9 matches found
EUVD-2025-60978
In TEE EcDSA algorithm, there is a possible memory consistency issue. This could lead to generated incorrect signature results with low probability...
CVE-2025-31719
In TEE EcDSA algorithm, there is a possible memory consistency issue. This could lead to generated incorrect signature results with low probability...
CVE-2025-31719
CVE-2025-31719 concerns a memory consistency issue in the TEE EcDSA algorithm that could lead to incorrect signature results with low probability. Multiple sources (Red Hat, EUVD/ENISA, NVD, CVE lists) reiterate the same description; no concrete impact specifics (affected product versions, exploi...
PT-2025-46222
Name of the Vulnerable Software and Affected Versions TEE affected versions not specified Description A memory consistency issue exists within the TEE EcDSA algorithm. This issue may result in the generation of incorrect signature results, though the probability of this occurring is low...
ismp-grandpa crate accepted incorrect signatures
A critical vulnerability was discovered in the ismp-grandpa crate, that allowed a malicious prover easily convince the verifier of the finality of arbitrary headers. Description The vulnerability manifests as a verifer that only accepts incorrect signatures of Grandpa precommits and was introduce...
GHSA-WWX5-GPGR-VXR7 ismp-grandpa crate accepted incorrect signatures
A critical vulnerability was discovered in the ismp-grandpa crate, that allowed a malicious prover easily convince the verifier of the finality of arbitrary headers. Description The vulnerability manifests as a verifer that only accepts incorrect signatures of Grandpa precommits and was introduce...
LibreOffice 安全漏洞
LibreOffice is an open source office software suite from The Document Foundation. The product includes the Writer text documents, Calc spreadsheets, and Impress presentations applications. A security vulnerability exists in LibreOffice version 24.2 up to and including 24.2.5, which stems from the...
CVE-2023-47122
Gitsign is software for keyless Git signing using Sigstore. In versions of gitsign starting with 0.6.0 and prior to 0.8.0, Rekor public keys were fetched via the Rekor API, instead of through the local TUF client. If the upstream Rekor server happened to be compromised, gitsign clients could...
Design/Logic Flaw
Gitsign is software for keyless Git signing using Sigstore. In versions of gitsign starting with 0.6.0 and prior to 0.8.0, Rekor public keys were fetched via the Rekor API, instead of through the local TUF client. If the upstream Rekor server happened to be compromised, gitsign clients could...