CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

SUSE CVE•added 2026/04/10 11:25 p.m.•3 views

SUSE CVE-2026-39395

Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures,...

6.5CVSS5.8AI score0.00241EPSS

Exploits0References3

EUVD•added 2026/04/08 12:15 a.m.•2 views

EUVD-2026-19919

Cosign's verify-blob-attestation reports false positive when payload parsing fails...

4.3CVSS5.9AI score0.00241EPSS

Exploits0References2

OSV•added 2026/04/08 12:15 a.m.•1 views

GHSA-W6C6-C85G-MMV6 Cosign's verify-blob-attestation reports false positive when payload parsing fails

Description cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures, this was due to a logic flaw in the error handling of the predicate type validation. For...

4.3CVSS5.8AI score0.00241EPSS

Exploits0References3

UbuntuCve•added 2026/04/07 8:16 p.m.•3 views

CVE-2026-39395

5.3CVSS6AI score0.00241EPSS

Exploits0References2

Cvelist•added 2026/04/07 8:6 p.m.•13 views

CVE-2026-39395 Cosign's verify-blob-attestation reports false positive when payload parsing fails

4.3CVSS0.00241EPSS

Exploits0References1

ATTACKERKB•added 2026/04/07 8:6 p.m.•4 views

CVE-2026-39395

4.3CVSS6AI score0.00241EPSS

Exploits0References2Affected Software1

AlpineLinux•added 2026/04/07 8:6 p.m.•7 views

CVE-2026-39395

5.3CVSS5.5AI score0.00241EPSS

Exploits0

Positive Technologies•added 2026/04/07 12:0 a.m.•2 views

PT-2026-31065

Name of the Vulnerable Software and Affected Versions tar.Reader affected versions not specified Description tar.Reader can allocate an unbounded amount of memory when processing a specially crafted archive containing numerous sparse regions encoded using the "old GNU sparse map" format. This can...

9.1CVSS5.8AI score0.00565EPSS

Exploits0References238

Tenable Nessus•added 2025/11/20 12:0 a.m.•2 views

TencentOS Server 3: tar (TSSA-2023:0096)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0096 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

5.5CVSS6.7AI score0.04524EPSS

Exploits1References3

SUSE CVE•added 2023/02/15 6:12 a.m.•3 views

SUSE CVE-2007-2452

Heap-based buffer overflow in the visitoldformat function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036...

6CVSS8.4AI score0.02225EPSS

Exploits0References3

CNVD•added 2015/11/29 12:0 a.m.•3 views

dpkg stack buffer overflow vulnerability

dpkg is a package management system developed specifically for "Debian" to facilitate the installation, update and removal of software. A stack buffer overflow vulnerability exists in the dpkg-deb component of dpkg, which allows an attacker to construct a Debian binary package in an old format th...

7.5CVSS10AI score0.04994EPSS

Exploits0References1

OSV•added 2007/06/04 4:30 p.m.•12 views

CVE-2007-2452

7.9AI score

Exploits0References12