Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnupg vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-1928
The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent malicious users to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "\" (backslash) characters to form multi-c...
Python-gnupg Project Python-gnupg
NA
CVE-2014-1929
python-gnupg 0.3.5 and 0.3.6 allows context-dependent malicious users to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323.
Python-gnupg Project Python-gnupg 0.3.6
Python-gnupg Project Python-gnupg 0.3.5
NA
CVE-2014-3564
Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME prior to 1.5.1 allow remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different...
Gnu Gpgme
Debian Debian Linux 6.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 10.04
NA
CVE-2014-5270
Libgcrypt prior to 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate malicious users to conduct key-extraction attacks by leveraging the ability to collect vo...
Gnupg Libgcrypt 1.5.0
Gnupg Libgcrypt 1.4.6
Gnupg Libgcrypt
Gnupg Libgcrypt 1.4.3
Gnupg Libgcrypt 1.4.0
Gnupg Libgcrypt 1.4.5
Gnupg Libgcrypt 1.4.4
Gnupg Libgcrypt 1.5.2
Gnupg Libgcrypt 1.5.1
Debian Debian Linux 7.0
NA
CVE-2014-4617
The do_uncompress function in g10/compress.c in GnuPG 1.x prior to 1.4.17 and 2.x prior to 2.0.24 allows context-dependent malicious users to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.
Gnupg Gnupg 2.0.1
Gnupg Gnupg 2.0.7
Gnupg Gnupg 2.0.15
Gnupg Gnupg 2.0.8
Gnupg Gnupg 2.0.11
Gnupg Gnupg 2.0.6
Gnupg Gnupg 2.0.10
Gnupg Gnupg 2.0.13
Gnupg Gnupg 2.0
Gnupg Gnupg 2.0.5
Gnupg Gnupg 2.0.17
Gnupg Gnupg 2.0.12
Gnupg Gnupg 2.0.18
Gnupg Gnupg 2.0.16
Gnupg Gnupg 2.0.21
Gnupg Gnupg 2.0.14
Gnupg Gnupg 2.0.4
Gnupg Gnupg 2.0.3
Gnupg Gnupg 2.0.22
Gnupg Gnupg 2.0.19
Gnupg Gnupg 2.0.20
Gnupg Gnupg 2.0.23
1 Github repository
NA
CVE-2013-7323
python-gnupg prior to 0.3.5 allows context-dependent malicious users to execute arbitrary commands via shell metacharacters in unspecified vectors.
Vinay Sajip Python-gnupg
Vinay Sajip Python-gnupg 0.3.3
Vinay Sajip Python-gnupg 0.3.1
Vinay Sajip Python-gnupg 0.3.2
Vinay Sajip Python-gnupg 0.3.0
NA
CVE-2014-1921
parcimonie prior to 0.8.1, when using a large keyring, sleeps for the same amount of time between fetches, which allows malicious users to correlate key fetches via unspecified vectors.
Parcimonie Project Parcimonie
Parcimonie Project Parcimonie 0.7-1
Parcimonie Project Parcimonie 0.6-3
Parcimonie Project Parcimonie 0.6-1
NA
CVE-2013-4351
GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote malicious users to bypass intended cryptographic protection mechanisms by leveraging the subkey.
Gnupg Gnupg 1.4.8
Gnupg Gnupg 1.4.6
Gnupg Gnupg 1.4.10
Gnupg Gnupg 1.4.0
Gnupg Gnupg 1.4.12
Gnupg Gnupg 1.4.11
Gnupg Gnupg 1.4.5
Gnupg Gnupg 1.4.4
Gnupg Gnupg 1.4.3
Gnupg Gnupg 1.4.2
Gnupg Gnupg 1.4.13
Gnupg Gnupg 2.0.13
Gnupg Gnupg 2.0.14
Gnupg Gnupg 2.0.4
Gnupg Gnupg 2.0.11
Gnupg Gnupg 2.0.12
Gnupg Gnupg 2.0.19
Gnupg Gnupg 2.0.3
Gnupg Gnupg 2.0
Gnupg Gnupg 2.0.15
Gnupg Gnupg 2.0.16
Gnupg Gnupg 2.0.6
NA
CVE-2012-6578
Best Practical Solutions RT 3.8.x prior to 3.8.15 and 4.0.x prior to 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's key for signing, which might allow remote malicious users to spoof messages by leveraging the lack of auth...
Bestpractical Request Tracker 3.8.7
Bestpractical Request Tracker 3.8.9
Bestpractical Request Tracker 3.8.10
Bestpractical Request Tracker 3.8.11
Bestpractical Request Tracker 3.8.4
Bestpractical Request Tracker 3.8.12
Bestpractical Request Tracker 3.8.14
Bestpractical Request Tracker 3.8.3
Bestpractical Request Tracker 3.8.13
Bestpractical Request Tracker 4.0.4
Bestpractical Request Tracker 4.0.6
Bestpractical Request Tracker 4.0.1
Bestpractical Request Tracker 4.0.0
Bestpractical Request Tracker 4.0.3
Bestpractical Request Tracker 4.0.2
Bestpractical Request Tracker 4.0.5
Bestpractical Request Tracker 4.0.7
NA
CVE-2012-6579
Best Practical Solutions RT 3.8.x prior to 3.8.15 and 4.0.x prior to 4.0.8, when GnuPG is enabled, allows remote malicious users to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service (loss of e-mail readability), via an e-mail mess...
Bestpractical Request Tracker 3.8.9
Bestpractical Request Tracker 3.8.10
Bestpractical Request Tracker 3.8.11
Bestpractical Request Tracker 3.8.12
Bestpractical Request Tracker 3.8.13
Bestpractical Request Tracker 3.8.3
Bestpractical Request Tracker 3.8.7
Bestpractical Request Tracker 3.8.4
Bestpractical Request Tracker 3.8.14
Bestpractical Request Tracker 4.0.0
Bestpractical Request Tracker 4.0.7
Bestpractical Request Tracker 4.0.3
Bestpractical Request Tracker 4.0.2
Bestpractical Request Tracker 4.0.5
Bestpractical Request Tracker 4.0.4
Bestpractical Request Tracker 4.0.1
Bestpractical Request Tracker 4.0.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »