10 matches found
aiogithubapi (=23.11.0), authsignal (=2.0.1) +22 more potentially affected by unknown CVE via tuf (>=1.0.0 <=6.0.0)
tuf PYPI version =1.0.0, =2026.5.21.dev103715, =1.50.0, =2.4.0, =0.1.0, =2022.0.0 - projectair =1.0.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-QP9X-WP8F-QGJJ...
SUSE CVE-2026-24686
go-tuf is a Go implementation of The Update Framework TUF. go-tuf's TAP 4 Multirepo Client uses the map file repository name string repoName as a filesystem path component when selecting the local metadata cache directory. Starting in version 2.0.0 and prior to version 2.4.1, if an application...
CVE-2026-23992
The CVE-2026-23992 entry concerns go-tuf (Go implementation of The Update Framework). It states that in versions 2.0.0 up to but not including 2.3.1, a compromised or misconfigured TUF repository could configure signature thresholds to 0, effectively disabling signature verification. This can all...
Linux Distros Unpatched Vulnerability : CVE-2026-23992
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, a compromised or misconfigured TUF repository c...
CVE-2020-6173
TUF aka The Update Framework 0.7.2 through 0.12.1 allows Uncontrolled Resource Consumption...
CVE-2020-15093
The tough library Rust/crates.io prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A...
CVE-2020-15163
Python TUF The Update Framework reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. This allows an attacker who is able to serve multiple new versions of root metadata i.e. by a...
repository-service-tuf (>=0.0.1a7 <=0.11.0b1), sigstore (>=1.1.0 <=1.1.2rc1) +1 more potentially affected by unknown CVE via tuf (>=2.0.0 <=3.1.0)
tuf PYPI version =2.0.0, =0.0.1a7, =1.1.0, =0.4.3, =0.5.1 Source cves: unknown CVE Source advisory: OSV:GHSA-77HH-43CM-V8J6...
go-tuf 安全漏洞
go-tuf is a framework for protecting software update systems. A security vulnerability exists in go-tuf that stems from the lack of protection against rollback attacks for roles other than root...
CVE-2020-6173
TUF aka The Update Framework 0.7.2 through 0.12.1 allows Uncontrolled Resource Consumption...