Astra Linux - уязвимость в thunderbird

An attacker may carry out a DoS attack to prevent a user from sending encrypted emails to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self-signature, and the Thunderbird user imports the crafted key, then Thunderbird may attempt to use the inval...

Astra Linux - уязвимость в thunderbird

If a Thunderbird user has previously imported Alice’s OpenPGP key, and Alice has extended the validity period of her key, but Alice’s updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice’s key with an invalid subkey. In this case, Thunderbird...

CLSA-2026-1777545003 rpm: Fix of CVE-2021-3521

CVE-2021-3521: validate and require subkey binding signatures on PGP public keys...

CLSA-2026-1777539405 rpm: Fix of CVE-2021-3521

CVE-2021-3521: validate and require subkey binding signatures on PGP public keys...

CLSA-2026-1777539108 rpm: Fix of CVE-2021-3521

CVE-2021-3521: validate and require subkey binding signatures on PGP public keys...

CLSA-2026-1776159098 Fix CVE(s): CVE-2025-30258

SECURITY UPDATE: signature verification DoS via malicious subkey - debian/patches/CVE-2025-30258.patch: require signing usage when looking up public key for signature verification, filtering out subkeys without valid backsig. Include upstream regression fixes to preserve verification of signature...

CLSA-2026-1775119189 gnupg2: Fix of CVE-2025-30258

CVE-2025-30258: fix verification DoS due to a malicious subkey in the keyring...

CLSA-2026-1774612633 gnupg2: Fix of CVE-2025-30258

CVE-2025-30258: fix verification DoS due to a malicious subkey in the keyring...

EulerOS Virtualization 2.12.1 : gnupg2 (EulerOS-SA-2026-1427)

According to the versions of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In GnuPG before 2.4.9, armorfilter in g10/armor.c has two increments of an index variable where one is intended, leading to an...

CLSA-2026-1772571803 munge: Fix of CVE-2026-25506

CVE-2026-25506: fix buffer overflow in message parsing and add bounds checks and input validation for address length; prevent leak of cryptographic MAC subkey and forging of arbitrary credentials...

SUSE CVE-2026-25506

MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...

AZL-77444 CVE-2026-25506 affecting package munge for versions less than 0.5.18-1

MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...

CVE-2026-25506

MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...

AZL-77451 CVE-2026-25506 affecting package munge for versions less than 0.5.18-1

MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...

CVE-2026-25506

MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...

CVE-2026-25506

MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...

CVE-2026-25506

MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...

Linux Distros Unpatched Vulnerability : CVE-2026-25506

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability ...

EulerOS Virtualization 2.10.0 : gnupg2 (EulerOS-SA-2026-1168)

According to the versions of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that...

Siemens Ruggedcom ROX Improper Input Validation (CVE-2018-9234)

GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. This plugin only works with Tenable.ot. Please visit...