[SECURITY] Fedora 43 Update: rust-sequoia-sop-0.37.3-3.fc43

An implementation of the Stateless OpenPGP Interface using Sequoia...

CVE-2026-48863

A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processin...

bouncycastle: BC-JAVA: unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpg. A specially crafted PGP AEAD Authenticated Encryption with Associated Data message with an unbounded chunk size can lead to an excessive consumption of memory. This issue allows an unauthenticated remote attacker to cause memory...

bouncycastle: BC-JAVA: unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpg. A specially crafted PGP AEAD Authenticated Encryption with Associated Data message with an unbounded chunk size can lead to an excessive consumption of memory. This issue allows an unauthenticated remote attacker to cause memory...

GNU Privacy Guard 2.5.19

GnuPG the GNU Privacy Guard or GPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As suc...

PT-2026-33030

Name of the Vulnerable Software and Affected Versions BC-JAVA versions prior to 1.84 Description An issue in the bcpg modules allows for unbounded PGP AEAD chunk size, which can lead to pre-authentication resource exhaustion. Resource exhaustion occurs when a system lacks limits or throttling on...

EUVD-2026-18156

SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another user's PGP signature as their own...

CVE-2026-29138

SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another user's PGP signature as their own...

PT-2026-22893

SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicate PGP signature verification results, leaving users unable to detect forged emails...

rPGP's integrity protection of encrypted data was not always checked

Summary For some messages, rPGP returned incorrectly decrypted data without signaling that integrity protection was invalid. Details When decrypting SEIPD Symmetrically Encrypted and Integrity Protected Data Packet, rPGP previously did not under all circumstances report the absence of valid...

tc Tor Chat Client 1.3

tc is a low-tech free solution to make yourself anonymously reachable for chat by anyone who only know your onion address and your public key. Messages are PGP encrypted end-to-end and forwarded by Tor's relays...

USN-7730-1 kf5-messagelib vulnerabilities

Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jörg Schwenk discovered that PIM Messagelib could be made to leak the plaintext of S/MIME encrypted emails when retrieving external content in emails. Under certain...

CVE-2025-8660 Privilege Escalation in Symantec PGP Encryption 11.0.1

Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed...

Mutt 安全漏洞

Mutt is a text-based e-mail client for Unix-like systems by Michael Elkins, a personal developer. A security vulnerability exists in Mutt, which stems from PGP encryption that does not use the --hive-recipient mode, thereby disclosing the header field of a cc'd e-mail message...

Savignano Software Solutions S/Notify Security Breach

Savignano Software Solutions S/Notify is an email encryption program from Savignano Software Solutions, Germany. A security vulnerability previously existed in Savignano Software Solutions S/Notify version 4.0.2, which stemmed from the presence of a cross-site request forgery CSRF vulnerability...

Gentoo Portage Security Vulnerability

Gentoo is an open source Linux system from the Gentoo Foundation. A security vulnerability exists in Gentoo Portage versions prior to 3.0.47, which stems from a lack of PGP validation for code execution...

DEBIAN-CVE-2023-50762

When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a...

Mozilla: User Interface lockup with messages combining S/MIME and OpenPGP

The Mozilla Foundation Security Advisory describes this flaw as: If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user'...

SUSE CVE-2018-15586

Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email...

Mozilla Thunderbird 安全漏洞

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The software supports IMAP and POP mail protocols as well as the HTML mail format. A security vulnerability exists in Mozilla Thunderbird, which can be...