VYPR

rpm package

suse/cosign&distro=SUSE Linux Enterprise Module for Basesystem 15 SP4

pkg:rpm/suse/cosign&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4

Vulnerabilities (3)

  • CVE-2023-46737Nov 7, 2023
    affected < 2.2.1-150400.3.14.1fixed 2.2.1-150400.3.14.1

    Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long

  • CVE-2022-36056Sep 14, 2022
    affected < 1.12.0-150400.3.6.1fixed 1.12.0-150400.3.6.1

    Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior to 1.12.0 a number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should h

  • CVE-2022-35929Aug 4, 2022
    affected < 1.10.1-150400.3.3.1fixed 1.10.1-150400.3.3.1

    cosign is a container signing and verification utility. In versions prior to 1.10.1 cosign can report a false positive if any attestation exists. `cosign verify-attestation` used with the `--type` flag will report a false positive verification when there is at least one attestati