Lucene search
K

3309 matches found

UbuntuCve
UbuntuCve
added 2006/09/28 6:7 p.m.46 views

CVE-2006-2940

OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service CPU consumption via parasitic public keys with large 1 "public exponent" or 2 "public modulus" values in X.509 certificates that require extra time to process when using RSA...

7.8CVSS6.7AI score0.04903EPSS
Exploits1References3
OSV
OSV
added 2006/09/28 6:7 p.m.7 views

CVE-2006-2940

OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service CPU consumption via parasitic public keys with large 1 "public exponent" or 2 "public modulus" values in X.509 certificates that require extra time to process when using RSA...

9.1AI score
Exploits0References142
Cvelist
Cvelist
added 2006/09/28 6:0 p.m.24 views

CVE-2006-2940

OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service CPU consumption via parasitic public keys with large 1 "public exponent" or 2 "public modulus" values in X.509 certificates that require extra time to process when using RSA...

7.4AI score0.04903EPSS
Exploits1References142
Tenable Nessus
Tenable Nessus
added 2006/09/22 12:0 a.m.47 views

CentOS 4 : firefox (CESA-2006:0675)

Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Two flaws were found in the way Firefox...

10CVSS7.5AI score0.14074EPSS
Exploits1References11
RedHat Linux
RedHat Linux
added 2006/09/15 6:49 a.m.43 views

Critical: Red Hat Security Advisory: thunderbird security update

Updated thunderbird packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Thunderbird is a standalone mail and newsgroup client. Two flaws were found in...

10CVSS6.7AI score0.14074EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2006/07/05 12:0 a.m.34 views

CentOS 3 / 4 : gnu / gnupg (CESA-2006:0266)

An updated GnuPG package that fixes signature verification flaws as well as minor bugs is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. GnuPG is a utility for encrypting data and creating digital signatures. Tavis Ormandy...

5CVSS7AI score0.02373EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2006/05/13 12:0 a.m.30 views

FreeBSD : gnupg -- false positive signature verification (63fe4189-9f97-11da-ac32-0001020eed82)

Werner Koch reports : The Gentoo project identified a security related bug in GnuPG. When using any current version of GnuPG for unattended signature verification e.g. by scripts and mail programs, false positive signature verification of detached signatures may occur. This problem affects the to...

4.6CVSS7.3AI score0.01327EPSS
Exploits1References3
Ubuntu
Ubuntu
added 2006/04/04 3:39 p.m.32 views

USN-264-1: gnupg vulnerability

Tavis Ormandy discovered a flaw in gnupg's signature verification. In some cases, certain invalid signature formats could cause gpg to report a 'good signature' result for auxiliary unsigned data which was prepended or appended to the checked message part...

5CVSS5.2AI score0.02373EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2006/03/15 4:36 p.m.7 views

security flaw

gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also...

4.6CVSS7.2AI score0.01327EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2006/03/14 12:0 a.m.21 views

Fedora Core 4 : gnupg-1.4.2.2-1 (2006-147)

Tavis Ormandy discovered a flaw in the way GnuPG verifies cryptographically signed data with inline signatures. It is possible for an attacker to add unsigned text to a signed message in such a way so that when the signed text is extracted, the unsigned text is extracted as well, appearing as if ...

5CVSS5.4AI score0.02373EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2006/03/13 9:6 p.m.16 views

CVE-2006-0049

gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different...

5CVSS7.1AI score0.02373EPSS
Exploits0References2
Cvelist
Cvelist
added 2006/03/13 9:0 p.m.18 views

CVE-2006-0049

gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different...

5.9AI score0.02373EPSS
Exploits0References31
CVE
CVE
added 2006/03/13 9:0 p.m.79 views

CVE-2006-0049

GnuPG (gnupg) prior to 1.4.2.2 is affected by CVE-2006-0049: it does not properly verify non-detached or inline signatures, allowing an attacker to inject unsigned data into a checked message and have the signature appear valid. Several advisories (Ubuntu USN-264-1, CentOS/CESA-2006:0266, Mandrak...

5CVSS5.9AI score0.02373EPSS
Exploits0References31Affected Software1
Tenable Nessus
Tenable Nessus
added 2006/03/13 12:0 a.m.28 views

Ubuntu 4.10 / 5.04 / 5.10 : gnupg vulnerability (USN-252-1)

Tavis Ormandy discovered a potential weakness in the signature verification of gnupg. gpgv and gpg --verify returned a successful exit code even if the checked file did not have any signature at all. The recommended way of checking the result is to evaluate the status messages, but some third-par...

4.6CVSS7.3AI score0.01327EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2006/03/13 12:0 a.m.28 views

GLSA-200603-08 : GnuPG: Incorrect signature verification

The remote host is affected by the vulnerability described in GLSA-200603-08 GnuPG: Incorrect signature verification OpenPGP is the standard that defines the format of digital signatures supported by GnuPG. OpenPGP signatures consist of multiple sections, in a strictly defined order. Tavis Ormand...

5CVSS5.4AI score0.02373EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2006/03/09 12:0 a.m.31 views

GnuPG does not detect injection of unsigned data

Werner Koch reports: In the aftermath of the false positive signature verfication bug announced 2006-02-15 more thorough testing of the fix has been done and another vulnerability has been detected. This new problem affects the use of gpg for verification of signatures which are not detached...

5CVSS6.4AI score0.02373EPSS
Exploits0References1
Prion
Prion
added 2006/02/23 8:2 p.m.22 views

Code injection

The signature verification functionality in the YaST Online Update YOU script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used...

5CVSS7.2AI score0.01736EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2006/02/23 8:2 p.m.26 views

CVE-2006-0803

The signature verification functionality in the YaST Online Update YOU script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used...

5CVSS6.6AI score0.01736EPSS
Exploits0References3
Cvelist
Cvelist
added 2006/02/23 8:0 p.m.30 views

CVE-2006-0803

The signature verification functionality in the YaST Online Update YOU script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used...

6.6AI score0.01736EPSS
Exploits0References3
CVE
CVE
added 2006/02/23 8:0 p.m.59 views

CVE-2006-0803

The CVE describes a flaw in YaST Online Update (YOU) signature verification: it relies on a GPG feature not intended for signature verification, preventing YOU from detecting malicious scripts that fail the signature check when using GPG 1.4.x. Affected component: YOU script; root cause: improper...

5CVSS6.5AI score0.01736EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder