sm-crypto Affected by Signature Malleability in SM2-DSA

Summary A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library. An attacker can derive a new valid signature for a previously signed message from an existing signature. Credit This vulnerability was discovered by: - XlabAI Team of Tencent...

EUVD-2019-11980

Malware in sbrugna...

EUVD-2023-12487

Malicious code in bioql PyPI...

SUSE CVE-2021-25634

LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to...

Rocky Linux 8 : libreoffice (RLSA-2022:1766)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1766 advisory. - LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurr...

CVE-2022-35929

A flaw was found in the cosign package. The cosign verify-attestation used with the --type flag will report a false positive verification when there is at least one attestation with a valid signature and when there are no attestations of the type being verified for example, —type defaults to...

UBUNTU-CVE-2022-1834

When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an attacker to send an email message with the attacker's digital signature, that was shown...

libreoffice: Timestamp Manipulation with Signature Wrapping

A flaw was found in LibreOffice, where it inserted a signing timestamp. This flaw allows LibreOffice to present a valid signature due to the altered signing time. The highest threat from this vulnerability is to confidentiality and integrity...

CVE-2021-3349

GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the bes...

CVE-2021-3349

GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the bes...

CVE-2021-3349

GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the bes...

Design/Logic Flaw

DISPUTED GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution i...

CVE-2021-3349

CVE-2021-3349 concerns GNOME Evolution up to version 3.38.3, where the client can display a "+Valid signature+" for a key/identity that is unknown, because Evolution does not retrieve sufficient information from the GnuPG API. The issue is a verification/identity-trust UI quirk rather than a clas...

CVE-2021-3349

GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the bes...

CVE-2021-3349

GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the bes...

CVE-2021-3349

GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the bes...

CVE-2021-3349

GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the bes...

PT-2021-20151 · Gnome +2 · Gnome Evolution +2

Name of the Vulnerable Software and Affected Versions: GNOME Evolution versions 3.38.3 and earlier Description: The issue arises when GNOME Evolution produces a "Valid signature" message for an unknown identifier on a previously trusted key. This occurs because Evolution does not retrieve enough...

CVE-2019-2338

Crafted image that has a valid signature from a non-QC entity can be loaded which can read/write memory that belongs to the secure world in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired...

CVE-2019-2338

Crafted image that has a valid signature from a non-QC entity can be loaded which can read/write memory that belongs to the secure world in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired...