Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnupg gnupg vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2017-9526
In Libgcrypt prior to 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that con...
Gnupg Libgcrypt
5.5
CVSSv3
CVE-2015-1606
The keyring DB in GnuPG prior to 2.1.2 does not properly handle invalid packets, which allows remote malicious users to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.
Gnupg Gnupg
Debian Debian Linux 8.0
Debian Debian Linux 7.0
5.5
CVSSv3
CVE-2015-1607
kbx/keybox-search.c in GnuPG prior to 1.4.19, 2.0.x prior to 2.0.27, and 2.1.x prior to 2.1.2 does not properly handle bitwise left-shifts, which allows remote malicious users to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extens...
Gnupg Gnupg
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 10.04
5.3
CVSSv3
CVE-2011-2207
dirmngr prior to 2.1.0 improperly handles certain system calls, which allows remote malicious users to cause a denial of service (DOS) via a specially-crafted certificate.
Gnupg Gnupg
Redhat Enterprise Linux 6.0
Debian Debian Linux 8.0
4.2
CVSSv3
CVE-2014-3591
Libgcrypt prior to 1.6.3 and GnuPG prior to 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate malicious users to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the ...
Gnupg Gnupg
Gnupg Libgcrypt
Debian Debian Linux 7.0
Debian Debian Linux 8.0
3.3
CVSSv3
CVE-2022-3219
GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
Gnupg Gnupg -
3.3
CVSSv3
CVE-2021-3349
GNOME Evolution up to and including 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, a...
Gnome Evolution
2
CVSSv3
CVE-2015-7511
Libgcrypt prior to 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate malicious users to extract ECDH keys by measuring electromagnetic emanations.
Gnupg Libgcrypt
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 14.04
1 Article
NA
CVE-2015-6506
Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) prior to 4.2.12 allows remote malicious users to inject arbitrary web script or HTML via a crafted public key.
Bestpractical Request Tracker
NA
CVE-2015-5475
Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x prior to 4.2.12 allow remote malicious users to inject arbitrary web script or HTML via vectors related to the (1) user and (2) group rights management pages.
Bestpractical Request Tracker
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »