Search for packages
| purl | pkg:deb/debian/gnupg2@2.0.14-2%2Bsqueeze3 |
| Next non-vulnerable version | 2.2.40-1.1+deb12u1 |
| Latest non-vulnerable version | 2.2.40-1.1+deb12u1 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3svh-batx-vkf1
Aliases: CVE-2018-1000858 |
GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060. |
Affected by 2 other vulnerabilities. |
|
VCID-6pvu-b38a-jkbs
Aliases: CVE-2012-6085 |
Affected by 10 other vulnerabilities. |
|
|
VCID-7czy-2y37-d7bg
Aliases: CVE-2013-4402 |
Affected by 10 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
|
VCID-7qw9-vefx-p7g2
Aliases: CVE-2014-4617 |
Affected by 10 other vulnerabilities. Affected by 7 other vulnerabilities. |
|
|
VCID-bq64-4zw8-uqen
Aliases: CVE-2015-1607 |
kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges." |
Affected by 5 other vulnerabilities. |
|
VCID-hxba-y3gf-sqf7
Aliases: CVE-2018-9234 |
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. |
Affected by 2 other vulnerabilities. |
|
VCID-m9c4-h91g-sfgu
Aliases: CVE-2019-14855 |
A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18. |
Affected by 1 other vulnerability. |
|
VCID-p6xn-vjxt-3qcu
Aliases: CVE-2018-12020 |
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes. |
Affected by 5 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-r49h-z2st-4kew
Aliases: CVE-2022-34903 |
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. |
Affected by 2 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-vt39-dedw-nkec
Aliases: CVE-2015-1606 |
The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file. |
Affected by 5 other vulnerabilities. |
|
VCID-w1j5-xx92-q7e5
Aliases: CVE-2013-4351 |
Affected by 10 other vulnerabilities. Affected by 7 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||