The Update Framework Security Vulnerabilities and Issues — The Update Framework CVE List

Lucene search

LinuxfoundationThe Update Framework

4 matches found

CVE•added 2020/02/05 4:15 p.m.•75 views

CVE-2020-6174

TUF (aka The Update Framework) through 0.12.1 has Improper Verification of a Cryptographic Signature.

9.8CVSS9AI score0.00195EPSS

CVE•added 2021/10/19 6:15 p.m.•68 views

CVE-2021-41131

python-tuf is a Python reference implementation of The Update Framework (TUF). In both clients (tuf/client and tuf/ngclient), there is a path traversal vulnerability that in the worst case can overwrite files ending in .json anywhere on the client system on a call to get_one_valid_targetinfo(). It ...

8.8CVSS8AI score0.00644EPSS

CVE•added 2020/01/14 7:15 p.m.•65 views

CVE-2020-6173

TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows Uncontrolled Resource Consumption.

5.3CVSS5.2AI score0.00173EPSS

CVE•added 2020/09/09 6:15 p.m.•61 views

CVE-2020-15163

Python TUF (The Update Framework) reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. This allows an attacker who is able to serve multiple new versions of root metadata (i.e. by a person-in-th...

8.7CVSS8AI score0.00144EPSS