Lucene search
K

9 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-2043

Malware in sbrugna...

8.8CVSS8.6AI score0.01041EPSS
Exploits1References8
OSV
OSV
added 2025/03/19 8:15 p.m.6 views

AZL-58935 CVE-2025-30258 affecting package gnupg2 2.4.9-2

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."...

4.7CVSS6.6AI score0.00179EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 6:8 a.m.6 views

SUSE CVE-2008-1530

GnuPG gpg 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."...

9.3CVSS8AI score0.04041EPSS
Exploits0References3
OSV
OSV
added 2022/08/19 11:4 a.m.4 views

OESA-2022-1847 gnupg2 security update

GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 also known as PGP. GnuPG enables encryption and signing of data and communication, and features a versatile key management system as well as access modules for public key directories. Security Fixes: GnuPG...

6.5CVSS7.2AI score0.02551EPSS
Exploits1References2
OSV
OSV
added 2022/07/01 10:15 p.m.7 views

AZL-10074 CVE-2022-34903 affecting package gnupg2 for versions less than 2.3.7-1

GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints e.g., use of GPGME are met, allows signature forgery via injection into the status line...

6.5CVSS6.9AI score0.02551EPSS
Exploits1References1
NVD
NVD
added 2020/03/20 4:15 p.m.17 views

CVE-2019-14855

A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18...

7.5CVSS6AI score0.0105EPSS
Exploits1References5
OSV
OSV
added 2018/04/04 12:29 a.m.5 views

DEBIAN-CVE-2018-9234

GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey...

7.5CVSS6.8AI score0.02082EPSS
Exploits0References1
CVE
CVE
added 2006/12/07 11:0 a.m.91 views

CVE-2006-6235

The CVE-2006-6235 vulnerability is a stack overwrite flaw in GnuPG (gpg) affecting 1.x versions before 1.4.6, 2.x before 2.0.2, and 1.9.0–1.9.95. A crafted OpenPGP packet can cause GnuPG to dereference a function pointer from deallocated stack memory, enabling arbitrary code execution. Multiple a...

10CVSS7AI score0.05671EPSS
Exploits0References35Affected Software2
RedHat Linux
RedHat Linux
added 2003/12/11 12:21 a.m.10 views

security flaw

GnuPG GPG 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 sign+encrypt keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature...

5CVSS5.7AI score0.02854EPSS
Exploits1References4
Rows per page
Query Builder