8 matches found
CVE-2026-44309
Summary: CVE-2026-44309 affects gitsign up to version 0.15.x, fixed in 0.16.0. The issue arises because gitsign verify and verify-tag re-encode commits/tags using go-git’s EncodeWithoutSignature instead of verifying raw bytes. Go-git performs loose parsing and discards the first of two identical ...
CVE-2025-59803
Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via triggers. An attacker can embed triggers e.g., JavaScript in a PDF document that execute during the signing process. When a signer reviews the document, the content appears normal. However, once the signature is applied, the...
CVE-2022-1799
Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrading the SDK past the 2022-05-03 release...
Gitsign Security Vulnerabilities
Gitsign is a tool for Gitsign individual developers to sign Git commits key-free. A security vulnerability exists in Gitsign version 0.6.0 through versions prior to 0.8.0, which stems from the fact that the Rekor public key is obtained through the Rekor API, not through the local TUF client, and...
CVE-2022-1799
Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrading the SDK past the 2022-05-03 release...
CVE-2022-1799
CVE-2022-1799 affects the Google Play services SDK, specifically the play-services-basement component. The issue is an incorrect signature trust where a debug version of Google Play services is trusted by the SDK for devices that are non-GMS, enabling potential trust bypass. Public references con...
Microsoft Device Guard Remote Security Bypass Vulnerability
Microsoft Windows 10, Windows Server 2016, and Windows Server Version 1709 are products of Microsoft Corporation.Microsoft Windows 10 is a cross-platform operating system for PCs and devices such as laptops, tablets, and phones.Windows Server 2016 and Windows Server Version 1709 are server...
ca-certificates-mozilla: add, remove or blacklist some certificates (important)
The Mozilla CA certificates package was updated to match the current Mozilla revision 1.95 of certdata.txt. It blacklists some misused certificate authorities, adds some new and adjusts some others. On openSUSE 13.1 a problem with names was also fixed. distrust: AC DG Tresor SSL bnc854367 new:...