a2a-sigstore (=0.4.0), aiogithubapi (>=23.9.0 <=23.11.0) +68 more potentially affected by unknown CVE via tuf (>=1.0.0 <=6.0.0)

tuf PYPI version =1.0.0, =23.9.0, =0.2.0, =0.14.0, =0.0.1, =0.1.0, =0.1.9, =0.1.9, =0.1.9, =0.1.20 - floe-catalog-glue =0.1.0a1 - floe-catalog-polaris =0.1.0a1 - floe-compute-duckdb =0.1.0a1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-QP9X-WP8F-QGJJ...

SUSE CVE-2026-24686

go-tuf is a Go implementation of The Update Framework TUF. go-tuf's TAP 4 Multirepo Client uses the map file repository name string repoName as a filesystem path component when selecting the local metadata cache directory. Starting in version 2.0.0 and prior to version 2.4.1, if an application...

CVE-2026-23992

CVE-2026-23992 concerns go-tuf prior to 2.3.1 where a compromised or misconfigured TUF repository can set the signature threshold to 0, effectively bypassing signature verification and allowing unauthorized modification of TUF metadata at rest or in transit (no integrity checks). The issue is lin...

Linux Distros Unpatched Vulnerability : CVE-2026-23992

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, a compromised or misconfigured TUF repository c...

CVE-2020-6173

TUF aka The Update Framework 0.7.2 through 0.12.1 allows Uncontrolled Resource Consumption...

CVE-2020-15093

The tough library Rust/crates.io prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A...

CVE-2020-15163

Python TUF The Update Framework reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. This allows an attacker who is able to serve multiple new versions of root metadata i.e. by a...

repository-service-tuf (>=0.0.1a7 <=0.11.0b1), sigstore (>=1.1.0 <=1.1.2rc1) +1 more potentially affected by unknown CVE via tuf (>=2.0.0 <=3.1.0)

tuf PYPI version =2.0.0, =0.0.1a7, =1.1.0, =0.4.3, =0.5.1 Source cves: unknown CVE Source advisory: OSV:GHSA-77HH-43CM-V8J6...

go-tuf 安全漏洞

go-tuf is a framework for protecting software update systems. A security vulnerability exists in go-tuf that stems from the lack of protection against rollback attacks for roles other than root...

CVE-2020-6173

TUF aka The Update Framework 0.7.2 through 0.12.1 allows Uncontrolled Resource Consumption...