CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2019-13050 – GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS
https://notcve.org/view.php?id=CVE-2019-13050
29 Jun 2019 — Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack. La interacción entre el código sks-keyserver hasta versión 1.2.0 de la red SKS keyserver, y GnuPG hasta la versión 2.2.16, hace arriesgado tener una línea de configuración... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00039.html • CWE-295: Improper Certificate Validation CWE-297: Improper Validation of Certificate with Host Mismatch •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 2CVE-2014-3207
https://notcve.org/view.php?id=CVE-2014-3207
08 May 2014 — Cross-site scripting (XSS) vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to pks/lookup/undefined1. Vulnerabilidad de XSS en wserver.ml en SKS Keyserver anterior a 1.1.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de PATH_INFO hacia pks/lookup/undefined1. • http://secunia.com/advisories/57965 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •