Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnupg vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2016-1404
Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and Invicta Scaling System uses the same hardcoded GnuPG encryption key across different customers' installations, which allows remote malicious users to defeat cryptographic protection mechanisms by sniffing networ...
Cisco Ucs Invicta C3124sa Appliance 4.5 Base
Cisco Ucs Invicta C3124sa Appliance 4.3 Base
Cisco Ucs Invicta C3124sa Appliance 4.3.1
Cisco Ucs Invicta C3124sa Appliance 4.5.0
Cisco Ucs Invicta C3124sa Appliance 5.0.1
Cisco Ucs Invicta C3124sa Appliance 5.0 Base
383
VMScore
CVE-2012-6578
Best Practical Solutions RT 3.8.x prior to 3.8.15 and 4.0.x prior to 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's key for signing, which might allow remote malicious users to spoof messages by leveraging the lack of auth...
Bestpractical Request Tracker 3.8.7
Bestpractical Request Tracker 3.8.9
Bestpractical Request Tracker 3.8.10
Bestpractical Request Tracker 3.8.11
Bestpractical Request Tracker 3.8.4
Bestpractical Request Tracker 3.8.12
Bestpractical Request Tracker 3.8.14
Bestpractical Request Tracker 3.8.3
Bestpractical Request Tracker 3.8.13
Bestpractical Request Tracker 4.0.4
Bestpractical Request Tracker 4.0.6
Bestpractical Request Tracker 4.0.1
Bestpractical Request Tracker 4.0.0
Bestpractical Request Tracker 4.0.3
Bestpractical Request Tracker 4.0.2
Bestpractical Request Tracker 4.0.5
Bestpractical Request Tracker 4.0.7
570
VMScore
CVE-2012-6579
Best Practical Solutions RT 3.8.x prior to 3.8.15 and 4.0.x prior to 4.0.8, when GnuPG is enabled, allows remote malicious users to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service (loss of e-mail readability), via an e-mail mess...
Bestpractical Request Tracker 3.8.9
Bestpractical Request Tracker 3.8.10
Bestpractical Request Tracker 3.8.11
Bestpractical Request Tracker 3.8.12
Bestpractical Request Tracker 3.8.13
Bestpractical Request Tracker 3.8.3
Bestpractical Request Tracker 3.8.7
Bestpractical Request Tracker 3.8.4
Bestpractical Request Tracker 3.8.14
Bestpractical Request Tracker 4.0.0
Bestpractical Request Tracker 4.0.7
Bestpractical Request Tracker 4.0.3
Bestpractical Request Tracker 4.0.2
Bestpractical Request Tracker 4.0.5
Bestpractical Request Tracker 4.0.4
Bestpractical Request Tracker 4.0.1
Bestpractical Request Tracker 4.0.6
383
VMScore
CVE-2012-6581
Best Practical Solutions RT 3.8.x prior to 3.8.15 and 4.0.x prior to 4.0.8, when GnuPG is enabled, allows remote malicious users to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by an arbitrary stored secre...
Bestpractical Request Tracker 3.8.3
Bestpractical Request Tracker 3.8.4
Bestpractical Request Tracker 3.8.7
Bestpractical Request Tracker 3.8.10
Bestpractical Request Tracker 3.8.12
Bestpractical Request Tracker 3.8.13
Bestpractical Request Tracker 3.8.14
Bestpractical Request Tracker 3.8.9
Bestpractical Request Tracker 3.8.11
Bestpractical Request Tracker 4.0.5
Bestpractical Request Tracker 4.0.4
Bestpractical Request Tracker 4.0.7
Bestpractical Request Tracker 4.0.6
Bestpractical Request Tracker 4.0.0
Bestpractical Request Tracker 4.0.2
Bestpractical Request Tracker 4.0.1
Bestpractical Request Tracker 4.0.3
570
VMScore
CVE-2019-9149
Mailvelope before 3.3.0 allows private key operations without user interaction via its client-API. By modifying an URL parameter in Mailvelope, an attacker is able to sign (and encrypt) arbitrary messages with Mailvelope, assuming the private key password is cached. A second vuln...
Mailvelope Mailvelope
383
VMScore
CVE-2012-6580
Best Practical Solutions RT 3.8.x prior to 3.8.15 and 4.0.x prior to 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote malicious users to spoof details of a message's origin or interfer...
Bestpractical Request Tracker 3.8.3
Bestpractical Request Tracker 3.8.4
Bestpractical Request Tracker 3.8.7
Bestpractical Request Tracker 3.8.9
Bestpractical Request Tracker 3.8.11
Bestpractical Request Tracker 3.8.13
Bestpractical Request Tracker 3.8.14
Bestpractical Request Tracker 3.8.10
Bestpractical Request Tracker 3.8.12
Bestpractical Request Tracker 4.0.6
Bestpractical Request Tracker 4.0.3
Bestpractical Request Tracker 4.0.5
Bestpractical Request Tracker 4.0.7
Bestpractical Request Tracker 4.0.1
Bestpractical Request Tracker 4.0.0
Bestpractical Request Tracker 4.0.2
Bestpractical Request Tracker 4.0.4
668
VMScore
CVE-2014-1921
parcimonie prior to 0.8.1, when using a large keyring, sleeps for the same amount of time between fetches, which allows malicious users to correlate key fetches via unspecified vectors.
Parcimonie Project Parcimonie
Parcimonie Project Parcimonie 0.7-1
Parcimonie Project Parcimonie 0.6-3
Parcimonie Project Parcimonie 0.6-1
312
VMScore
CVE-2012-4730
Request Tracker (RT) 3.8.x prior to 3.8.15 and 4.0.x prior to 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors.
Bestpractical Rt 3.8.5
Bestpractical Rt 3.8.1
Bestpractical Rt 3.8.12
Bestpractical Rt 3.8.10
Bestpractical Rt 3.8.7
Bestpractical Rt 3.8.8
Bestpractical Rt 3.8.0
Bestpractical Rt 3.8.11
Bestpractical Rt 3.8.6
Bestpractical Rt 4.0.8
Bestpractical Rt 4.0.0
Bestpractical Rt 4.0.7
Bestpractical Rt 4.0.3
Bestpractical Rt 3.8.3
Bestpractical Rt 3.8.4
Bestpractical Rt 3.8.13
Bestpractical Rt 3.8.2
Bestpractical Rt 3.8.9
Bestpractical Rt 4.0.4
Bestpractical Rt 4.0.5
Bestpractical Rt 4.0.1
Bestpractical Rt 4.0.2
605
VMScore
CVE-2012-4732
Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions prior to 3.8.15, and 4.0.6 and other versions prior to 4.0.8, allows remote malicious users to hijack the authentication of users for requests that toggle ticket bookmarks.
Bestpractical Rt 3.8.14
Bestpractical Rt 3.8.13
Bestpractical Rt 3.8.12
Bestpractical Rt 4.0.6
Bestpractical Rt 4.0.7
Bestpractical Rt 4.0.8
445
VMScore
CVE-2012-4734
Request Tracker (RT) 3.8.x prior to 3.8.15 and 4.0.x prior to 4.0.8 allows remote malicious users to conduct a "confused deputy" attack to bypass the CSRF warning protection mechanism and cause victims to "modify arbitrary state" via unknown vectors related to...
Bestpractical Rt 3.8.9
Bestpractical Rt 3.8.0
Bestpractical Rt 3.8.1
Bestpractical Rt 3.8.4
Bestpractical Rt 3.8.7
Bestpractical Rt 3.8.8
Bestpractical Rt 3.8.2
Bestpractical Rt 3.8.6
Bestpractical Rt 3.8.10
Bestpractical Rt 4.0.4
Bestpractical Rt 4.0.5
Bestpractical Rt 4.0.0
Bestpractical Rt 4.0.7
Bestpractical Rt 4.0.1
Bestpractical Rt 3.8.14
Bestpractical Rt 3.8.11
Bestpractical Rt 4.0.3
Bestpractical Rt 3.8.3
Bestpractical Rt 3.8.13
Bestpractical Rt 4.0.6
Bestpractical Rt 4.0.2
Bestpractical Rt 3.8.5
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
NEXT »