Security Bulletin: Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.

Summary Vulnerabilities exists in IBM Cloud Pak for Data System CPDS 1.0 - Cyclops addressed in 11.3.1.1. Vulnerability Details CVEID:CVE-2022-3219 DESCRIPTION: GnuPG can be made to spin on a relatively small input by for example crafting a public key with thousands of signatures attached,...

Astra Linux - уязвимость в gnupg2

GnuPG versions up to 2.3.6 allow for signature forgery in unusual situations where an attacker possesses secret-key information from a victim’s keyring, and other constraints such as the use of GPGME are met. This can be achieved by injecting malicious data into the command line’s status line...

Astra Linux - уязвимость в gnupg2

In GnuPG before version 2.4.9, the armorfilter function in g10/armor.c had two increments of an index variable, where only one was intended. This led to a out-of-bounds write vulnerability with crafted inputs. This issue has been fixed in ExtendedLTS versions, 2.2.51 and later...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-11.0.1.1)

The version of AHV installed on the remote host is prior to AHV-11.0.1.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-11.0.1.1 advisory. - LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics...

Fedora 44 : rust-pty-process / rust-sequoia-chameleon-gnupg (2026-29e1155702)

The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-29e1155702 advisory. Rebuild rust-sequoia-chameleon-gnupg with rust-tar 0.4.45 for CVE-2026-33056. Update rust-pty-process to 0.5.3, and adjust the dev-dependency in...

Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2026-1238)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: gnupg2 (UTSA-2026-005933)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005933 advisory. In GnuPG before 2.4.9, armorfilter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-10.0.1.8)

The version of AHV installed on the remote host is prior to AHV-10.0.1.8. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-10.0.1.8 advisory. - In GnuPG before 2.4.9, armorfilter in g10/armor.c has two increments of an index variable where one is intended,...

SUSE-SU-2026:20487-1 Security update for gpg2

This update for gpg2 fixes the following issues: - CVE-2026-24882: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys bsc1257396. - gpg.fail/filename: GnuPG Accepts Path Separators and Path Traversals in Literal Data "Filename" Field bsc1256389...

RHEL 10 : gnupg2 (RHSA-2026:2753)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:2753 advisory. The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards...

SUSE SLES12 Security Update : gpg2 (SUSE-SU-2026:0378-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:0378-1 advisory. - CVE-2025-68973: Fixed possile memory corruption in the armor parser T7906 bsc1255715 - Fixed GnuPG Accepting Path Separators and Path Traversals in...

Amazon Linux 2023 : gnupg2, gnupg2-minimal, gnupg2-smime (ALAS2023-2026-1380)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1380 advisory. In GnuPG before 2.4.9, armorfilter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. For ExtendedLTS, 2.2.51 and later a...

RHEL 9 : gnupg2 (RHSA-2026:1705)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:1705 advisory. The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Securi...

CVE-2026-24881

In GnuPG before 2.5.17, a crafted CMS S/MIME EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that...

RHEL 8 : gnupg2 (RHSA-2026:0935)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0935 advisory. The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Securi...

RHEL 10 : gnupg2 (RHSA-2026:0697)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0697 advisory. The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : GnuPG vulnerability (USN-7946-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7946-1 advisory. It was discovered that GnuPG incorrectly handled crafted input. A remote attacker could possibly u...

Siemens Ruggedcom ROX Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-2022-34903)

GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints e.g., use of GPGME are met, allows signature forgery via injection into the status line. This plugin only works with Tenable.ot. Please visit...

SUSE CVE-2025-68972

In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds although an "invalid armor" message is printed...

CVE-2025-68973

In GnuPG before 2.4.9, armorfilter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. For ExtendedLTS, 2.2.51 and later are fixed versions...