CVE-2026-34773

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, on Windows, app.setAsDefaultProtocolClientprotocol did not validate the protocol name before writing to the registry. Apps that pass...

EulerOS Virtualization 2.10.1 : gnupg2 (EulerOS-SA-2026-1117)

According to the versions of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that...

USN-7412-3 gnupg2 vulnerability

USN-7412-1 fixed a vulnerability in GnuPG. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that GnuPG incorrectly handled importing keys with certain crafted subkey data. If a user or automated system were trick...

JLSEC-2025-94 In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data th...

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."...

EUVD-2021-26837

Malware in sbrugna...

Unity Linux 20.1070e Security Update: rpm (UTSA-2025-680653)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680653 advisory. There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a binding signature. RPM does not check the binding signature...

EulerOS 2.0 SP12 : gnupg2 (EulerOS-SA-2025-2006)

According to the versions of the gnupg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect...

EulerOS 2.0 SP12 : gnupg2 (EulerOS-SA-2025-2037)

According to the versions of the gnupg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect...

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."

...

Security update for gpg2

This update for gpg2 fixes the following issues: CVE-2025-30258: Fix a verification DoS due to a malicious subkey in the keyring: bsc1239119, bsc1236931 gpg: Fix regression for the recent malicious subkey DoS fix. gpg: Fix another regression due to the T7547 fix. gpg: Allow the use of an ADSK...

OESA-2025-1523 gnupg2 security update

GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 also known as PGP. GnuPG enables encryption and signing of data and communication, and features a versatile key management system as well as access modules for public key directories. Security Fixes: In GnuP...

OESA-2025-1522 gnupg2 security update

GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 also known as PGP. GnuPG enables encryption and signing of data and communication, and features a versatile key management system as well as access modules for public key directories. Security Fixes: In GnuP...

AZL-58935 CVE-2025-30258 affecting package gnupg2 2.4.9-2

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."...

DEBIAN-CVE-2025-30258

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."...

UBUNTU-CVE-2025-30258

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."...

RHEL 6 : gnupg (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - GnuPG: Unenforced configuration allows for apparently valid certifications actually signed by signing...

RHEL 6 : rpm (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - rpm: Following symlinks to directories when installing packages allows privilege escalation CVE-2017-7500...

RHEL 5 : gnupg (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - GnuPG: Unenforced configuration allows for apparently valid certifications actually signed by signing...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : rpm (SUSE-SU-2024:1557-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1557-1 advisory. - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via...

Rocky Linux 8 : rpm (RLSA-2022:0368)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:0368 advisory. - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a binding signature. RPM does not check the binding...