Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnupg vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-14855
A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions prior to 2.2.18.
Gnupg Gnupg
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Canonical Ubuntu Linux 18.04
1 Github repository
4.2
CVSSv3
CVE-2014-3591
Libgcrypt prior to 1.6.3 and GnuPG prior to 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate malicious users to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the ...
Gnupg Gnupg
Gnupg Libgcrypt
Debian Debian Linux 7.0
Debian Debian Linux 8.0
5.9
CVSSv3
CVE-2015-0837
The mpi_powm function in Libgcrypt prior to 1.6.3 and GnuPG prior to 1.4.19 allows malicious users to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel ...
Gnupg Gnupg
Gnupg Libgcrypt
Debian Debian Linux 7.0
Debian Debian Linux 8.0
5.3
CVSSv3
CVE-2011-2207
dirmngr prior to 2.1.0 improperly handles certain system calls, which allows remote malicious users to cause a denial of service (DOS) via a specially-crafted certificate.
Gnupg Gnupg
Redhat Enterprise Linux 6.0
Debian Debian Linux 8.0
5.5
CVSSv3
CVE-2015-1606
The keyring DB in GnuPG prior to 2.1.2 does not properly handle invalid packets, which allows remote malicious users to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.
Gnupg Gnupg
Debian Debian Linux 8.0
Debian Debian Linux 7.0
5.5
CVSSv3
CVE-2015-1607
kbx/keybox-search.c in GnuPG prior to 1.4.19, 2.0.x prior to 2.0.27, and 2.1.x prior to 2.1.2 does not properly handle bitwise left-shifts, which allows remote malicious users to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extens...
Gnupg Gnupg
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 10.04
6.5
CVSSv3
CVE-2019-9149
Mailvelope before 3.3.0 allows private key operations without user interaction via its client-API. By modifying an URL parameter in Mailvelope, an attacker is able to sign (and encrypt) arbitrary messages with Mailvelope, assuming the private key password is cached. A second vuln...
Mailvelope Mailvelope
7.5
CVSSv3
CVE-2019-13050
Interaction between the sks-keyserver code up to and including 1.2.0 of the SKS keyserver network, and GnuPG up to and including 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network...
Gnupg Gnupg
Sks Keyserver Project Sks Keyserver
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.0
Opensuse Leap 15.1
F5 Traffix Signaling Delivery Controller
5.9
CVSSv3
CVE-2019-12904
In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) NOTE: the ven...
Gnupg Libgcrypt 1.8.4
Opensuse Leap 15.0
7.5
CVSSv3
CVE-2019-6690
python-gnupg 0.4.3 allows context-dependent malicious users to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input...
Python Python-gnupg 0.4.3
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Opensuse Leap 15.0
Suse Backports -
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 19.04
3 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »