Approved changes feed: RSS · Atom
cpe:2.3:a:docker:notary:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Docker (fb312c2d-be4d-5919-b619-61409dcafa2c) |
|---|---|
| Product | Notary (a6a41343-f6ee-52bf-8fa1-99e2d5d03c66) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:deb/debian/notary |
purl2cpe | 2026-06-01 10:13:10.865016 |
pkg:deb/ubuntu/notary |
purl2cpe | 2026-06-01 10:13:10.865017 |
pkg:docker/susescc/notary |
purl2cpe | 2026-06-01 10:13:10.865019 |
pkg:github/notaryproject/notary |
purl2cpe | 2026-06-01 10:13:10.865020 |
pkg:rpm/fedora/golang-github-theupdateframework-notary |
purl2cpe | 2026-06-01 10:13:10.865022 |
pkg:rpm/opensuse/notary |
purl2cpe | 2026-06-01 10:13:10.865023 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2015-9259 |
vulnerable | 2026-06-03 14:35:19.498069 |
Details available
In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to an old root.json file.
Published: 2018-03-31T21:00:00.000Z
Updated: 2024-08-06T08:43:42.540Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-9258 |
vulnerable | 2026-06-03 14:35:19.497680 |
Details available
In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might (for example) be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed25519 elliptic-curve data.
Published: 2018-03-31T21:00:00.000Z
Updated: 2024-08-06T08:43:41.870Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.