ROS-20240815-02

🗓️ 15 Aug 2024 00:00:00Reported by RedosType

The cpr.c component of GnuPG has a vulnerability in the write_status_text_and_buffer function allowing remote attackers access to confidential data and violating integrity

Reporter	Title	Published	Views	Family All 160
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in GnuPG [CVE-2022-3515 and CVE-2022-34903]	30 Nov 202210:22	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities	7 Jun 202316:53	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.	26 Mar 202503:30	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs	26 Mar 202503:32	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Verify Access Appliance includes components with known vulnerabilities	12 Jan 202323:10	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to spoofing attacks in GnuPG (CVE-2022-34903)	31 Mar 202316:59	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from containerd, gnupg2, runc and IBM WebSphere Application Server Liberty	20 Oct 202212:19	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in base image packages affect IBM Voice Gateway	27 Oct 202218:15	–	ibm
ATTACKERKB	CVE-2022-34903	1 Jul 202222:15	–	attackerkb
Tenable Nessus	Amazon Linux 2022 : gnupg2, gnupg2-minimal, gnupg2-smime (ALAS2022-2022-126)	6 Sep 202200:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
redos	7.3	x86_64	gnupg2	2.2.20-3	UNKNOWN

15 Aug 2024 00:00Current

7.3High risk

Vulners AI Score7.3

CVSS 25.8

CVSS 3.16.5

EPSS0.015