Lucene search
K

8 matches found

OSV
OSV
added 2026/05/02 1:16 a.m.14 views

CLSA-2026-1777545003 rpm: Fix of CVE-2021-3521

CVE-2021-3521: validate and require subkey binding signatures on PGP public keys...

4.7CVSS6.7AI score0.00302EPSS
Exploits0References1
OSV
OSV
added 2026/04/30 8:56 a.m.6 views

CLSA-2026-1777539405 rpm: Fix of CVE-2021-3521

CVE-2021-3521: validate and require subkey binding signatures on PGP public keys...

4.7CVSS6.7AI score0.00302EPSS
Exploits0References1
OSV
OSV
added 2026/04/30 8:51 a.m.8 views

CLSA-2026-1777539108 rpm: Fix of CVE-2021-3521

CVE-2021-3521: validate and require subkey binding signatures on PGP public keys...

4.7CVSS5.8AI score0.00302EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 3:49 a.m.5 views

SUSE CVE-2021-3521

There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to...

4.4CVSS6.7AI score0.00302EPSS
Exploits0References6
OSV
OSV
added 2022/08/22 3:15 p.m.3 views

DEBIAN-CVE-2021-3521

There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to...

4.7CVSS6.2AI score0.00302EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/08/22 12:0 a.m.36 views

rpm4 -- Multiple Vulnerabilities

rpm project reports: Fix intermediate symlinks not verified CVE-2021-35939. Fix subkey binding signatures not checked on PGP public keys CVE-2021-3521. Refactor file and directory operations to use fd-based APIs throughout CVE-2021-35938...

6.7CVSS1.9AI score0.00491EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2022/02/22 3:59 p.m.5 views

rpm: RPM does not require subkeys to have a valid binding signature

There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature."1 RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey t...

4.7CVSS7.1AI score0.00302EPSS
Exploits0References4
OSV
OSV
added 2022/02/14 8:16 p.m.5 views

CLSA-2022-1644869807 Fix of CVE: CVE-2021-3521, CVE-2021-20266

CVE-2021-20266: missing length checks in hdrblobInit - CVE-2021-3521: RPM does not require subkeys to have a valid binding signature - Address important covscan issues 1996665, 2022537...

4.9CVSS6.8AI score0.01706EPSS
Exploits0References1
Rows per page
Query Builder