27 matches found
SUSE SLED15 / SLES15 Security Update : cosign (SUSE-SU-2026:2365-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2365-1 advisory. This update for cosign fixes the following issue - CVE-2026-39395: Incorrect attestation verification due to malformed...
SUSE-SU-2026:2365-1 Security update for cosign
This update for cosign fixes the following issue - CVE-2026-39395: Incorrect attestation verification due to malformed payloads or mismatched predicate types bsc1261859. Changes for cosign: - update to 3.0.6: Fix DSSE predicate check GHSA-w6c6-c85g-mmv6 4801 Handle whitespace-only certificate...
python311-rfc3161-client-1.0.6-1.1 on GA media (moderate)
python311-rfc3161-client-1.0.6-1.1 on GA media Announcement ID: openSUSE-SU-2026:10546-1 Rating: moderate Cross-References: CVE-2026-33753 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...
OPENSUSE-SU-2026:10546-1 python311-rfc3161-client-1.0.6-1.1 on GA media
These are all security issues fixed in the python311-rfc3161-client-1.0.6-1.1 package on the GA media of openSUSE Tumbleweed...
SUSE CVE-2026-33753
rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw i...
CVE-2026-33753
A flaw was found in rfc3161-client, a Python library implementing the Time-Stamp Protocol TSP. This authorization bypass vulnerability allows a remote attacker to impersonate a trusted TimeStamping Authority TSA. The flaw exists in the library's signature verification process, specifically in how...
CVE-2026-33753
rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw i...
sigstore (>=3.6.0 <=3.6.1) potentially affected by CVE-2026-33753 via rfc3161-client (>=0.0.4 <=0.1.2)
rfc3161-client PYPI version =0.0.4, =3.6.0, =3.6.1 Source cves: CVE-2026-33753 Source advisory: OSV:GHSA-3XXC-PWJ6-JGRJ...
rfc3161-client Has Improper Certificate Validation
Summary An Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw in how the library extracts the leaf certificate from an unordered PKCS7 bag of certificates, an attacker ca...
CVE-2026-33753 Improper Certificate Validation in rfc3161-client
rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw i...
CVE-2026-33753 Improper Certificate Validation in rfc3161-client
rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw i...
CVE-2026-33753
CVE-2026-33753 affects the Python library rfc3161-client (prior to 1.0.6). The vulnerability arises in the library’s signature verification when extracting the leaf certificate from an unordered PKCS#7 bag of certificates, enabling an attacker to append a forged certificate that matches the targe...
rfc3161-client 安全漏洞
rfc3161-client is a software developed by Trail of Bits. Versions prior to rfc3161-client 1.0.6 contained security vulnerabilities. These vulnerabilities stemmed from authorization bypasses in signature verification, which could allow attackers to impersonate trusted timestamping institutions...
EUVD-2025-18798
Malicious code in bioql PyPI...
OPENSUSE-SU-2025:15282-1 python311-rfc3161-client-1.0.3-1.1 on GA media
These are all security issues fixed in the python311-rfc3161-client-1.0.3-1.1 package on the GA media of openSUSE Tumbleweed...
Improper Signature Verification
rfc3161-client is vulnerable to Improper Signature Verification. The vulnerability is due to insufficient signature validation due to failure to verify the Timestamp Response TSR signature against the timestamping leaf certificate, allowing attackers to forge signatures that appear valid if the...
CVE-2025-52556
rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to version 1.0.3, there is a flaw in the timestamp response signature verification logic. In particular, chain verification is performed against the TSR's embedded certificates up to the trust...
CVE-2025-52556 rfc3161-client has insufficient verification for timestamp response signatures
rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to version 1.0.3, there is a flaw in the timestamp response signature verification logic. In particular, chain verification is performed against the TSR's embedded certificates up to the trust...
CVE-2025-52556 rfc3161-client has insufficient verification for timestamp response signatures
rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to version 1.0.3, there is a flaw in the timestamp response signature verification logic. In particular, chain verification is performed against the TSR's embedded certificates up to the trust...
CVE-2025-52556 rfc3161-client has insufficient verification for timestamp response signatures
rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to version 1.0.3, there is a flaw in the timestamp response signature verification logic. In particular, chain verification is performed against the TSR's embedded certificates up to the trust...