Lucene search
K

157 matches found

OSV
OSV
added 2026/05/02 1:16 a.m.18 views

CLSA-2026-1777545003 rpm: Fix of CVE-2021-3521

CVE-2021-3521: validate and require subkey binding signatures on PGP public keys...

4.7CVSS6.7AI score0.00302EPSS
Exploits0References1
OSV
OSV
added 2026/04/30 8:56 a.m.8 views

CLSA-2026-1777539405 rpm: Fix of CVE-2021-3521

CVE-2021-3521: validate and require subkey binding signatures on PGP public keys...

4.7CVSS6.7AI score0.00302EPSS
Exploits0References1
OSV
OSV
added 2026/04/30 8:51 a.m.11 views

CLSA-2026-1777539108 rpm: Fix of CVE-2021-3521

CVE-2021-3521: validate and require subkey binding signatures on PGP public keys...

4.7CVSS5.8AI score0.00302EPSS
Exploits0References1
OSV
OSV
added 2026/04/14 9:31 a.m.8 views

CLSA-2026-1776159098 Fix CVE(s): CVE-2025-30258

SECURITY UPDATE: signature verification DoS via malicious subkey - debian/patches/CVE-2025-30258.patch: require signing usage when looking up public key for signature verification, filtering out subkeys without valid backsig. Include upstream regression fixes to preserve verification of signature...

4.7CVSS5.8AI score0.00179EPSS
Exploits1References1
OSV
OSV
added 2026/04/02 7:42 p.m.10 views

CLSA-2026-1775119189 gnupg2: Fix of CVE-2025-30258

CVE-2025-30258: fix verification DoS due to a malicious subkey in the keyring...

4.7CVSS5.8AI score0.00179EPSS
Exploits1References1
OSV
OSV
added 2026/03/27 11:57 a.m.21 views

CLSA-2026-1774612633 gnupg2: Fix of CVE-2025-30258

CVE-2025-30258: fix verification DoS due to a malicious subkey in the keyring...

4.7CVSS5.8AI score0.00179EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.8 views

EulerOS Virtualization 2.12.1 : gnupg2 (EulerOS-SA-2026-1427)

According to the versions of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In GnuPG before 2.4.9, armorfilter in g10/armor.c has two increments of an index variable where one is intended, leading to an...

7.8CVSS5.9AI score0.00179EPSS
Exploits2References3
OSV
OSV
added 2026/03/03 9:3 p.m.8 views

CLSA-2026-1772571803 munge: Fix of CVE-2026-25506

CVE-2026-25506: fix buffer overflow in message parsing and add bounds checks and input validation for address length; prevent leak of cryptographic MAC subkey and forging of arbitrary credentials...

7.8CVSS7.6AI score0.00302EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/02/12 12:25 a.m.4 views

SUSE CVE-2026-25506

MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...

7.7CVSS6.3AI score0.00302EPSS
Exploits0References11
OSV
OSV
added 2026/02/10 7:16 p.m.7 views

AZL-77451 CVE-2026-25506 affecting package munge for versions less than 0.5.18-1

MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...

7.8CVSS6.2AI score0.00302EPSS
Exploits0References1
OSV
OSV
added 2026/02/10 7:16 p.m.7 views

AZL-77444 CVE-2026-25506 affecting package munge for versions less than 0.5.18-1

MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...

7.8CVSS6.2AI score0.00302EPSS
Exploits0References1
NVD
NVD
added 2026/02/10 7:16 p.m.9 views

CVE-2026-25506

MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...

7.8CVSS0.00302EPSS
Exploits0References22
UbuntuCve
UbuntuCve
added 2026/02/10 7:16 p.m.5 views

CVE-2026-25506

MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...

7.8CVSS6.4AI score0.00302EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/02/10 6:55 p.m.4 views

CVE-2026-25506

MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...

7.7CVSS6.2AI score0.00302EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2026/02/10 6:55 p.m.8 views

CVE-2026-25506

MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...

7.8CVSS6.3AI score0.00302EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-25506

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability ...

7.7CVSS6.4AI score0.00302EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/31 12:0 a.m.4 views

EulerOS Virtualization 2.10.0 : gnupg2 (EulerOS-SA-2026-1168)

According to the versions of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that...

4.7CVSS6AI score0.00179EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/09 12:0 a.m.5 views

Siemens Ruggedcom ROX Improper Input Validation (CVE-2018-9234)

GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. This plugin only works with Tenable.ot. Please visit...

7.5CVSS6.8AI score0.02082EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2025/12/09 5:14 a.m.7 views

USN-7412-3: GnuPG vulnerability

USN-7412-1 fixed a vulnerability in GnuPG. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that GnuPG incorrectly handled importing keys with certain crafted subkey data. If a user or automated system were trick...

4.7CVSS4.9AI score0.00179EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/12/09 12:0 a.m.3 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: gnupg2 (UTSA-2025-991068)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991068 advisory. In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the...

4.7CVSS5.9AI score0.00179EPSS
Exploits1References4
Rows per page
Query Builder