Lucene search
+L

88 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-44362

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology...

5.5CVSS6.2AI score0.00122EPSS
Exploits0References3
CVE
CVE
added 2026/07/06 7:33 p.m.16 views

CVE-2026-44362

OP-TEE (trusted execution environment for Arm TrustZone) has a vulnerability in subkey rollback protection affecting versions 3.20.0 through 4.10.x; during TA loading, shdr_load_pub_key() fails to propagate subkey_version into the runtime structure, so key->version stays zero. When check_updat...

5.5CVSS6AI score0.00122EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/07/06 7:33 p.m.36 views

CVE-2026-44362 OP-TEE's subkey rollback protection can be bypassed with older subkey versions

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20.0 and prior to version 4.11.0, a vulnerability in OP-TEE’s subkey rollback protection allows the use of revoked ...

5.5CVSS0.00122EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 11:53 a.m.4 views

CVE-2026-56232 Capgo - Subkey Scope Bypass in middlewareKey via x-limited-key-id Header

Capgo before 12.128.2 fails to enforce limitedtoorgs and limitedtoapps constraints on subkeys provided via x-limited-key-id header in middlewareKey function. Attackers can bypass subkey scope restrictions by referencing their own subkeys, causing all downstream route handlers to use the...

8.7CVSS6AI score0.00266EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/22 9:4 p.m.10 views

EUVD-2026-38369

Capgo before 12.128.2 contains a weak parsing vulnerability in the x-limited-key-id header that allows attackers to bypass subkey enforcement by submitting malformed values, zero, or duplicate headers that result in NaN or falsy values. Remote attackers can manipulate the x-limited-key-id header ...

6.4CVSS5.9AI score0.00251EPSS
Exploits0References2
NVD
NVD
added 2026/04/04 12:16 a.m.4 views

CVE-2026-34773

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, on Windows, app.setAsDefaultProtocolClientprotocol did not validate the protocol name before writing to the registry. Apps that pass...

7.5CVSS0.0024EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/31 12:0 a.m.5 views

EulerOS Virtualization 2.10.1 : gnupg2 (EulerOS-SA-2026-1117)

According to the versions of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that...

4.7CVSS6AI score0.00179EPSS
Exploits1References2
OSV
OSV
added 2025/12/09 5:14 a.m.6 views

USN-7412-3 gnupg2 vulnerability

USN-7412-1 fixed a vulnerability in GnuPG. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that GnuPG incorrectly handled importing keys with certain crafted subkey data. If a user or automated system were trick...

4.7CVSS6.6AI score0.00179EPSS
Exploits1References2
OSV
OSV
added 2025/10/17 10:31 p.m.5 views

JLSEC-2025-94 In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data th...

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."...

4.7CVSS6.8AI score0.00179EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-26837

Malware in sbrugna...

4.7CVSS6.2AI score0.00302EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.5 views

Unity Linux 20.1070e Security Update: rpm (UTSA-2025-680653)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680653 advisory. There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a binding signature. RPM does not check the binding signature...

4.7CVSS6.3AI score0.00302EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.5 views

EulerOS 2.0 SP12 : gnupg2 (EulerOS-SA-2025-2037)

According to the versions of the gnupg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect...

4.7CVSS6AI score0.00179EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.5 views

EulerOS 2.0 SP12 : gnupg2 (EulerOS-SA-2025-2006)

According to the versions of the gnupg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect...

4.7CVSS6AI score0.00179EPSS
Exploits1References2
Microsoft CVE
Microsoft CVE
added 2025/09/04 3:9 a.m.4 views

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."

...

4.7CVSS7AI score0.00179EPSS
Exploits1
SUSE Linux
SUSE Linux
added 2025/07/08 4:15 p.m.3 views

Security update for gpg2

This update for gpg2 fixes the following issues: CVE-2025-30258: Fix a verification DoS due to a malicious subkey in the keyring: bsc1239119, bsc1236931 gpg: Fix regression for the recent malicious subkey DoS fix. gpg: Fix another regression due to the T7547 fix. gpg: Allow the use of an ADSK...

2.7CVSS7.3AI score0.00179EPSS
Exploits1References8
OSV
OSV
added 2025/05/16 1:24 p.m.3 views

OESA-2025-1523 gnupg2 security update

GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 also known as PGP. GnuPG enables encryption and signing of data and communication, and features a versatile key management system as well as access modules for public key directories. Security Fixes: In GnuP...

4.7CVSS7AI score0.00179EPSS
Exploits1References2
OSV
OSV
added 2025/05/16 1:24 p.m.4 views

OESA-2025-1522 gnupg2 security update

GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 also known as PGP. GnuPG enables encryption and signing of data and communication, and features a versatile key management system as well as access modules for public key directories. Security Fixes: In GnuP...

4.7CVSS7AI score0.00179EPSS
Exploits1References2
OSV
OSV
added 2025/03/19 8:15 p.m.0 views

DEBIAN-CVE-2025-30258

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."...

4.7CVSS4.6AI score0.00179EPSS
Exploits1References1
OSV
OSV
added 2025/03/19 8:15 p.m.7 views

AZL-58935 CVE-2025-30258 affecting package gnupg2 2.4.9-2

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."...

4.7CVSS6.6AI score0.00179EPSS
Exploits1References1
OSV
OSV
added 2025/03/19 8:15 p.m.13 views

UBUNTU-CVE-2025-30258

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."...

4.7CVSS6.6AI score0.00179EPSS
Exploits1References5
Rows per page
Query Builder