Lucene search
K

27 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.10 views

SUSE SLED15 / SLES15 Security Update : cosign (SUSE-SU-2026:2365-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2365-1 advisory. This update for cosign fixes the following issue - CVE-2026-39395: Incorrect attestation verification due to malformed...

5.3CVSS5.4AI score0.00241EPSS
Exploits0References4
OSV
OSV
added 2026/06/11 7:58 a.m.19 views

SUSE-SU-2026:2365-1 Security update for cosign

This update for cosign fixes the following issue - CVE-2026-39395: Incorrect attestation verification due to malformed payloads or mismatched predicate types bsc1261859. Changes for cosign: - update to 3.0.6: Fix DSSE predicate check GHSA-w6c6-c85g-mmv6 4801 Handle whitespace-only certificate...

5.3CVSS5.4AI score0.00241EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2026/04/15 12:0 a.m.4 views

python311-rfc3161-client-1.0.6-1.1 on GA media (moderate)

python311-rfc3161-client-1.0.6-1.1 on GA media Announcement ID: openSUSE-SU-2026:10546-1 Rating: moderate Cross-References: CVE-2026-33753 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

7.5CVSS5.8AI score0.00188EPSS
Exploits1
OSV
OSV
added 2026/04/14 12:0 a.m.3 views

OPENSUSE-SU-2026:10546-1 python311-rfc3161-client-1.0.6-1.1 on GA media

These are all security issues fixed in the python311-rfc3161-client-1.0.6-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS5.8AI score0.00188EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/04/09 11:26 p.m.4 views

SUSE CVE-2026-33753

rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw i...

7.5CVSS5.8AI score0.00188EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/04/08 5:13 p.m.6 views

CVE-2026-33753

A flaw was found in rfc3161-client, a Python library implementing the Time-Stamp Protocol TSP. This authorization bypass vulnerability allows a remote attacker to impersonate a trusted TimeStamping Authority TSA. The flaw exists in the library's signature verification process, specifically in how...

7.5CVSS5.9AI score0.00188EPSS
Exploits1References4
NVD
NVD
added 2026/04/08 4:16 p.m.7 views

CVE-2026-33753

rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw i...

7.5CVSS0.00188EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2026/04/08 3:0 p.m.6 views

sigstore (>=3.6.0 <=3.6.1) potentially affected by CVE-2026-33753 via rfc3161-client (>=0.0.4 <=0.1.2)

rfc3161-client PYPI version =0.0.4, =3.6.0, =3.6.1 Source cves: CVE-2026-33753 Source advisory: OSV:GHSA-3XXC-PWJ6-JGRJ...

7.5CVSS5.4AI score0.00188EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/04/08 3:0 p.m.8 views

rfc3161-client Has Improper Certificate Validation

Summary An Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw in how the library extracts the leaf certificate from an unordered PKCS7 bag of certificates, an attacker ca...

7.5CVSS5.8AI score0.00188EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/04/08 2:54 p.m.26 views

CVE-2026-33753 Improper Certificate Validation in rfc3161-client

rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw i...

6.2CVSS0.00188EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/08 2:54 p.m.6 views

CVE-2026-33753 Improper Certificate Validation in rfc3161-client

rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw i...

6.2CVSS5.9AI score0.00188EPSS
Exploits1References1
CVE
CVE
added 2026/04/08 2:54 p.m.30 views

CVE-2026-33753

CVE-2026-33753 affects the Python library rfc3161-client (prior to 1.0.6). The vulnerability arises in the library’s signature verification when extracting the leaf certificate from an unordered PKCS#7 bag of certificates, enabling an attacker to append a forged certificate that matches the targe...

7.5CVSS5.9AI score0.00188EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.8 views

rfc3161-client 安全漏洞

rfc3161-client is a software developed by Trail of Bits. Versions prior to rfc3161-client 1.0.6 contained security vulnerabilities. These vulnerabilities stemmed from authorization bypasses in signature verification, which could allow attackers to impersonate trusted timestamping institutions...

7.5CVSS5.8AI score0.00188EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-18798

Malicious code in bioql PyPI...

9.3CVSS6.3AI score0.00147EPSS
Exploits0References3
OSV
OSV
added 2025/07/03 12:0 a.m.5 views

OPENSUSE-SU-2025:15282-1 python311-rfc3161-client-1.0.3-1.1 on GA media

These are all security issues fixed in the python311-rfc3161-client-1.0.3-1.1 package on the GA media of openSUSE Tumbleweed...

9.3CVSS5.8AI score0.00147EPSS
Exploits0References1
Veracode
Veracode
added 2025/06/25 6:55 a.m.3 views

Improper Signature Verification

rfc3161-client is vulnerable to Improper Signature Verification. The vulnerability is due to insufficient signature validation due to failure to verify the Timestamp Response TSR signature against the timestamping leaf certificate, allowing attackers to forge signatures that appear valid if the...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/06/23 8:39 a.m.6 views

CVE-2025-52556

rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to version 1.0.3, there is a flaw in the timestamp response signature verification logic. In particular, chain verification is performed against the TSR's embedded certificates up to the trust...

9.3CVSS7AI score0.00147EPSS
Exploits0References1
OSV
OSV
added 2025/06/21 1:33 a.m.4 views

CVE-2025-52556 rfc3161-client has insufficient verification for timestamp response signatures

rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to version 1.0.3, there is a flaw in the timestamp response signature verification logic. In particular, chain verification is performed against the TSR's embedded certificates up to the trust...

9.3CVSS6.5AI score0.00147EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/06/21 1:33 a.m.5 views

CVE-2025-52556 rfc3161-client has insufficient verification for timestamp response signatures

rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to version 1.0.3, there is a flaw in the timestamp response signature verification logic. In particular, chain verification is performed against the TSR's embedded certificates up to the trust...

9.3CVSS6.9AI score0.00147EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/21 1:33 a.m.10 views

CVE-2025-52556 rfc3161-client has insufficient verification for timestamp response signatures

rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to version 1.0.3, there is a flaw in the timestamp response signature verification logic. In particular, chain verification is performed against the TSR's embedded certificates up to the trust...

9.3CVSS0.00147EPSS
Exploits0References2
Rows per page
Query Builder