VulnerableCode Package Details - pkg:deb/debian/gnupg2@2.2.12-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-9jj4-5uem-kkbs Aliases: CVE-2022-34903	Multiple vulnerabilities have been discovered in GnuPG, the worst of which could lead to signature spoofing.	2.2.12-1+deb10u2 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.2.27-2+deb11u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ng6k-ru7r-9kdp Aliases: CVE-2025-68973	GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write	2.2.40-1.1+deb12u2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-rqt5-xvxx-47h6 Aliases: CVE-2019-14855	gnupg2: OpenPGP Key Certification Forgeries with SHA-1	2.2.27-2+deb11u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-9jj4-5uem-kkbs
Aliases:
CVE-2022-34903

Multiple vulnerabilities have been discovered in GnuPG, the worst of which could lead to signature spoofing.

2.2.12-1+deb10u2
Affected by 3 other vulnerabilities.

2.2.27-2+deb11u2
Affected by 2 other vulnerabilities.

VCID-ng6k-ru7r-9kdp
Aliases:
CVE-2025-68973

GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write

2.2.40-1.1+deb12u2
Affected by 1 other vulnerability.

VCID-rqt5-xvxx-47h6
Aliases:
CVE-2019-14855

gnupg2: OpenPGP Key Certification Forgeries with SHA-1

2.2.27-2+deb11u2
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-9cm4-mu3q-2yey	security update	CVE-2018-12020
VCID-ba35-1hmw-m3hg	GnuPG: Unenforced configuration allows for apparently valid certifications actually signed by signing subkeys	CVE-2018-9234
VCID-qapz-hmnm-x7dd	gnupg2: Cross site request forgery in dirmngr resulting in an information disclosure or denial of service	CVE-2018-1000858

Vulnerability

Summary

Aliases

VCID-9cm4-mu3q-2yey

security update

CVE-2018-12020

VCID-ba35-1hmw-m3hg

GnuPG: Unenforced configuration allows for apparently valid certifications actually signed by signing subkeys

CVE-2018-9234

VCID-qapz-hmnm-x7dd

gnupg2: Cross site request forgery in dirmngr resulting in an information disclosure or denial of service

CVE-2018-1000858

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T01:09:14.944474+00:00	Debian Oval Importer	Fixing	VCID-ba35-1hmw-m3hg	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-16T01:06:11.722354+00:00	Debian Oval Importer	Fixing	VCID-9cm4-mu3q-2yey	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T23:33:51.868476+00:00	Debian Oval Importer	Affected by	VCID-rqt5-xvxx-47h6	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T19:25:45.116693+00:00	Debian Oval Importer	Fixing	VCID-qapz-hmnm-x7dd	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T17:37:52.263198+00:00	Debian Oval Importer	Affected by	VCID-9jj4-5uem-kkbs	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T17:12:37.973033+00:00	Debian Oval Importer	Affected by	VCID-ng6k-ru7r-9kdp	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T15:08:47.455342+00:00	Debian Oval Importer	Affected by	VCID-9jj4-5uem-kkbs	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.4.0
2026-04-12T00:41:09.476479+00:00	Debian Oval Importer	Fixing	VCID-ba35-1hmw-m3hg	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-12T00:38:11.075859+00:00	Debian Oval Importer	Fixing	VCID-9cm4-mu3q-2yey	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T23:08:54.869460+00:00	Debian Oval Importer	Affected by	VCID-rqt5-xvxx-47h6	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T19:08:49.485294+00:00	Debian Oval Importer	Fixing	VCID-qapz-hmnm-x7dd	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T17:24:05.077148+00:00	Debian Oval Importer	Affected by	VCID-9jj4-5uem-kkbs	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T16:59:15.002982+00:00	Debian Oval Importer	Affected by	VCID-ng6k-ru7r-9kdp	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T14:57:04.561321+00:00	Debian Oval Importer	Affected by	VCID-9jj4-5uem-kkbs	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.3.0
2026-04-09T00:10:58.401933+00:00	Debian Oval Importer	Fixing	VCID-ba35-1hmw-m3hg	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-09T00:08:09.061238+00:00	Debian Oval Importer	Fixing	VCID-9cm4-mu3q-2yey	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T22:42:36.593154+00:00	Debian Oval Importer	Affected by	VCID-rqt5-xvxx-47h6	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T18:52:59.207565+00:00	Debian Oval Importer	Fixing	VCID-qapz-hmnm-x7dd	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T17:12:18.143250+00:00	Debian Oval Importer	Affected by	VCID-9jj4-5uem-kkbs	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T16:48:46.327280+00:00	Debian Oval Importer	Affected by	VCID-ng6k-ru7r-9kdp	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-07T23:29:11.992667+00:00	Debian Oval Importer	Affected by	VCID-9jj4-5uem-kkbs	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.1.0