Mikko Hyppönen

**Name of the Vulnerable Software and Affected Versions** GnuPG versions through 2.4.8 **Description** The software is susceptible to a signature verification bypass. If a signed message includes the character 'f' at the end of a plaintext line, an attacker can modify the message to add text after the signed content. Despite this modification, signature verification may succeed, although an "invalid armor" message might be displayed during the verification process. This issue is related to the use of 'f' as a marker to indicate the truncation of long plaintext lines. **Recommendations** Update GnuPG to a version newer than 2.4.8.

**Name of the Vulnerable Software and Affected Versions** Java 2 Micro Edition (J2ME) (affected versions not specified) **Description** The issue is related to improper validation of bytecode in Java 2 Micro Edition (J2ME), allowing remote attackers to escape the Kilobyte Virtual Machine (KVM) sandbox and execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.