84 matches found
Tuf - A Framework For Securing Software Update Systems
This repository is the reference implementation of The Update Framework TUF. It is written in Python and intended to conform to version 1.0 of the TUF specification. This implementation is in use in production systems, but is also intended to be a readable guide and demonstration for those workin...
CVE-2020-15163
Python TUF The Update Framework reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. This allows an attacker who is able to serve multiple new versions of root metadata i.e. by a...
Design/Logic Flaw
Python TUF The Update Framework reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. This allows an attacker who is able to serve multiple new versions of root metadata i.e. by a...
PYSEC-2020-145
Python TUF The Update Framework reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. This allows an attacker who is able to serve multiple new versions of root metadata i.e. by a...
PYSEC-2020-145
Python TUF The Update Framework reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. This allows an attacker who is able to serve multiple new versions of root metadata i.e. by a...
CVE-2020-15163
CVE-2020-15163 affects the Python TUF (The Update Framework) reference implementation prior to 0.12, which could incorrectly trust a previously downloaded root metadata file that failed verification. An attacker capable of serving multiple new root-metadata versions (MITM) could culminate in a ve...
CVE-2020-15163 Invalid root may become trusted root in The Update Framework (TUF)
Python TUF The Update Framework reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. This allows an attacker who is able to serve multiple new versions of root metadata i.e. by a...
GHSA-F8MR-JV2C-V8MG Invalid root may become trusted root in The Update Framework (TUF)
Impact The Python TUF reference implementation tuf0.12 will incorrectly trust a previously downloaded root metadata file which failed verification at download time. This allows an attacker who is able to serve multiple new versions of root metadata i.e. by a man-in-the-middle attack culminating i...
CVE-2020-6174
TUF aka The Update Framework through 0.12.1 has Improper Verification of a Cryptographic Signature...
CVE-2020-6174
TUF aka The Update Framework through 0.12.1 has Improper Verification of a Cryptographic Signature...
Input validation
TUF aka The Update Framework through 0.12.1 has Improper Verification of a Cryptographic Signature...
PYSEC-2020-147
TUF aka The Update Framework through 0.12.1 has Improper Verification of a Cryptographic Signature...
PYSEC-2020-147
TUF aka The Update Framework through 0.12.1 has Improper Verification of a Cryptographic Signature...
CVE-2020-6174
The CVE-2020-6174 issue affects the tough library (Rust/crates.io) prior to version 0.7.1, where signatures’ threshold verification is broken. Specifically, the vulnerability allows an attacker to duplicate a valid signature and circumvent the minimum threshold required for metadata validity. A f...
CVE-2020-6174
TUF aka The Update Framework through 0.12.1 has Improper Verification of a Cryptographic Signature...
CVE-2020-6173
TUF aka The Update Framework 0.7.2 through 0.12.1 allows Uncontrolled Resource Consumption...
CVE-2020-6173
TUF aka The Update Framework 0.7.2 through 0.12.1 allows Uncontrolled Resource Consumption...
PYSEC-2020-146
TUF aka The Update Framework 0.7.2 through 0.12.1 allows Uncontrolled Resource Consumption...
Design/Logic Flaw
TUF aka The Update Framework 0.7.2 through 0.12.1 allows Uncontrolled Resource Consumption...
PYSEC-2020-146
TUF aka The Update Framework 0.7.2 through 0.12.1 allows Uncontrolled Resource Consumption...