Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

OSV
OSVadded 2025/03/28 10:13 p.m.6 views

GHSA-V4WR-J3W6-MXQC tough terminating targets role delegations are not respected

Summary Delegations are a mechanism defined by the TUF specification that allow multiple different identities to provide and sign content within a single repository. Terminating delegations and delegation priority give a TUF repository unambiguous control over how overlapping delegations are...

5.7CVSS6.1AI score0.00255EPSS
Exploits0References6
Github Security Blog
Github Security Blogadded 2025/03/28 10:13 p.m.22 views

tough terminating targets role delegations are not respected

Summary Delegations are a mechanism defined by the TUF specification that allow multiple different identities to provide and sign content within a single repository. Terminating delegations and delegation priority give a TUF repository unambiguous control over how overlapping delegations are...

5.7CVSS6.1AI score0.00255EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blogadded 2025/03/28 10:12 p.m.18 views

tough root metadata version is not checked for sequential versioning

Summary When updating the root role, a TUF client must establish a trusted line of continuity to the latest set of keys. While sequentially downloading new versions of the root metadata file, tough will not check that the root object version it received was the next sequential version from the...

5.7CVSS6.2AI score0.00255EPSS
Exploits0References6Affected Software1
OSV
OSVadded 2025/03/28 10:12 p.m.3 views

GHSA-5VMP-M5V2-HX47 tough root metadata version is not checked for sequential versioning

Summary When updating the root role, a TUF client must establish a trusted line of continuity to the latest set of keys. While sequentially downloading new versions of the root metadata file, tough will not check that the root object version it received was the next sequential version from the...

5.7CVSS6.2AI score0.00255EPSS
Exploits0References6
OSV
OSVadded 2025/03/28 2:49 p.m.5 views

GHSA-76G3-38JV-WXH4 tough timestamp metadata is cached when it fails snapshot rollback check

Summary TUF repositories use the timestamp role to protect against rollback events by enabling an automated process to periodically sign the role's metadata. While tough will ensure that the version of snapshot metadata in new timestamp metadata files was always greater than or equal to the...

5.7CVSS6.1AI score0.00255EPSS
Exploits0References6
Github Security Blog
Github Security Blogadded 2025/03/28 2:49 p.m.15 views

tough timestamp metadata is cached when it fails snapshot rollback check

Summary TUF repositories use the timestamp role to protect against rollback events by enabling an automated process to periodically sign the role's metadata. While tough will ensure that the version of snapshot metadata in new timestamp metadata files was always greater than or equal to the...

5.7CVSS6.1AI score0.00255EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder