12 matches found
EUVD-2014-0087
Malware in sbrugna...
EUVD-2014-0090
Malware in sbrugna...
EUVD-2014-0089
Malware in sbrugna...
USN-3964-1 python-gnupg vulnerabilities
Marcus Brinkmann discovered that GnuPG before 2.2.8 improperly handled certain command line parameters. A remote attacker could use this to spoof the output of GnuPG and cause unsigned e-mail to appear signed. CVE-2018-12020 It was discovered that python-gnupg incorrectly handled the GPG...
entweet (=2.0.0), irrd (=4.0.0rc1) +1 more potentially affected by CVE-2019-6690 via python-gnupg (>=0.3.9 <=0.4.3)
python-gnupg PYPI version =0.3.9, =0.16.8, =0.23.0rc1 Source cves: CVE-2019-6690 Source advisory: OSV:GHSA-2FCH-JVG5-CRF6...
entweet (=2.0.0), irrd (=4.0.0rc1) +1 more potentially affected by CVE-2019-6690 via python-gnupg (>=0.3.9 <=0.4.3)
python-gnupg PYPI version =0.3.9, =0.16.8, =0.23.0rc1 Source cves: CVE-2019-6690 Source advisory: OSV:PYSEC-2019-115...
Input validation
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting...
CVE-2019-6690
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting...
Design/Logic Flaw
python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323...
CVE-2014-1928
The shellquote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "" backslash characters to form multi-command sequences, a different...
CVE-2014-1927
The shellquote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "$" command-substitution sequences, a different vulnerability than CVE-2014-1928...
CVE-2013-7323
python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors...