rpm package
suse/cosign&distro=SUSE Linux Enterprise Module for Basesystem 15 SP5
pkg:rpm/suse/cosign&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-29903 | — | < 2.2.4-150400.3.20.1 | 2.2.4-150400.3.20.1 | Apr 10, 2024 | Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, maliciously-crafted software artifacts can cause denial of service of the machine running Cosign thereby impacting all services on the machine. The root cause is that Cosign creates | ||
| CVE-2024-29902 | — | < 2.2.4-150400.3.20.1 | 2.2.4-150400.3.20.1 | Apr 10, 2024 | Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory a | ||
| CVE-2023-48795 | Med | 5.9 | < 2.2.3-150400.3.17.1 | 2.2.3-150400.3.17.1 | Dec 18, 2023 | The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end | |
| CVE-2023-46737 | — | < 2.2.1-150400.3.14.1 | 2.2.1-150400.3.14.1 | Nov 7, 2023 | Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long |
- CVE-2024-29903Apr 10, 2024affected < 2.2.4-150400.3.20.1fixed 2.2.4-150400.3.20.1
Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, maliciously-crafted software artifacts can cause denial of service of the machine running Cosign thereby impacting all services on the machine. The root cause is that Cosign creates
- CVE-2024-29902Apr 10, 2024affected < 2.2.4-150400.3.20.1fixed 2.2.4-150400.3.20.1
Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory a
- affected < 2.2.3-150400.3.17.1fixed 2.2.3-150400.3.17.1
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end
- CVE-2023-46737Nov 7, 2023affected < 2.2.1-150400.3.14.1fixed 2.2.1-150400.3.14.1
Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long