Lucene search
K

27 matches found

UbuntuCve
UbuntuCve
added 2026/04/07 8:16 p.m.16 views

CVE-2026-39395

Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures,...

5.3CVSS6AI score0.00241EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.5 views

SUSE SLES12 Security Update : gpg2 (SUSE-SU-2026:0378-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:0378-1 advisory. - CVE-2025-68973: Fixed possile memory corruption in the armor parser T7906 bsc1255715 - Fixed GnuPG Accepting Path Separators and Path Traversals in...

7.8CVSS5.6AI score0.00129EPSS
Exploits1References7
OSV
OSV
added 2026/02/04 7:38 a.m.4 views

SUSE-SU-2026:0378-1 Security update for gpg2

This update for gpg2 fixes the following issues: - CVE-2025-68973: Fixed possile memory corruption in the armor parser T7906 bsc1255715 - Fixed GnuPG Accepting Path Separators and Path Traversals in Literal Data bsc1256389 - Fixed Cleartext Signature Forgery in the NotDashEscaped header...

7.8CVSS5.8AI score0.00129EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/01/24 12:0 a.m.8 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gpg2 (SUSE-SU-2026:0215-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0215-1 advisory. - CVE-2025-68973: Fix possible memory corruption in the armor parser gpg.fail/memcpybsc1255715. - Avoid...

7.8CVSS5.9AI score0.00129EPSS
Exploits1References8
SUSE Linux
SUSE Linux
added 2026/01/22 12:10 p.m.8 views

Security update for gpg2

This update for gpg2 fixes the following issues: CVE-2025-68973: Fix possible memory corruption in the armor parser gpg.fail/memcpybsc1255715. Avoid potential downgrade to SHA1 in 3rd party key signatures gpg.fail/sha1 bsc1256246. Error out on unverified output for non-detached signatures...

8CVSS5.7AI score0.00129EPSS
Exploits1References12
OSV
OSV
added 2026/01/22 12:10 p.m.5 views

SUSE-SU-2026:0215-1 Security update for gpg2

This update for gpg2 fixes the following issues: - CVE-2025-68973: Fix possible memory corruption in the armor parser gpg.fail/memcpybsc1255715. - Avoid potential downgrade to SHA1 in 3rd party key signatures gpg.fail/sha1 bsc1256246. - Error out on unverified output for non-detached signatures...

7.8CVSS5.8AI score0.00129EPSS
Exploits1References7
SUSE Linux
SUSE Linux
added 2026/01/22 12:10 p.m.7 views

Security update for gpg2

This update for gpg2 fixes the following issues: CVE-2025-68973: Fix possible memory corruption in the armor parser gpg.fail/memcpybsc1255715. Avoid potential downgrade to SHA1 in 3rd party key signatures gpg.fail/sha1 bsc1256246. Error out on unverified output for non-detached signatures...

8CVSS5.7AI score0.00129EPSS
Exploits1References10
OSV
OSV
added 2026/01/22 12:9 p.m.4 views

SUSE-SU-2026:0214-1 Security update for gpg2

This update for gpg2 fixes the following issues: - CVE-2025-68973: Fix possible memory corruption in the armor parser gpg.fail/memcpybsc1255715. - Avoid potential downgrade to SHA1 in 3rd party key signatures gpg.fail/sha1 bsc1256246. - Error out on unverified output for non-detached signatures...

7.8CVSS5.8AI score0.00129EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

openSUSE 16 Security Update : gpg2 (openSUSE-SU-2026:20029-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20029-1 advisory. - CVE-2025-68973: out-of-bounds write when processing specially crafted input in the armor parser can lead to memory corruption bsc1255715. Other securi...

7.8CVSS5.9AI score0.00129EPSS
Exploits1References6
OPENSUSE Linux
OPENSUSE Linux
added 2026/01/15 12:0 a.m.7 views

Security update for gpg2 (important)

openSUSE security update: security update for gpg2 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20029-1 Rating: important References: bsc1255715 bsc1256244 bsc1256246 bsc1256390 Cross-References: CVE-2025-68973 CVSS scores: CVE-2025-68973 SUSE : ...

8CVSS7.4AI score0.00129EPSS
Exploits1References4
Debian
Debian
added 2026/01/14 4:49 p.m.11 views

[SECURITY] [DLA 4437-1] gnupg2 security update

Debian LTS Advisory DLA-4437-1 [email protected] https://www.debian.org/lts/security/ Roberto C. Sánchez January 14, 2026 https://wiki.debian.org/LTS Package : gnupg2 Version : 2.2.27-2+deb11u3 CVE ID : CVE-2025-68973 Debian Bug : 1124221 Several issues have been discovered in gnupg2, a...

7.8CVSS7.8AI score0.00129EPSS
Exploits1
OSV
OSV
added 2026/01/14 10:23 a.m.2 views

OPENSUSE-SU-2026:20029-1 Security update for gpg2

This update for gpg2 fixes the following issues: - CVE-2025-68973: out-of-bounds write when processing specially crafted input in the armor parser can lead to memory corruption bsc1255715. Other security fixes: - gpg: Avoid potential downgrade to SHA1 in 3rd party key signatures bsc1256246. - gpg...

7.8CVSS5.8AI score0.00129EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2006-0057

Malware in sbrugna...

5CVSS6AI score0.02373EPSS
Exploits0References35
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.3 views

SUSE CVE-2006-0049

gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different...

5CVSS7AI score0.02373EPSS
Exploits0References4
OSV
OSV
added 2021/04/12 7:59 p.m.12 views

MGASA-2021-0180 Updated tor packages fix security vulnerabilities

The dumpdesc function that we used to dump unparseable information to disk, was called incorrectly in several places, in a way that could lead to excessive CPU usage CVE-2021-28089. A bug in appending detached signatures to a pending consensus document could be used to crash a directory authority...

7.5CVSS5.9AI score0.02096EPSS
Exploits0References3
Mageia
Mageia
added 2021/04/12 7:59 p.m.42 views

Updated tor packages fix security vulnerabilities

The dumpdesc function that we used to dump unparseable information to disk, was called incorrectly in several places, in a way that could lead to excessive CPU usage CVE-2021-28089. A bug in appending detached signatures to a pending consensus document could be used to crash a directory authority...

7.5CVSS2AI score0.02096EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2012/09/06 12:0 a.m.33 views

Mandrake Linux Security Advisory : gnupg (MDKSA-2000:087)

When importing keys from public key servers, GnuPG will import private keys also known as secret keys in addition to public keys. If this happens, the user's web of trust becomes corrupt. Additionally, when used to check detached signatures, if the data file being checked contains clearsigned dat...

5CVSS5.4AI score0.01969EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.7 views

Debian Security Advisory DSA 010-1 (gnupg)

The remote host is missing an update to gnupg announced via advisory DSA 010-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2006/05/13 12:0 a.m.30 views

FreeBSD : gnupg -- false positive signature verification (63fe4189-9f97-11da-ac32-0001020eed82)

Werner Koch reports : The Gentoo project identified a security related bug in GnuPG. When using any current version of GnuPG for unattended signature verification e.g. by scripts and mail programs, false positive signature verification of detached signatures may occur. This problem affects the to...

4.6CVSS7.3AI score0.01327EPSS
Exploits1References3
NVD
NVD
added 2006/03/13 9:6 p.m.21 views

CVE-2006-0049

gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different...

5CVSS6AI score0.02373EPSS
Exploits0References31
Rows per page
Query Builder