88 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-44362
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology...
CVE-2026-44362
OP-TEE (trusted execution environment for Arm TrustZone) has a vulnerability in subkey rollback protection affecting versions 3.20.0 through 4.10.x; during TA loading, shdr_load_pub_key() fails to propagate subkey_version into the runtime structure, so key->version stays zero. When check_updat...
CVE-2026-44362 OP-TEE's subkey rollback protection can be bypassed with older subkey versions
OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20.0 and prior to version 4.11.0, a vulnerability in OP-TEE’s subkey rollback protection allows the use of revoked ...
CVE-2026-56232 Capgo - Subkey Scope Bypass in middlewareKey via x-limited-key-id Header
Capgo before 12.128.2 fails to enforce limitedtoorgs and limitedtoapps constraints on subkeys provided via x-limited-key-id header in middlewareKey function. Attackers can bypass subkey scope restrictions by referencing their own subkeys, causing all downstream route handlers to use the...
EUVD-2026-38369
Capgo before 12.128.2 contains a weak parsing vulnerability in the x-limited-key-id header that allows attackers to bypass subkey enforcement by submitting malformed values, zero, or duplicate headers that result in NaN or falsy values. Remote attackers can manipulate the x-limited-key-id header ...
CVE-2026-34773
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, on Windows, app.setAsDefaultProtocolClientprotocol did not validate the protocol name before writing to the registry. Apps that pass...
EulerOS Virtualization 2.10.1 : gnupg2 (EulerOS-SA-2026-1117)
According to the versions of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that...
USN-7412-3 gnupg2 vulnerability
USN-7412-1 fixed a vulnerability in GnuPG. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that GnuPG incorrectly handled importing keys with certain crafted subkey data. If a user or automated system were trick...
JLSEC-2025-94 In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data th...
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."...
EUVD-2021-26837
Malware in sbrugna...
Unity Linux 20.1070e Security Update: rpm (UTSA-2025-680653)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680653 advisory. There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a binding signature. RPM does not check the binding signature...
EulerOS 2.0 SP12 : gnupg2 (EulerOS-SA-2025-2037)
According to the versions of the gnupg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect...
EulerOS 2.0 SP12 : gnupg2 (EulerOS-SA-2025-2006)
According to the versions of the gnupg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect...
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."
...
Security update for gpg2
This update for gpg2 fixes the following issues: CVE-2025-30258: Fix a verification DoS due to a malicious subkey in the keyring: bsc1239119, bsc1236931 gpg: Fix regression for the recent malicious subkey DoS fix. gpg: Fix another regression due to the T7547 fix. gpg: Allow the use of an ADSK...
OESA-2025-1523 gnupg2 security update
GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 also known as PGP. GnuPG enables encryption and signing of data and communication, and features a versatile key management system as well as access modules for public key directories. Security Fixes: In GnuP...
OESA-2025-1522 gnupg2 security update
GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 also known as PGP. GnuPG enables encryption and signing of data and communication, and features a versatile key management system as well as access modules for public key directories. Security Fixes: In GnuP...
DEBIAN-CVE-2025-30258
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."...
AZL-58935 CVE-2025-30258 affecting package gnupg2 2.4.9-2
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."...
UBUNTU-CVE-2025-30258
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."...