30 matches found
MiracleLinux 8 : gnupg2-2.2.20-2.el8 (AXSA:2021-1082:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1082:01 advisory. GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS CVE-2019-13050 Tenable has...
EUVD-2014-3225
Malware in sbrugna...
EUVD-2019-4610
Malware in sbrugna...
Rocky Linux 8 : gnupg2 (RLSA-2020:4490)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4490 advisory. - GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery CSRF vulnerability in dirmngr that can result in Attacker controlled CSRF,...
K08654551: GnuPG vulnerability CVE-2019-13050
Security Advisory Description Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause ...
Ubuntu 18.04 LTS : GnuPG vulnerability (USN-5431-1)
The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5431-1 advisory. It was discovered that GnuPG was not properly processing keys with large amounts of signatures. An attacker could possibly use this issue to cause a denial of...
AlmaLinux 8 : gnupg2 (ALSA-2020:4490)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2020:4490 advisory. - GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery CSRF vulnerability in dirmngr that can result in Attacker controlled CSRF, Informatio...
NewStart CGSL MAIN 6.02 : gnupg2 Vulnerability (NS-SA-2021-0076)
The remote NewStart CGSL host, running version MAIN 6.02, has gnupg2 packages installed that are affected by a vulnerability: - Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration...
Oracle Linux 8 : gnupg2 (ELSA-2020-4490)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-4490 advisory. 2.2.20-2 - fixes for issues found in Coverity scan 2.2.20-1 - upgrade to 2.2.20 Tenable has extracted the preceding description block directly from the Oracle...
Denial Of Service (DoS)
gnupg2 is vulnerable to denial of service DoS. This is because the interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack causing an application crash...
GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service...
CVE-2019-13050
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service...
EulerOS Virtualization for ARM 64 3.0.6.0 : gnupg2 (EulerOS-SA-2020-1358)
According to the version of the gnupg2 package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it...
EulerOS 2.0 SP8 : gnupg2 (EulerOS-SA-2020-1153)
According to the version of the gnupg2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG...
The vulnerability of the network software SKS Keyserver and the GNU Privacy Guard (GnuPG) software for encrypting information and generating digital signatures arises from the lack of verification of host data in the certificates. This allows attackers to trigger a service failure.
The vulnerability of the network software SKS Keyserver and the information encryption and digital signatures generation programs of GNU Privacy Guard GnuPG is related to the lack of verification of host data in the certificates. Exploiting this vulnerability could allow a malicious actor to caus...
Updated thunderbird packages fix security vulnerability
Sandbox escape via installation of malicious language pack. CVE-2019-9811 Script injection within domain through inner window reuse. CVE-2019-11711 Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects. CVE-2019-11712 Use-after-free with HTTP/2 cached stream...
CVE-2019-13050
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service...
UBUNTU-CVE-2019-13050
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service...
CVE-2019-13050
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service...
Code injection
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service...