Known Vulnerabilities for products from Sigstore
Listed below are 6 of the newest known vulnerabilities associated with the vendor "Sigstore".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-47122 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.3 - MEDIUM | 2023-11-10 | 2023-11-16 |
| CVE-2023-46737 json | Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled ... | 5.3 - MEDIUM | 2023-11-07 | 2023-11-14 |
| CVE-2022-36056 json | Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior... | 5.5 - MEDIUM | 2022-09-14 | 2022-09-19 |
| CVE-2022-35930 json | PolicyController is a utility used to enforce supply chain policy in Kubernetes clusters. In versions prior to 0.2.1 PolicyCo... | 8.8 - HIGH | 2022-08-04 | 2022-08-11 |
| CVE-2022-35929 json | cosign is a container signing and verification utility. In versions prior to 1.10.1 cosign can report a false positive if any... | 9.8 - CRITICAL | 2022-08-04 | 2022-08-10 |
| CVE-2022-23649 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 3.3 - LOW | 2022-02-18 | 2022-03-07 |