16 matches found
EUVD-2015-3448
Malware in sbrugna...
Updated gnupg2 packages fix security vulnerabilities
Key validity not computed when key is certified by a trusted "certify-only" key regression due to patch for CVE-2025-30258...
SUSE CVE-2018-9234
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey...
Exploit for Improper Certificate Validation in Microsoft
CVE-2022-26923-Powershell-POC A powershell poc to load and aut...
EulerOS Virtualization 3.0.6.6 : gnupg2 (EulerOS-SA-2021-1479)
According to the version of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which resul...
CVE-2018-9234
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : GnuPG vulnerabilities (USN-3675-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3675-1 advisory. Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when...
CVE-2018-9234
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey...
CVE-2018-9234
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey...
Multiple Vulnerabilities in Drupal Certify
Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. An access restriction and information disclosure vulnerability exists in Drupal Certify. Allow attackers to exploit this vulnerability to bypass security restrictions and...
CVE-2015-3404
The Certify module before 6.x-2.3 for Drupal does not properly perform node access checks, which allows remote authenticated users to bypass intended access restrictions and obtain sensitive PDF certificate information via vectors related to "showing and creating the PDF certificates."...
Design/Logic Flaw
The Certify module before 6.x-2.3 for Drupal does not properly perform node access checks, which allows remote authenticated users to bypass intended access restrictions and obtain sensitive PDF certificate information via vectors related to "showing and creating the PDF certificates."...
CVE-2015-3404
The vulnerability CVE-2015-3404 affects the Drupal Certify module (before 6.x-2.3). The module fails to perform proper node access checks when showing or creating PDF certificates, allowing remote authenticated users to bypass access restrictions and view sensitive PDF certificate information. Af...
CVE-2015-3404
The Certify module before 6.x-2.3 for Drupal does not properly perform node access checks, which allows remote authenticated users to bypass intended access restrictions and obtain sensitive PDF certificate information via vectors related to "showing and creating the PDF certificates."...
SA-CONTRIB-2015-033 - Certify - Access bypass and information disclosure
Certify enables you to automatically issue PDF certificates to users upon completion of a set of conditions. The module does not sufficiently check node access when showing and creating the PDF certificates. This can lead to users seeing certificates they should not have access to. This...
Cybersecurity Act of 2012 Introduced Without Emergency Presidential Powers Provisions
A bipartisan group of Senators introduced the Cybersecurity Act of 2012 yesterday. The bill aims to secure federal and private sector networks that provide essential services or that are deemed “critical” to the nation in some other way. According to a Homeland Security and Government Affairs...