22 matches found
EUVD-2019-4610
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2019-13050
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver...
RHEL 6 : gnupg (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - GnuPG: Unenforced configuration allows for apparently valid certifications actually signed by signing...
Rocky Linux 8 : gnupg2 (RLSA-2020:4490)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4490 advisory. - GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery CSRF vulnerability in dirmngr that can result in Attacker controlled CSRF,...
K08654551: GnuPG vulnerability CVE-2019-13050
Security Advisory Description Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause ...
SUSE CVE-2019-13050
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service...
AlmaLinux 8 : gnupg2 (ALSA-2020:4490)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2020:4490 advisory. - GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery CSRF vulnerability in dirmngr that can result in Attacker controlled CSRF, Informatio...
NewStart CGSL MAIN 6.02 : gnupg2 Vulnerability (NS-SA-2021-0076)
The remote NewStart CGSL host, running version MAIN 6.02, has gnupg2 packages installed that are affected by a vulnerability: - Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration...
CentOS 8 : gnupg2 (CESA-2020:4490)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:4490 advisory. - GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS CVE-2019-13050 Note that...
Denial Of Service (DoS)
gnupg2 is vulnerable to denial of service DoS. This is because the interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack causing an application crash...
GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service...
Moderate: Red Hat Security Advisory: gnupg2 security, bug fix, and enhancement update
An update for gnupg2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
RHEL 8 : gnupg2 (RHSA-2020:4490)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4490 advisory. The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standard...
CVE-2019-13050
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service...
EulerOS Virtualization for ARM 64 3.0.6.0 : gnupg2 (EulerOS-SA-2020-1358)
According to the version of the gnupg2 package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it...
EulerOS 2.0 SP8 : gnupg2 (EulerOS-SA-2020-1153)
According to the version of the gnupg2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG...
Fedora 30 : gnupg2 (2019-2f259a6c0a)
Minor update to version 2.2.17 from upstream with a security issue Certificate Spamming Attack mitigation. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as...
PGP Ecosystem Targeted in ‘Poisoning’ Attacks
A long-feared attack vector used against Pretty Good Privacy, the framework used to authenticate and keep email messages private, is being exploited for the first time. The attack, which takes aim at keyserver verification directories, makes it impossible for Pretty Good Privacy PGP to work...
CVE-2019-13050
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service...
CVE-2019-13050
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service...