UBUNTU-CVE-2026-44310

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify in pkg/git/verifier.go unconditionally dereferences certs0 after sd.GetCertificates without checking the slice length. A CMS/PKCS7 signed message with...

CVE-2026-39856

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code pepagehashcalc. When processing PE sections for page hashing, the function uses...

CVE-2026-39856

osslsigncode (before 2.13) has an out-of-bounds read in PE page-hash calculation (pe_page_hash_calc) when processing PE sections. The code uses PointerToRawData and SizeOfRawData from section headers without ensuring the referenced region lies within the mapped file, allowing an attacker to craft...

EUVD-2024-30288

Malicious code in bioql PyPI...

[SECURITY] Fedora 40 Update: keyring-ima-signer-0.1.0-17.fc40

The IMA Integrity Measurement Architecture is a key component of the Linux integrity subsystem designed to ensure integrity, authenticity, and confidentiality of systems including hardware root of trusts TPM. This tool allows signing of files in userspace, inclusding options of including the...

[SECURITY] Fedora 39 Update: keyring-ima-signer-0.1.0-11.fc39

The IMA Integrity Measurement Architecture is a key component of the Linux integrity subsystem designed to ensure integrity, authenticity, and confidentiality of systems including hardware root of trusts TPM. This tool allows signing of files in userspace, inclusding options of including the...

CVE-2023-46737

Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long loop resulting in...

CVE-2020-8675

Insufficient control flow management in firmware build and signing tool for IntelR Innovation Engine before version 1.0.859 may allow an unauthenticated user to potentially enable escalation of privilege via physical access...

Design/Logic Flaw

Insufficient control flow management in firmware build and signing tool for IntelR Innovation Engine before version 1.0.859 may allow an unauthenticated user to potentially enable escalation of privilege via physical access...

Intel Innovation Engine Build and Signing Tool Elevation of Privilege Vulnerability

Intel Innovation Engine is an Intel Innovation Engine from Intel Corporation, USA, which is the embedded core of the Peripheral Controller Hub PCH.The Build and Signing Tool is one of the... An elevation of privilege vulnerability exists in Build and Signing Tool in versions prior to Intel...