3 matches found
EUVD-2022-2949
Malicious code in bioql PyPI...
DEBIAN-CVE-2015-9258
In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might for example be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed2551...
CVE-2015-9259
In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to an old root.json fi...