Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2023-1751)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.0 : gnupg2 (EulerOS-SA-2023-1751)

According to the versions of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and othe...

Amazon Linux 2023 : gnupg2, gnupg2-minimal, gnupg2-smime (ALAS2023-2023-087)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-087 advisory. A vulnerability was found in GnuPG. This issue occurs due to an escape detection loop at the writestatustextandbuffer function in g10/cpr.c. This flaw allows a malicious actor to bypass access control...

CBL Mariner 2.0 Security Update: gnupg2 (CVE-2022-34903)

The version of gnupg2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-34903 advisory. - GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a...

Debian: Security Advisory (DLA-62-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2006-4339

OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS 1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying...

SUSE CVE-2006-4340

Mozilla Network Security Service NSS library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatur...

SUSE CVE-2006-4790

verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS 1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from...

SUSE CVE-2006-5462

Mozilla Network Security Service NSS library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatur...

SUSE CVE-2010-4020

MIT Kerberos 5 aka krb5 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a 1 AD-SIGNEDPATH or 2 AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte...

SUSE CVE-2016-6129

The rsaverifyhashex function in rsaverifyhash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a...

SUSE CVE-2018-15836

In verifysignedhash in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used. IKEv2...

SUSE CVE-2018-16151

In verifyemsapkcs1signature in gmprsapublickey.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS1 v1.5 signature verification. Similar to the flaw in the same version of strongSwa...

SUSE CVE-2022-34903

GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints e.g., use of GPGME are met, allows signature forgery via injection into the status line...

Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2023-1256)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.2 : gnupg2 (EulerOS-SA-2023-1256)

According to the versions of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and othe...

CVE-2020-22653

In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 SCG200 before 3.6.2.0.795, SmartZone 100 SZ-100 before 3.6.2.0.795, SmartZone 300 SZ300 before 3.6.2.0.795, Virtua...

PQClean 数据伪造问题漏洞

PQClean is a clean, portable, and tested implementation of post-quantum cryptography. PQClean suffers from a security vulnerability that stems from an intermediate data leak in vectors leading to the possibility of forging digital signatures...

PT-2023-19366 · Pqclean · Pqclean

Name of the Vulnerable Software and Affected Versions: PQClean version d03da30 Description: The issue allows universal forgeries of digital signatures via a template side-channel attack because of intermediate data leakage of one vector. This is related to CRYSTALS-DILITHIUM in Post-Quantum...

Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2022-2929)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...