Lucene search
K

7 matches found

SUSE CVE
SUSE CVE
added 2026/04/10 11:25 p.m.10 views

SUSE CVE-2026-39395

Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures,...

6.5CVSS5.8AI score0.00241EPSS
Exploits0References4
OSV
OSV
added 2026/04/08 12:15 a.m.2 views

GHSA-W6C6-C85G-MMV6 Cosign's verify-blob-attestation reports false positive when payload parsing fails

Description cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures, this was due to a logic flaw in the error handling of the predicate type validation. For...

4.3CVSS5.8AI score0.00241EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/08 12:15 a.m.5 views

EUVD-2026-19919

Cosign's verify-blob-attestation reports false positive when payload parsing fails...

4.3CVSS5.9AI score0.00241EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/04/07 8:16 p.m.16 views

CVE-2026-39395

Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures,...

5.3CVSS6AI score0.00241EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/07 8:6 p.m.6 views

CVE-2026-39395

Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures,...

4.3CVSS6AI score0.00241EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/07 8:6 p.m.17 views

CVE-2026-39395 Cosign's verify-blob-attestation reports false positive when payload parsing fails

Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures,...

4.3CVSS0.00241EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/04/07 8:6 p.m.9 views

CVE-2026-39395

Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures,...

5.3CVSS5.5AI score0.00241EPSS
Exploits0
Rows per page
Query Builder