Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnupg vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2016-4356
The append_utf8_value function in the DN decoder (dn.c) in Libksba prior to 1.3.3 allows remote malicious users to cause a denial of service (out-of-bounds read) by clearing the high bit of the byte after invalid utf-8 encoded data.
Gnupg Libksba
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
7.5
CVSSv3
CVE-2016-4574
Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba prior to 1.3.4 allows remote malicious users to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for C...
Gnupg Libksba
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 14.04
Opensuse Leap 42.1
Opensuse Opensuse 13.2
7.5
CVSSv3
CVE-2016-4579
Libksba prior to 1.3.4 allows remote malicious users to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl."
Gnupg Libksba
Opensuse Leap 42.1
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 14.04
7.5
CVSSv3
CVE-2016-4354
ber-decoder.c in Libksba prior to 1.3.3 uses an incorrect integer data type, which allows remote malicious users to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow.
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Gnupg Libksba
7.5
CVSSv3
CVE-2016-1404
Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System uses the same hardcoded GnuPG encryption key across different customers' installations, which allows remote malicious users to defeat cryptographic protection mechanisms by sniffing networ...
Cisco Ucs Invicta C3124sa Appliance 4.5 Base
Cisco Ucs Invicta C3124sa Appliance 4.3 Base
Cisco Ucs Invicta C3124sa Appliance 4.3.1
Cisco Ucs Invicta C3124sa Appliance 4.5.0
Cisco Ucs Invicta C3124sa Appliance 5.0.1
Cisco Ucs Invicta C3124sa Appliance 5.0 Base
2
CVSSv3
CVE-2015-7511
Libgcrypt prior to 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate malicious users to extract ECDH keys by measuring electromagnetic emanations.
Gnupg Libgcrypt
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 14.04
1 Article
NA
CVE-2015-6506
Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) prior to 4.2.12 allows remote malicious users to inject arbitrary web script or HTML via a crafted public key.
Bestpractical Request Tracker
NA
CVE-2015-5475
Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x prior to 4.2.12 allow remote malicious users to inject arbitrary web script or HTML via vectors related to the (1) user and (2) group rights management pages.
Bestpractical Request Tracker
NA
CVE-2014-9087
Integer underflow in the ksba_oid_to_str function in Libksba prior to 1.3.2, as used in GnuPG, allows remote malicious users to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.
Mageia Mageia 3.0
Mageia Mageia 4.0
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Gnupg Libksba
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Gnupg Gnupg 2.1.0
NA
CVE-2014-1927
The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent malicious users to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "$(" command-substitution sequences, a differe...
Python-gnupg Project Python-gnupg 0.3.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »