This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Gnupg First view 2013-10-09
Product Gnupg Last view 2020-03-20
Version 2.1.0 Type Application
Update beta1  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:gnupg:gnupg

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2020-03-20 CVE-2019-14855

A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.

5.5 2019-11-20 CVE-2015-1607

kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges."

5.5 2019-11-20 CVE-2015-1606

The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.

7.5 2019-06-29 CVE-2019-13050

Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.

8.8 2018-12-20 CVE-2018-1000858

GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060.

7.5 2018-06-08 CVE-2018-12020

mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.

7.5 2014-12-01 CVE-2014-9087

Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.

5.8 2013-10-09 CVE-2013-4351

GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey.

CWE : Common Weakness Enumeration

%idName
12% (1) CWE-706 Use of Incorrectly-Resolved Name or Reference
12% (1) CWE-416 Use After Free
12% (1) CWE-352 Cross-Site Request Forgery (CSRF)
12% (1) CWE-327 Use of a Broken or Risky Cryptographic Algorithm
12% (1) CWE-310 Cryptographic Issues
12% (1) CWE-295 Certificate Issues
12% (1) CWE-191 Integer Underflow (Wrap or Wraparound)
12% (1) CWE-20 Improper Input Validation

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-14 Name: The remote Fedora host is missing a security update.
File: fedora_2019-75a8da28f0.nasl - Type: ACT_GATHER_INFO
2019-01-10 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa10917_184R1.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-a4e13742b4.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-4ef71d3525.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-3dc16842e2.nasl - Type: ACT_GATHER_INFO
2018-10-26 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1333.nasl - Type: ACT_GATHER_INFO
2018-10-26 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1324.nasl - Type: ACT_GATHER_INFO
2018-08-10 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1045.nasl - Type: ACT_GATHER_INFO
2018-08-10 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1223.nasl - Type: ACT_GATHER_INFO
2018-07-20 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1221.nasl - Type: ACT_GATHER_INFO
2018-07-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-2181.nasl - Type: ACT_GATHER_INFO
2018-07-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-2180.nasl - Type: ACT_GATHER_INFO
2018-07-06 Name: The remote Fedora host is missing a security update.
File: fedora_2018-69780fc4d7.nasl - Type: ACT_GATHER_INFO
2018-06-29 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1045.nasl - Type: ACT_GATHER_INFO
2018-06-20 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-170-01.nasl - Type: ACT_GATHER_INFO
2018-06-19 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-84fdbd021f.nasl - Type: ACT_GATHER_INFO
2018-06-11 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_7da0417f6b2411e884cc002590acae31.nasl - Type: ACT_GATHER_INFO
2018-06-11 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4224.nasl - Type: ACT_GATHER_INFO
2018-06-11 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4223.nasl - Type: ACT_GATHER_INFO
2018-06-11 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4222.nasl - Type: ACT_GATHER_INFO
2018-06-11 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-159-01.nasl - Type: ACT_GATHER_INFO
2016-02-22 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL50413110.nasl - Type: ACT_GATHER_INFO
2015-12-29 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-2171-2.nasl - Type: ACT_GATHER_INFO
2015-12-16 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2015-886.nasl - Type: ACT_GATHER_INFO
2015-12-04 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-2171-1.nasl - Type: ACT_GATHER_INFO