CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9234 – Ubuntu Security Notice USN-3675-1
https://notcve.org/view.php?id=CVE-2018-9234
04 Apr 2018 — GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. GnuPG 2.2.4 y 2.2.5 no aplica una configuración en la que la certificación de claves requiere una clave maestra Certify offline. Esto resulta en que certificados aparentemente válidos ocurran solo con acceso a una subclave de firma. Marcus Brinkmann discovered that during decryption or ve... • https://dev.gnupg.org/T3844 • CWE-320: Key Management Errors •
CVSS: 5.3EPSS: 1%CPEs: 15EXPL: 0CVE-2016-6313 – libgcrypt: PRNG output is predictable
https://notcve.org/view.php?id=CVE-2016-6313
18 Aug 2016 — The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits. Las funciones de mezcla en el generador de números aleatorios en Libgcrypt en versiones anteriores a 1.5.6, 1.6.x en versiones anteriores a 1.6.6 y 1.7.x en versiones anteriores a 1.7.3 y GnuPG en versiones anteriores a 1.4.21 hacen más fácil para ataca... • http://rhn.redhat.com/errata/RHSA-2016-2674.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2015-1607 – Ubuntu Security Notice USN-2554-1
https://notcve.org/view.php?id=CVE-2015-1607
01 Apr 2015 — kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges." El archivo kbx/keybox-search.c en GnuPG versiones anteriores a 1.4.19, versiones 2.0.x anteriores a 2.0.27 y versiones 2.1.x anteriores a 2.1.2, no maneja apropiadamente los cambios a la izquierda bit ... • http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=2183683bd633818dd031b090b5530951de76f392 • CWE-20: Improper Input Validation •
CVSS: 4.2EPSS: 0%CPEs: 4EXPL: 0CVE-2014-3591 – Debian Security Advisory 3184-1
https://notcve.org/view.php?id=CVE-2014-3591
13 Mar 2015 — Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication. Libgcrypt versiones anteriores a 1.6.3 y GnuPG versiones anteriores a 1.4.19, no implementa un blinding de texto cifrado para el desencriptado de Elgamal, lo que permite a atacantes físicamente próximos... • http://www.cs.tau.ac.il/~tromer/radioexp • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2015-0837 – Debian Security Advisory 3184-1
https://notcve.org/view.php?id=CVE-2015-0837
13 Mar 2015 — The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack." La función mpi_powm en Libgcrypt versiones anteriores a 1.6.3 y GnuPG versiones anteriores a 1.4.19, permite a atacantes obtener información confidencial mediante el aprovechamiento de las diferencias de tiempo al acceder a una tabla prec... • http://www.debian.org/security/2015/dsa-3184 • CWE-203: Observable Discrepancy •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1606 – Debian Security Advisory 3184-1
https://notcve.org/view.php?id=CVE-2015-1606
13 Mar 2015 — The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file. La base de datos de llavero en GnuPG versiones anteriores a la versión 2.1.2, no maneja apropiadamente los paquetes no válidos, lo que permite a atacantes remotos causar una denegación de servicio (lectura no válida y uso de la memoria previamente liberada) por medio de un archivo de llavero especialmente diseñ... • http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 4%CPEs: 10EXPL: 0CVE-2014-9087 – Debian Security Advisory 3078-1
https://notcve.org/view.php?id=CVE-2014-9087
28 Nov 2014 — Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow. Desbordamiento de enteros en la función ksba_oid_to_str en Libksba anterior a 1.3.2, utilizado en GnuPG, permite a atacantes remotos causar una denegación de servicio (caída) a través de un OID manipulado en (1) un mensaje S/MIME o (2) datos OpenPGP b... • http://advisories.mageia.org/MGASA-2014-0498.html • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.5EPSS: 7%CPEs: 64EXPL: 0CVE-2014-4617 – Ubuntu Security Notice USN-2258-1
https://notcve.org/view.php?id=CVE-2014-4617
25 Jun 2014 — The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence. La función do_uncompress en g10/compress.c en GnuPG 1.x anterior a 1.4.17 y 2.x anterior a 2.0.24 permite a atacantes dependientes de contexto causar una denegación de servicio (bucle infinito) a través de paquetes comprimidos malformados, tal y como fue ... • http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=014b2103fcb12f261135e3954f26e9e07b39e342 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2014-1927 – Debian Security Advisory 2946-1
https://notcve.org/view.php?id=CVE-2014-1927
05 Jun 2014 — The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "$(" command-substitution sequences, a different vulnerability than CVE-2014-1928. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323. La función shell_quote en python-gnupg 0.3.5 no cita debidamente cadenas, lo que permite a atacantes dependientes de contexto ejecu... • http://seclists.org/oss-sec/2014/q1/245 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 3CVE-2014-1928 – Debian Security Advisory 2946-1
https://notcve.org/view.php?id=CVE-2014-1928
05 Jun 2014 — The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "\" (backslash) characters to form multi-command sequences, a different vulnerability than CVE-2014-1927. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323. La función shell_quote en python-gnupg 0.3.5 no escapa debidamente los caracteres, lo que permite a atac... • http://seclists.org/oss-sec/2014/q1/246 • CWE-20: Improper Input Validation •