3 matches found
CVE-2023-24827
syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. A password disclosure flaw was found in Syft versions v0.69.0 and v0.69.1. This flaw leaks the password stored in the SYFTATTESTPASSWORD environment variable. The...
PT-2023-19808 · Syft · Syft
Name of the Vulnerable Software and Affected Versions: syft versions v0.69.0 through v0.69.1 Description: A password disclosure flaw was found in syft, which leaks the password stored in the SYFT ATTEST PASSWORD environment variable. This variable is used to decrypt the private key during the...
Security update for trivy (moderate)
openSUSE Security Update: Security update for trivy Announcement ID: openSUSE-SU-2022:10081-1 Rating: moderate References: Cross-References: CVE-2022-1996 CVSS scores: CVE-2022-1996 NVD : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-1996 SUSE: 7.5...