6 matches found
CVE-2026-31801
zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. From 1.3.0 to 2.1.14, zot’s dist-spec authorization middleware infers the required action for PUT /v2/name/manifests/reference as create by default, and only switches to update when the t...
GO-2026-4668 zot’s create-only policy allows overwrite attempts of existing latest tag (update permission not required) in zotregistry.dev/zot
zot’s create-only policy allows overwrite attempts of existing latest tag update permission not required in zotregistry.dev/zot. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...
EUVD-2026-10891
zot’s create-only policy allows overwrite attempts of existing latest tag update permission not required...
EUVD-2026-10890
zot’s create-only policy allows overwrite attempts of existing latest tag update permission not required...
PT-2026-24461
Name of the Vulnerable Software and Affected Versions zot versions 1.3.0 through 2.1.14 Description zot is a container image/artifact registry based on the Open Container Initiative Distribution Specification. The dist-spec authorization middleware incorrectly infers the required action for PUT...
SUSE-SU-2025:02592-1 Security update for cosign
This update for cosign fixes the following issues: Update to version 2.5.3 jscSLE-23879: - CVE-2025-46569: Fixed OPA server Data API HTTP path injection of Rego bsc1246725 Changelog: Update to 2.5.3: - Add signing-config create command 4280 - Allow multiple services to be specified for trusted-ro...