Lucene search
K

10 matches found

OSV
OSV
added 2026/03/03 1:22 p.m.6 views

SUSE-SU-2026:0777-1 Security update for cosign

This update for cosign fixes the following issues: Update to version 3.0.5 jscSLE-23879. Security issues fixed: - CVE-2025-11065: github.com/go-viper/mapstructure/v2: sensitive Information leak in logs bsc1250620. - CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cau...

7.5CVSS6.9AI score0.00533EPSS
Exploits4References19
Tenable Nessus
Tenable Nessus
added 2026/02/21 12:0 a.m.6 views

openSUSE 15 Security Update : vexctl (SUSE-SU-2026:0592-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0592-1 advisory. - Update to version 0.4.1+git78.f951e3a: - CVE-2025-22868: Unexpected memory consumption during token parsing in golang.org/x/oauth2. bsc1239186 -...

9.1CVSS7AI score0.03153EPSS
Exploits5References28
SUSE CVE
SUSE CVE
added 2026/01/24 12:24 a.m.6 views

SUSE CVE-2026-24137

sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client pkg/tuf/client.go supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from...

5.3CVSS5.7AI score0.0037EPSS
Exploits0References8
NVD
NVD
added 2026/01/23 12:15 a.m.10 views

CVE-2026-24137

sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client pkg/tuf/client.go supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from...

5.8CVSS0.0037EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/23 12:4 a.m.2 views

CVE-2026-24137 sigstore legacy TUF client allows for arbitrary file writes with target cache path traversal

sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client pkg/tuf/client.go supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from...

5.8CVSS5.7AI score0.0037EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/23 12:4 a.m.4 views

CVE-2026-24137

sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client pkg/tuf/client.go supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from...

5.8CVSS5.5AI score0.0037EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/01/23 12:4 a.m.7 views

CVE-2026-24137 sigstore legacy TUF client allows for arbitrary file writes with target cache path traversal

sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client pkg/tuf/client.go supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from...

5.8CVSS5.7AI score0.0037EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/23 12:4 a.m.34 views

CVE-2026-24137 sigstore legacy TUF client allows for arbitrary file writes with target cache path traversal

sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client pkg/tuf/client.go supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from...

5.8CVSS0.0037EPSS
Exploits0References3
CVE
CVE
added 2026/01/23 12:4 a.m.30 views

CVE-2026-24137

CVE-2026-24137 affects the sigstore framework (Go library used by sigstore services/clients). In versions ≤ 1.10.3, the legacy TUF client stores cached target files on disk by constructing a filesystem path from a cache base directory and a name from signed target metadata, without ensuring the p...

5.8CVSS5.7AI score0.0037EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/01/23 12:0 a.m.10 views

CVE-2026-24137

sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client pkg/tuf/client.go supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from...

5.8CVSS6.7AI score0.0037EPSS
Exploits0References4
Rows per page
Query Builder