Lucene search
K

8 matches found

CVE
CVE
added 2026/05/15 4:22 p.m.31 views

CVE-2026-44309

Summary: CVE-2026-44309 affects gitsign up to version 0.15.x, fixed in 0.16.0. The issue arises because gitsign verify and verify-tag re-encode commits/tags using go-git’s EncodeWithoutSignature instead of verifying raw bytes. Go-git performs loose parsing and discards the first of two identical ...

5.3CVSS5.8AI score0.00119EPSS
Exploits0References1
OSV
OSV
added 2025/12/11 4:16 p.m.5 views

CVE-2025-59803

Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via triggers. An attacker can embed triggers e.g., JavaScript in a PDF document that execute during the signing process. When a signer reviews the document, the content appears normal. However, once the signature is applied, the...

5.3CVSS5.9AI score0.00156EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:11 a.m.10 views

CVE-2022-1799

Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrading the SDK past the 2022-05-03 release...

9.8CVSS7.1AI score0.00258EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/11/10 12:0 a.m.5 views

Gitsign Security Vulnerabilities

Gitsign is a tool for Gitsign individual developers to sign Git commits key-free. A security vulnerability exists in Gitsign version 0.6.0 through versions prior to 0.8.0, which stems from the fact that the Rekor public key is obtained through the Rekor API, not through the local TUF client, and...

5.3CVSS6.4AI score0.00369EPSS
Exploits0References5
NVD
NVD
added 2022/07/29 10:15 a.m.22 views

CVE-2022-1799

Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrading the SDK past the 2022-05-03 release...

9.8CVSS0.00258EPSS
Exploits0References1
CVE
CVE
added 2022/07/29 9:15 a.m.64 views

CVE-2022-1799

CVE-2022-1799 affects the Google Play services SDK, specifically the play-services-basement component. The issue is an incorrect signature trust where a debug version of Google Play services is trusted by the SDK for devices that are non-GMS, enabling potential trust bypass. Public references con...

9.8CVSS7.6AI score0.00258EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2018/04/13 12:0 a.m.4 views

Microsoft Device Guard Remote Security Bypass Vulnerability

Microsoft Windows 10, Windows Server 2016, and Windows Server Version 1709 are products of Microsoft Corporation.Microsoft Windows 10 is a cross-platform operating system for PCs and devices such as laptops, tablets, and phones.Windows Server 2016 and Windows Server Version 1709 are server...

3.3CVSS7AI score0.0236EPSS
Exploits1References1
OPENSUSE Linux
OPENSUSE Linux
added 2013/12/13 3:4 p.m.16 views

ca-certificates-mozilla: add, remove or blacklist some certificates (important)

The Mozilla CA certificates package was updated to match the current Mozilla revision 1.95 of certdata.txt. It blacklists some misused certificate authorities, adds some new and adjusts some others. On openSUSE 13.1 a problem with names was also fixed. distrust: AC DG Tresor SSL bnc854367 new:...

2.5AI score
Exploits0References2
Rows per page
Query Builder