84 matches found
MiracleLinux 8 : gnupg2-2.2.20-2.el8 (AXSA:2021-1082:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1082:01 advisory. GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS CVE-2019-13050 Tenable has...
Building a Transparent Keyserver
Today, we are going to build a keyserver to lookup age public keys. That part is boring. What’s interesting is that we’ll apply the same transparency log technology as the Go Checksum Database to keep the keyserver operator honest and unable to surreptitiously inject malicious keys, while still...
EUVD-2014-3225
Malware in sbrugna...
EUVD-2019-4610
Malware in sbrugna...
EUVD-2001-1233
Malware in sbrugna...
Security Bulletin: Astronomer with IBM is vulnerable to several vulnerabilities (CVE-2008-5730, CVE-2015-5237, CVE-2018-12020, CVE-2019-13050, CVE-2019-14855, CVE-2019-1543, CVE-2020-25125, CVE-2021-3712, CVE-2022-31130, CVE-2023-0464, CVE-2022-1292)
Summary Open source software is used by Astronomer with IBM as part of overall processing functionality. Vulnerability Details CVEID:CVE-2008-5730 DESCRIPTION: Multiple CRLF injection vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to have an unknown impact via unspecified...
RHEL 5 : gnupg (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - GnuPG: Unenforced configuration allows for apparently valid certifications actually signed by signing...
Rocky Linux 8 : gnupg2 (RLSA-2020:4490)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4490 advisory. - GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery CSRF vulnerability in dirmngr that can result in Attacker controlled CSRF,...
Debian: Security Advisory (DLA-54-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
K08654551: GnuPG vulnerability CVE-2019-13050
Security Advisory Description Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause ...
SUSE CVE-2019-13050
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service...
Ubuntu 18.04 LTS : GnuPG vulnerability (USN-5431-1)
The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5431-1 advisory. It was discovered that GnuPG was not properly processing keys with large amounts of signatures. An attacker could possibly use this issue to cause a denial of...
AlmaLinux 8 : gnupg2 (ALSA-2020:4490)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2020:4490 advisory. - GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery CSRF vulnerability in dirmngr that can result in Attacker controlled CSRF, Informatio...
NewStart CGSL MAIN 6.02 : gnupg2 Vulnerability (NS-SA-2021-0076)
The remote NewStart CGSL host, running version MAIN 6.02, has gnupg2 packages installed that are affected by a vulnerability: - Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration...
Oracle Linux 8 : gnupg2 (ELSA-2020-4490)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-4490 advisory. 2.2.20-2 - fixes for issues found in Coverity scan 2.2.20-1 - upgrade to 2.2.20 Tenable has extracted the preceding description block directly from the Oracle...
Denial Of Service (DoS)
gnupg2 is vulnerable to denial of service DoS. This is because the interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack causing an application crash...
GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service...
RLSA-2020:4490 Moderate: gnupg2 security, bug fix, and enhancement update
The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. The following packages have been upgraded to a later upstream version: gnupg2 2.2.20. BZ1663944 Security Fixes: GnuPG: interaction between the sks-keyserv...
CVE-2019-13050
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service...
EulerOS Virtualization for ARM 64 3.0.6.0 : gnupg2 (EulerOS-SA-2020-1358)
According to the version of the gnupg2 package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it...