Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Theupdateframework Security Vulnerabilities

cve
cve

CVE-2022-29173

go-tuf is a Go implementation of The Update Framework (TUF). go-tuf does not correctly implement the client workflow for updating the metadata files for roles other than the root role. Specifically, checks for rollback attacks are not implemented correctly meaning an attacker can cause clients to.....

8.8CVSS

8.6AI Score

0.002EPSS

2022-05-05 11:15 PM
48
cve
cve

CVE-2021-41131

python-tuf is a Python reference implementation of The Update Framework (TUF). In both clients (tuf/client and tuf/ngclient), there is a path traversal vulnerability that in the worst case can overwrite files ending in .json anywhere on the client system on a call to get_one_valid_targetinfo(). It....

8.7CVSS

8.5AI Score

0.001EPSS

2021-10-19 06:15 PM
53
cve
cve

CVE-2020-15163

Python TUF (The Update Framework) reference implementation before version 0.12 it will incorrectly trust a previously downloaded root metadata file which failed verification at download time. This allows an attacker who is able to serve multiple new versions of root metadata (i.e. by a...

8.7CVSS

7.9AI Score

0.001EPSS

2020-09-09 06:15 PM
44