Lucene search
K

7 matches found

NVD
NVD
added 2026/06/25 6:16 p.m.8 views

CVE-2026-55961

wolfSSLPKCS7verify returning success for a degenerate certs-only PKCS7 object that contains no signer. Such an object has empty signerInfos, so the underlying signed-data verification succeeds without authenticating any content. The compatibility-layer verify path now rejects the object when no...

8.2CVSS0.00095EPSS
Exploits0References2
OSV
OSV
added 2026/05/15 5:16 p.m.6 views

UBUNTU-CVE-2026-44310

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify in pkg/git/verifier.go unconditionally dereferences certs0 after sd.GetCertificates without checking the slice length. A CMS/PKCS7 signed message with...

5.4CVSS5.9AI score0.00111EPSS
Exploits0References3
OSV
OSV
added 2026/05/08 5:37 p.m.6 views

GHSA-7C37-GX6W-8VC5 gitsign --verify panics on empty-certificate PKCS7 and exits 0, bypassing exit-code callers

Summary CertVerifier.Verify in pkg/git/verifier.go unconditionally dereferences certs0 after sd.GetCertificates without checking the slice length. A CMS/PKCS7 signed message with an empty certificate set is a structurally valid DER payload; GetCertificates returns an empty slice with no error,...

5.4CVSS5.8AI score0.00111EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.17 views

PT-2026-39244

Name of the Vulnerable Software and Affected Versions Gitsign versions 0.4.0 through 0.14.x Description In the CertVerifier.Verify function within pkg/git/verifier.go, the software unconditionally dereferences the first element of a certificate slice certs0 after calling sd.GetCertificates withou...

5.4CVSS5.8AI score0.00111EPSS
Exploits0References12
Snyk
Snyk
added 2026/03/05 12:42 a.m.3 views

Cross-site Request Forgery (CSRF)

Overview ghost is a publishing platform Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the /session/verify component. An attacker can gain unauthorized access to user sessions by exploiting incomplete protections, potentially allowing takeover of site...

8.8CVSS5.6AI score0.00157EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/03/27 4:25 a.m.3 views

SUSE CVE-2021-47176

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: add missing discipline function Fix crash with illegal operation exception in dasddevicetasklet. Commit b72949328869 "s390/dasd: Prepare for additional path event handling" renamed the verifypath function for ECKD but...

5.5CVSS7.7AI score0.00222EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/03/25 12:0 a.m.7 views

PT-2024-11223 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a missing discipline function in the s390/dasd component of the Linux kernel. This leads to a crash with an illegal operation exception in dasd device tasklet...

7.8CVSS6.5AI score0.01549EPSS
Exploits5References802
Rows per page
Query Builder