CVE-2025-11065: github.com/go-viper/mapstructure/v2: sensitive Information leak in logs bsc1250620. CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause...

8.3CVSS6.1AI score0.00533EPSS
Exploits4References38
OPENSUSE Linux
OPENSUSE Linux
added 2026/02/24 12:0 a.m.7 views

cosign-3.0.5-1.1 on GA media (moderate)

cosign-3.0.5-1.1 on GA media Announcement ID: openSUSE-SU-2026:10235-1 Rating: moderate Cross-References: CVE-2026-22772 CVE-2026-23991 CVE-2026-23992 CVE-2026-24122 CVE-2026-24137 CVE-2026-26958 CVSS scores: CVE-2026-22772 SUSE : 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVE-2026-22772 SU...

8.3CVSS5.5AI score0.0053EPSS
Exploits3
Vulnrichment
Vulnrichment
added 2026/01/22 2:20 a.m.3 views

CVE-2026-23992 go-tuf improperly validates the configured threshold for delegations

go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, a compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification. This can lead to...

5.9CVSS5.5AI score0.00196EPSS
Exploits0References2
CVE
CVE
added 2026/01/22 2:20 a.m.23 views

CVE-2026-23992

The CVE-2026-23992 entry concerns go-tuf (Go implementation of The Update Framework). It states that in versions 2.0.0 up to but not including 2.3.1, a compromised or misconfigured TUF repository could configure signature thresholds to 0, effectively disabling signature verification. This can all...

7.5CVSS5.5AI score0.00196EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder