CVE-2026-56346

AVideo through version 25.0 contains an authentication bypass vulnerability in the decryptMessage.json.php endpoint that allows unauthenticated users to decrypt PGP messages. Remote attackers can submit private keys, ciphertext, and passphrases to perform server-side decryption without credential...

CVE-2026-56346

CVE-2026-56346 affects AVideo up to version 25.0, with an authentication bypass in the decryptMessage.json.php endpoint that lets unauthenticated users decrypt PGP messages. Remote attackers can submit private keys, ciphertext, and passphrases to trigger server-side decryption without credentials...

OESA-2026-2636 libsolv security update

A free package dependency solver using a satisfiability algorithm. The library is based on two major, but independent, blocks: Security Fixes: A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when...

OESA-2026-2635 libsolv security update

A free package dependency solver using a satisfiability algorithm. The library is based on two major, but independent, blocks: Security Fixes: A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when...

OESA-2026-2634 libsolv security update

A free package dependency solver using a satisfiability algorithm. The library is based on two major, but independent, blocks: Security Fixes: A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when...

TencentOS Server 4: libsolv (TSSA-2026:0423)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0423 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Amazon Linux 2023 : libsolv, libsolv-demo, libsolv-devel (ALAS2023-2026-1798)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1798 advisory. A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffe...

[SECURITY] Fedora 44 Update: rust-sequoia-wot-0.15.2-1.fc44

An implementation of OpenPGP's web of trust...

[SECURITY] Fedora 43 Update: rust-sequoia-sop-0.37.3-4.fc43

An implementation of the Stateless OpenPGP Interface using Sequoia...

[SECURITY] Fedora 43 Update: rust-sequoia-sqv-1.3.0-6.fc43

A simple OpenPGP signature verification program...

[SECURITY] Fedora 42 Update: rust-sequoia-sqv-1.3.0-6.fc42

A simple OpenPGP signature verification program...

Astra Linux - уязвимость в thunderbird

When receiving an email message signed with OpenPGP/MIME and containing an additional outer MIME message layer, such as a message footer added by a mailing list gateway, Thunderbird only considers the signed inner message for signature validity. This creates the false impression that the addition...

Astra Linux – Vulnerability in Thunderbird

If a Thunderbird user has previously imported Alice’s OpenPGP key, and Alice has extended the validity period of her key, but Alice’s updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice’s key with an invalid subkey. In this case, Thunderbird...

Astra Linux - уязвимость в thunderbird

Thunderbird unprotects a secret OpenPGP key before using it for decryption, signing, or key import tasks. If the task fails, the secret key may remain in memory in an unprotected state. This vulnerability affects Thunderbird versions earlier than 78.8.1...

bouncycastle: BC-JAVA: unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpg. A specially crafted PGP AEAD Authenticated Encryption with Associated Data message with an unbounded chunk size can lead to an excessive consumption of memory. This issue allows an unauthenticated remote attacker to cause memory...

[SECURITY] Fedora 44 Update: rust-sequoia-sop-0.37.3-3.fc44

An implementation of the Stateless OpenPGP Interface using Sequoia...

[SECURITY] Fedora 44 Update: rust-sequoia-openpgp-2.3.0-1.fc44

OpenPGP data types and associated machinery...

[SECURITY] Fedora 44 Update: rust-rpm-sequoia-1.10.2-2.fc44

An implementation of the RPM PGP interface using Sequoia...

Unity Linux 20.1060e / 20.1070e Security Update: libgcrypt (UTSA-2026-017437)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017437 advisory. The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous...

Unity Linux 20.1060e / 20.1070e Security Update: libgcrypt (UTSA-2026-017573)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017573 advisory. Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpipowm, and...