cosign (SUSE:Linux Enterprise Module for Basesystem 15 SP4) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Basesystem 15 SP4 package cosign, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2022-35929 — CVSS 7.1 (high): cosign is a container signing and verification utility. In versions prior to 1.10.1 cosign can report a false positive if any attestation…
CVE-2022-36056 — CVSS 5.5 (medium): Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior to 1.12.0 a…
CVE-2023-46737 — CVSS 3.1 (low): Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An…