Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.8 views

CVE-2026-6966

Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users to bypass the TUF signature threshold requirement by duplicating a valid signature, causing the client to accept forged delegated role...

7CVSS5.5AI score0.00262EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/05 6:46 p.m.6 views

EUVD-2026-25627

awslabs/tough Delegated Roles have a Signature Threshold Bypass...

7CVSS5.8AI score0.00262EPSS
Exploits0References7
NVD
NVD
added 2026/04/24 8:16 p.m.5 views

CVE-2026-6966

Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users to bypass the TUF signature threshold requirement by duplicating a valid signature, causing the client to accept forged delegated role...

7CVSS0.00262EPSS
Exploits0References6
CVE
CVE
added 2026/04/24 7:38 p.m.24 views

CVE-2026-6966

The CVE-2026-6966 issue affects awslabs/tough prior to tough-v0.22.0, where improper verification of cryptographic signature uniqueness in delegated role validation can allow remote authenticated users to bypass the TUF signature threshold by duplicating a valid signature, causing the client to a...

7CVSS5.3AI score0.00262EPSS
Exploits0References6Affected Software2
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.6 views

PT-2026-35079

Name of the Vulnerable Software and Affected Versions awslabs/tough versions prior to 0.22.0 Description Improper verification of cryptographic signature uniqueness in delegated role validation allows remote authenticated users to bypass the TUF signature threshold requirement by duplicating a...

7CVSS5.2AI score0.00262EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2025/02/05 2:52 p.m.8 views

CVE-2020-15093

The tough library Rust/crates.io prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A...

9.8CVSS6.5AI score0.01357EPSS
Exploits0
Rows per page
Query Builder