Lucene search
K

17 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : gnupg2-2.2.20-3.el8 (AXSA:2022-3833:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3833:01 advisory. gpg: Signature spoofing via status line injection CVE-2022-34903 Tenable has extracted the preceding description block directly from the MiracleLinux securit...

6.5CVSS8.5AI score0.02551EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 9 : gnupg2-2.3.3-2.el9 (AXSA:2022-4062:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-4062:02 advisory. gpg: Signature spoofing via status line injection CVE-2022-34903 Tenable has extracted the preceding description block directly from the MiracleLinux securit...

6.5CVSS8.5AI score0.02551EPSS
Exploits1References2
OSV
OSV
added 2025/10/17 10:31 p.m.4 views

JLSEC-2025-92 GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information fr...

GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints e.g., use of GPGME are met, allows signature forgery via injection into the status line...

6.5CVSS7.1AI score0.02551EPSS
Exploits1References20
Tenable Nessus
Tenable Nessus
added 2023/11/06 12:0 a.m.12 views

Rocky Linux 8 : gnupg2 (RLSA-2022:6463)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:6463 advisory. - GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints e.g., use of...

6.5CVSS7.3AI score0.02551EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.3 views

SUSE CVE-2022-34903

GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints e.g., use of GPGME are met, allows signature forgery via injection into the status line...

6.8CVSS8.8AI score0.02551EPSS
Exploits1References51
RedHat Linux
RedHat Linux
added 2022/09/20 1:46 p.m.106 views

gpg: Signature spoofing via status line injection

A vulnerability was found in GnuPG. This issue occurs due to an escape detection loop at the writestatustextandbuffer function in g10/cpr.c. This flaw allows a malicious actor to bypass access control...

6.5CVSS7.3AI score0.02551EPSS
Exploits1References4
Rockylinux
Rockylinux
added 2022/09/20 11:39 a.m.34 views

gnupg2 security update

An update is available for gnupg2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The GNU Privacy Guard GnuPG or GPG is a tool for encrypting data and creating...

6.5CVSS7.3AI score0.02551EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2022/09/13 9:47 a.m.6 views

gpg: Signature spoofing via status line injection

A vulnerability was found in GnuPG. This issue occurs due to an escape detection loop at the writestatustextandbuffer function in g10/cpr.c. This flaw allows a malicious actor to bypass access control...

6.5CVSS7.3AI score0.02551EPSS
Exploits1References4
OSV
OSV
added 2022/07/14 4:26 p.m.8 views

CLSA-2022-1657815972 Fix CVE(s): CVE-2022-34903

SECURITY UPDATE: signature forgery via injection into the status line - debian/patches/CVE-2022-34903.patch: Fix garbled status messages in NOTATIONDATA in g10/cpr.c. - CVE-2022-34903...

6.5CVSS6.9AI score0.02551EPSS
Exploits1References1
Microsoft CVE
Microsoft CVE
added 2022/07/14 7:0 a.m.6 views

GnuPG through 2.3.6 in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g. use of GPGME) are met allows signature forgery via injection into the status line.

...

6.5CVSS7.2AI score0.02551EPSS
Exploits1
OSV
OSV
added 2022/07/01 10:15 p.m.39 views

CVE-2022-34903

GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints e.g., use of GPGME are met, allows signature forgery via injection into the status line...

6.5CVSS6.8AI score
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2022/07/01 10:15 p.m.3 views

CVE-2022-34903

GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints e.g., use of GPGME are met, allows signature forgery via injection into the status line...

6.5CVSS5.9AI score0.02551EPSS
Exploits1References15
UbuntuCve
UbuntuCve
added 2022/07/01 10:15 p.m.44 views

CVE-2022-34903

GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints e.g., use of GPGME are met, allows signature forgery via injection into the status line...

6.5CVSS6.9AI score0.02551EPSS
Exploits1References7
Cvelist
Cvelist
added 2022/07/01 9:5 p.m.22 views

CVE-2022-34903

GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints e.g., use of GPGME are met, allows signature forgery via injection into the status line...

7.2AI score0.02551EPSS
Exploits1References10
CVE
CVE
added 2022/07/01 9:5 p.m.505 views

CVE-2022-34903

CVE-2022-34903 affects GnuPG up to version 2.3.6; under certain conditions (e.g., attacker possesses secret-key data and use of GPGME) it allows signature forgery via status-line injection. Advisories indicate a fix in gnupg2 2.3.7-1 (or later) across multiple distributions (e.g., Debian/Cloud, A...

6.5CVSS6.9AI score0.02551EPSS
Exploits1References10Affected Software1
Debian CVE
Debian CVE
added 2022/07/01 9:5 p.m.48 views

CVE-2022-34903

GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints e.g., use of GPGME are met, allows signature forgery via injection into the status line...

6.5CVSS6.9AI score0.02551EPSS
Exploits1
CNNVD
CNNVD
added 2022/07/01 12:0 a.m.2 views

GnuPG 注入漏洞

GnuPG is a suite of open source cryptographic software from the GNU community under the GNU General Public License. The software supports public key, symmetric encryption, hashing, and other algorithms. Versions of GnuPG prior to 2.3.6 suffer from an injection vulnerability that stems from an...

6.5CVSS7.3AI score0.02551EPSS
Exploits1References45
Rows per page
Query Builder