Lucene search
K

157 matches found

OSV
OSV
added 2023/06/26 10:15 p.m.6 views

CVE-2023-34148

An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first...

7.8CVSS7.3AI score0.00234EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/06/26 12:0 a.m.15 views

Trend Micro Apex One 安全漏洞

Trend Micro Apex One is an endpoint protection software from Trend Micro. An elevation of privilege vulnerability exists in Trend Micro Apex One, which can be exploited by a local attacker to elevate privileges and write arbitrary values to an agent subkey...

7.8CVSS7AI score0.00234EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:36 a.m.5 views

SUSE CVE-2013-4351

GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared no usage permitted as if it has all bits set all usage permitted, which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey...

5.8CVSS7AI score0.02518EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:28 a.m.5 views

SUSE CVE-2018-9234

GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey...

2.2CVSS7.6AI score0.02082EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 3:49 a.m.6 views

SUSE CVE-2021-3521

There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to...

4.4CVSS6.7AI score0.00302EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.4 views

SUSE CVE-2021-23991

If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey, Thunderbird might...

4.3CVSS8.8AI score0.01035EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.3 views

SUSE CVE-2021-23993

An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user imports the crafted key, then Thunderbird may try to use the invalid...

4.3CVSS8.9AI score0.00427EPSS
Exploits0References4
Mageia
Mageia
added 2022/09/10 8:26 p.m.58 views

Updated rpm packages fix security vulnerability

RPM does not require subkeys to have a valid binding signature CVE-2021-3521...

4.7CVSS2.1AI score0.00302EPSS
Exploits0References2
OSV
OSV
added 2022/08/22 3:15 p.m.8 views

AZL-10637 CVE-2021-3521 affecting package rpm for versions less than 4.18.0-1

There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to...

4.7CVSS7.1AI score0.00302EPSS
Exploits0References1
Prion
Prion
added 2022/08/22 3:15 p.m.30 views

Design/Logic Flaw

There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to...

1.2CVSS5.6AI score0.00302EPSS
Exploits0References5Affected Software1
FreeBSD
FreeBSD
added 2022/08/22 12:0 a.m.37 views

rpm4 -- Multiple Vulnerabilities

rpm project reports: Fix intermediate symlinks not verified CVE-2021-35939. Fix subkey binding signatures not checked on PGP public keys CVE-2021-3521. Refactor file and directory operations to use fd-based APIs throughout CVE-2021-35938...

6.7CVSS1.9AI score0.00491EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2022/02/22 3:59 p.m.5 views

rpm: RPM does not require subkeys to have a valid binding signature

There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature."1 RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey t...

4.7CVSS7.1AI score0.00302EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2022/02/02 12:0 a.m.42 views

rpm security update

4.14.3-19.2 - Address covscan issues in binding sigs validation patch 2022537 4.14.3-19.1 - Validate and require subkey binding sigs on PGP pubkeys 2022537 - Fixes CVE-2021-3521...

1.1AI score0.00302EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2022/02/01 9:4 p.m.5 views

rpm: RPM does not require subkeys to have a valid binding signature

There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature."1 RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey t...

4.7CVSS7.1AI score0.00302EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/01/25 9:30 a.m.6 views

rpm: RPM does not require subkeys to have a valid binding signature

There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature."1 RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey t...

4.7CVSS7.1AI score0.00302EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/01/25 12:0 a.m.2 views

Red Hat Enterprise Linux 数据伪造问题漏洞

Red Hat Enterprise Linux is a Linux operating system for business users from Red Hat. Red Hat Enterprise Linux suffers from a data forgery vulnerability that stems from an error in RPM's signing feature, which fails to check for binding signatures when importing subitems. A remote attacker who is...

4.7CVSS6.8AI score0.00302EPSS
Exploits0References42
OSV
OSV
added 2021/11/12 11:3 a.m.2 views

OESA-2021-1431 rpm security update

The RPM Package Manager RPM is a powerful package management system capability as below Security Fixes: The OpenPGP subkey is associated with the master key through a binding signature. RPM will not check their binding signature before importing the subkey; if the attacker can add it or the other...

4.7CVSS6.8AI score0.00302EPSS
Exploits0References2
OSV
OSV
added 2021/06/24 2:15 p.m.4 views

CVE-2021-23993

An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user imports the crafted key, then Thunderbird may try to use the invalid...

6.5CVSS6.6AI score
Exploits0References2
OSV
OSV
added 2021/06/24 2:15 p.m.8 views

CVE-2021-23991

If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey, Thunderbird might...

6.8CVSS6.6AI score
Exploits0References2
OSV
OSV
added 2021/06/24 2:15 p.m.1 views

DEBIAN-CVE-2021-23991

If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey, Thunderbird might...

6.8CVSS7AI score0.01035EPSS
Exploits1References1
Rows per page
Query Builder