Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:13276
HistoryJan 28, 2019 - 6:52 a.m.

Improper Input Validation

2019-01-2806:52:12
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

JSON

python-gnupg is susceptible to improper input validation. The passphrase property of the gnupg.GPG.encrypt() and gnupg.GPG.decrypt() methods are not properly validated, allowing the attacker to get control of the passphrase being encrypted or decrypted by supplying a newline as input to it when symmetric encryption is used.

CPENameOperatorVersion
python-gnupgle0.4.3
python-gnupgle0.4.3

References

Related

nessus 7
osv 5
cve 1
redhatcve 1
openvas 9
ubuntucve 1
debian 2
github 1
suse 2
fedora 3
debiancve 1
mageia 1
githubexploit 1
prion 1
ubuntu 2
nessus
nessus
Fedora 31 : python-gnupg (2020-e67d007a67)
2020-07-14 00:00:00
Debian DLA-1675-1 : python-gnupg security update
2019-02-15 00:00:00
Fedora 32 : python-gnupg (2020-17fb3273b2)
2020-07-14 00:00:00
osv
osv
PYSEC-2019-115
2019-03-21 16:01:00
python-gnupg - security update
2019-02-14 00:00:00
Improper Input Validation python-gnupg
2019-03-25 16:17:53
cve
cve
CVE-2019-6690
2019-03-21 16:01:00
redhatcve
redhatcve
CVE-2019-6690
2019-01-29 12:19:29
openvas
openvas
Fedora: Security Advisory for python-gnupg (FEDORA-2020-e67d007a67)
2020-07-15 00:00:00
openSUSE: Security Advisory for python-python-gnupg (openSUSE-SU-2019:0143-1)
2019-02-07 00:00:00
Debian: Security Advisory (DLA-1675-1)
2019-02-13 00:00:00
ubuntucve
ubuntucve
CVE-2019-6690
2019-03-21 00:00:00
debian
debian
[SECURITY] [DLA 1675-1] python-gnupg security update
2019-02-14 14:00:27
[SECURITY] [DLA 2862-1] python-gnupg security update
2021-12-28 21:13:26
github
github
Improper Input Validation python-gnupg
2019-03-25 16:17:53
suse
suse
Security update for python-python-gnupg (important)
2019-02-23 00:00:00
Security update for python-python-gnupg (important)
2019-02-07 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: python-gnupg-0.4.4-1.fc30
2019-06-18 18:15:19
[SECURITY] Fedora 32 Update: python-gnupg-0.4.6-1.fc32
2020-07-13 01:16:33
[SECURITY] Fedora 31 Update: python-gnupg-0.4.6-1.fc31
2020-07-13 01:39:07
debiancve
debiancve
CVE-2019-6690
2019-03-21 16:01:00
mageia
mageia
Updated python-gnupg packages fix security vulnerability
2019-03-07 19:34:45
githubexploit
githubexploit
Exploit for Improper Input Validation in Python Python-Gnupg
2019-01-20 15:29:46
prion
prion
Input validation
2019-03-21 16:01:00
ubuntu
ubuntu
python-gnupg vulnerabilities
2019-05-02 00:00:00
python-gnupg vulnerabilities
2021-03-15 00:00:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

JSON
Related for VERACODE:13276
nessus7osv5cve1redhatcve1openvas9ubuntucve1debian2github1suse2fedora3debiancve1mageia1githubexploit1prion1ubuntu2