Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnupg vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-1000858
GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in ...
Gnupg Gnupg
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 18.04
7.5
CVSSv3
CVE-2018-19205
Roundcube prior to 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for malicious users to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php.
Roundcube Webmail
6.8
CVSSv3
CVE-2017-7526
libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computatio...
Gnupg Libgcrypt
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Debian Debian Linux 8.0
Debian Debian Linux 9.0
9.8
CVSSv3
CVE-2018-12356
An issue exists in password-store.sh in pass in Simple Password Store 1.7.x prior to 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote malicious users to spoof file signatures on configuration files and...
Simple Password Store Project Simple Password Store
1 Article
7.5
CVSSv3
CVE-2018-9234
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.
Gnupg Gnupg 2.2.4
Gnupg Gnupg 2.2.5
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
7.5
CVSSv3
CVE-2018-6829
cipher/elgamal.c in Libgcrypt up to and including 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows malicious users to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertex...
Gnupg Libgcrypt
7.5
CVSSv3
CVE-2017-0379
Libgcrypt prior to 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for malicious users to discover a secret key, related to cipher/ecc.c and mpi/ec.c.
Gnupg Libgcrypt
Debian Debian Linux 9.0
5.9
CVSSv3
CVE-2017-9526
In Libgcrypt prior to 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that con...
Gnupg Libgcrypt
7.5
CVSSv3
CVE-2016-4353
ber-decoder.c in Libksba prior to 1.3.3 does not properly handle decoder stack overflows, which allows remote malicious users to cause a denial of service (abort) via crafted BER data.
Gnupg Libksba
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
7.5
CVSSv3
CVE-2016-4355
Multiple integer overflows in ber-decoder.c in Libksba prior to 1.3.3 allow remote malicious users to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.
Gnupg Libksba
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »