14 matches found
SUSE CVE-2026-39395
Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures,...
EUVD-2026-19919
Cosign's verify-blob-attestation reports false positive when payload parsing fails...
GHSA-W6C6-C85G-MMV6 Cosign's verify-blob-attestation reports false positive when payload parsing fails
Description cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures, this was due to a logic flaw in the error handling of the predicate type validation. For...
CVE-2026-39395
Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures,...
CVE-2026-39395
Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures,...
CVE-2026-39395 Cosign's verify-blob-attestation reports false positive when payload parsing fails
Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures,...
CVE-2026-39395
Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures,...
Malicious code in new-format (npm)
The package new-format was found to contain malicious code...
MAL-2025-27361 Malicious code in new-format (npm)
The package new-format was found to contain malicious code...
alert (>=0.0.0 <=0.0.1), background-image (=0.0.0) +40 more potentially affected by unknown CVE via new-format (>=0.0.1 <=2.0.0)
new-format NPM version =0.0.1, =0.0.0, =0.0.0, =0.0.0, =0.0.0, =0.3.0, =0.0.0, =0.0.10, =0.0.0, =0.0.0, =0.0.0, =0.0.13 and more Source cves: unknown CVE Source advisory: OSV:MAL-2025-27361...
MAL-2023-280 Malicious code in dow-load-the-best-we-could-do-by-thi-bui-on-ipad-new-format- (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cbe34371c86eb25d33028fc43131c1b1b281f7e57986816c88163b17125302b1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Mozilla: Setting a master password post-Thunderbird 52 does not delete unencrypted previously stored passwords
If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60. The new master...
Taking your feedback on the Security Update Guide
The Security Update Guide has been in public preview since November 2016. This month marked our first release when security update information was published entirely in the new format. Over the last few months, customers and partners have provided a lot of feedback on the direction and...
Taking your feedback on the Security Update Guide
The Security Update Guide has been in public preview since November 2016. This month marked our first release when security update information was published entirely in the new format. Over the last few months, customers and partners have provided a lot of feedback on the direction and...