Cosign verification accepts any valid Rekor entry under certain conditions

Impact A Cosign bundle can be crafted to successfully verify an artifact even if the embedded Rekor entry does not reference the artifact's digest, signature or public key. When verifying a Rekor entry, Cosign verifies the Rekor entry signature, and also compares the artifact's digest, the user's...

PT-2024-5765 · Vim +6 · Vim +6

Name of the Vulnerable Software and Affected Versions: Vim versions prior to 9.1.0647 Description: The issue exists due to a double-free error in the src/alloc.c file, specifically in the tagstack clear entry function. When a window is closed, the corresponding tagstack data is cleared and freed...