Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnupg gnupg vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2016-4356
The append_utf8_value function in the DN decoder (dn.c) in Libksba prior to 1.3.3 allows remote malicious users to cause a denial of service (out-of-bounds read) by clearing the high bit of the byte after invalid utf-8 encoded data.
Gnupg Libksba
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
5
CVSSv2
CVE-2016-4574
Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba prior to 1.3.4 allows remote malicious users to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for C...
Gnupg Libksba
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 14.04
Opensuse Leap 42.1
Opensuse Opensuse 13.2
5
CVSSv2
CVE-2016-4579
Libksba prior to 1.3.4 allows remote malicious users to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl."
Gnupg Libksba
Opensuse Leap 42.1
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 14.04
5
CVSSv2
CVE-2016-1404
Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System uses the same hardcoded GnuPG encryption key across different customers' installations, which allows remote malicious users to defeat cryptographic protection mechanisms by sniffing networ...
Cisco Ucs Invicta C3124sa Appliance 4.5 Base
Cisco Ucs Invicta C3124sa Appliance 4.3 Base
Cisco Ucs Invicta C3124sa Appliance 4.3.1
Cisco Ucs Invicta C3124sa Appliance 4.5.0
Cisco Ucs Invicta C3124sa Appliance 5.0.1
Cisco Ucs Invicta C3124sa Appliance 5.0 Base
5
CVSSv2
CVE-2014-4617
The do_uncompress function in g10/compress.c in GnuPG 1.x prior to 1.4.17 and 2.x prior to 2.0.24 allows context-dependent malicious users to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.
Gnupg Gnupg 2.0.1
Gnupg Gnupg 2.0.7
Gnupg Gnupg 2.0.15
Gnupg Gnupg 2.0.8
Gnupg Gnupg 2.0.11
Gnupg Gnupg 2.0.6
Gnupg Gnupg 2.0.10
Gnupg Gnupg 2.0.13
Gnupg Gnupg 2.0
Gnupg Gnupg 2.0.5
Gnupg Gnupg 2.0.17
Gnupg Gnupg 2.0.12
Gnupg Gnupg 2.0.18
Gnupg Gnupg 2.0.16
Gnupg Gnupg 2.0.21
Gnupg Gnupg 2.0.14
Gnupg Gnupg 2.0.4
Gnupg Gnupg 2.0.3
Gnupg Gnupg 2.0.22
Gnupg Gnupg 2.0.19
Gnupg Gnupg 2.0.20
Gnupg Gnupg 2.0.23
1 Github repository
5
CVSSv2
CVE-2012-4734
Request Tracker (RT) 3.8.x prior to 3.8.15 and 4.0.x prior to 4.0.8 allows remote malicious users to conduct a "confused deputy" attack to bypass the CSRF warning protection mechanism and cause victims to "modify arbitrary state" via unknown vectors related to...
Bestpractical Rt 3.8.9
Bestpractical Rt 3.8.0
Bestpractical Rt 3.8.1
Bestpractical Rt 3.8.4
Bestpractical Rt 3.8.7
Bestpractical Rt 3.8.8
Bestpractical Rt 3.8.2
Bestpractical Rt 3.8.6
Bestpractical Rt 3.8.10
Bestpractical Rt 4.0.4
Bestpractical Rt 4.0.5
Bestpractical Rt 4.0.0
Bestpractical Rt 4.0.7
Bestpractical Rt 4.0.1
Bestpractical Rt 3.8.14
Bestpractical Rt 3.8.11
Bestpractical Rt 4.0.3
Bestpractical Rt 3.8.3
Bestpractical Rt 3.8.13
Bestpractical Rt 4.0.6
Bestpractical Rt 4.0.2
Bestpractical Rt 3.8.5
5
CVSSv2
CVE-2012-4884
Argument injection vulnerability in Request Tracker (RT) 3.8.x prior to 3.8.15 and 4.0.x prior to 4.0.8 allows remote malicious users to create arbitrary files via unspecified vectors related to the GnuPG client.
Bestpractical Rt 3.8.1
Bestpractical Rt 3.8.0
Bestpractical Rt 3.8.4
Bestpractical Rt 3.8.2
Bestpractical Rt 3.8.8
Bestpractical Rt 3.8.14
Bestpractical Rt 3.8.6
Bestpractical Rt 3.8.9
Bestpractical Rt 3.8.5
Bestpractical Rt 3.8.3
Bestpractical Rt 3.8.11
Bestpractical Rt 3.8.12
Bestpractical Rt 3.8.10
Bestpractical Rt 3.8.7
Bestpractical Rt 3.8.13
Bestpractical Rt 4.0.2
Bestpractical Rt 4.0.4
Bestpractical Rt 4.0.8
Bestpractical Rt 4.0.7
Bestpractical Rt 4.0.0
Bestpractical Rt 4.0.3
Bestpractical Rt 4.0.1
5
CVSSv2
CVE-2007-1263
GnuPG 1.4.6 and previous versions and GPGME prior to 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote malicious users to forge the contents of a message without...
Gnupg Gnupg
Gnu Gpgme
1 EDB exploit
5
CVSSv2
CVE-2007-1264
Enigmail 0.94.2 and previous versions does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote malicious users to...
Enigmail Enigmail
1 EDB exploit
5
CVSSv2
CVE-2007-1266
Evolution 2.8.1 and previous versions does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote malicious users t...
Gnome Evolution
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »