Lucene search
+L

116 matches found

Tenable Nessus
Tenable Nessus
added 2016/02/22 12:0 a.m.36 views

F5 Networks BIG-IP : GnuPG vulnerability (SOL40131068)

The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service infinite recursion via a crafted OpenPGP message. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from F5...

5CVSS7.8AI score0.0503EPSS
Exploits0References2
Prion
Prion
added 2014/10/25 9:55 p.m.29 views

Design/Logic Flaw

python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323...

4.4CVSS6.9AI score0.02851EPSS
Exploits2References4Affected Software1
Debian CVE
Debian CVE
added 2014/10/25 9:0 p.m.80 views

CVE-2014-1927

The shellquote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "$" command-substitution sequences, a different vulnerability than CVE-2014-1928...

7.5CVSS7.3AI score0.03388EPSS
Exploits2
Cvelist
Cvelist
added 2014/10/25 9:0 p.m.49 views

CVE-2014-1928

The shellquote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "" backslash characters to form multi-command sequences, a different...

7.2AI score0.00605EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2014/06/27 12:0 a.m.31 views

Ubuntu 14.04 LTS : GnuPG vulnerability (USN-2258-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2258-1 advisory. Jean-Ren Reinhard, Olivier Levillain and Florian Maury discovered that GnuPG incorrectly handled certain OpenPGP messages. If a user or automated system were...

5CVSS6.6AI score0.03305EPSS
Exploits0References2
OSV
OSV
added 2014/06/25 11:19 a.m.2 views

CVE-2014-4617

The douncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service infinite loop via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence...

6.1AI score
Exploits0References15
Cvelist
Cvelist
added 2014/06/09 7:0 p.m.53 views

CVE-2013-7323

python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors...

7.1AI score0.02851EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2014/01/08 6:16 p.m.3 views

gnupg: RSA secret key recovery via acoustic cryptanalysis

GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not...

2.1CVSS6.7AI score0.00451EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2013/10/29 12:0 a.m.20 views

CentOS Update for libgcrypt CESA-2013:1457 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

1.9CVSS5.6AI score0.00533EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2013/10/29 12:0 a.m.16 views

CentOS Update for libgcrypt CESA-2013:1457 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

1.9CVSS5.6AI score0.00533EPSS
Exploits0References2
OSV
OSV
added 2013/10/28 10:55 p.m.11 views

CVE-2013-4402

The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service infinite recursion via a crafted OpenPGP message...

6.3AI score
Exploits0References10
OSV
OSV
added 2013/10/10 12:55 a.m.8 views

CVE-2013-4351

GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared no usage permitted as if it has all bits set all usage permitted, which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey...

6.4AI score
Exploits0References9
OSV
OSV
added 2013/07/24 12:1 p.m.8 views

CVE-2012-6580

Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote attackers to spoof details of a message's origin or interfere with encryption-policy auditin...

6.4AI score
Exploits0References2
OSV
OSV
added 2010/08/05 6:17 p.m.5 views

CVE-2010-2547

Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc...

8.1CVSS8.3AI score
Exploits0References24
OpenVAS
OpenVAS
added 2009/03/23 12:0 a.m.27 views

Ubuntu Update for gnupg vulnerability USN-432-1

Ubuntu Update for Linux kernel vulnerabilities USN-432-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN4321.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for gnupg vulnerability USN-432-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

5CVSS6.4AI score0.05359EPSS
Exploits0References2
OSV
OSV
added 2007/03/06 8:19 p.m.7 views

CVE-2007-1263

GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection...

6.3AI score
Exploits0References34
OSV
OSV
added 2006/12/07 11:28 a.m.12 views

CVE-2006-6235

A "stack overwrite" vulnerability in GnuPG gpg 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory...

7.2AI score
Exploits0References39
RedHat Linux
RedHat Linux
added 2006/12/06 5:53 p.m.5 views

security flaw

A "stack overwrite" vulnerability in GnuPG gpg 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory...

10CVSS6.2AI score0.05713EPSS
Exploits0References4
OSV
OSV
added 2006/11/29 6:28 p.m.2 views

DEBIAN-CVE-2006-6169

Heap-based buffer overflow in the askoutfilename function in openfile.c for GnuPG gpg 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the makeprintablestring function to return a longer string than...

6.8CVSS8.3AI score0.03174EPSS
Exploits0References1
OSV
OSV
added 2006/11/29 6:28 p.m.7 views

CVE-2006-6169

Heap-based buffer overflow in the askoutfilename function in openfile.c for GnuPG gpg 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the makeprintablestring function to return a longer string than...

7.7AI score
Exploits0References35
Rows per page
Query Builder