Search for packages
| purl | pkg:deb/debian/gnupg2@2.1.18-6 |
| Next non-vulnerable version | 2.2.40-1.1+deb12u1 |
| Latest non-vulnerable version | 2.4.7-17 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4u1u-zxbs-aaag
Aliases: CVE-2018-12020 |
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes. |
Affected by 5 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-bv5h-ayrs-aaan
Aliases: CVE-2018-1000858 |
GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060. |
Affected by 2 other vulnerabilities. |
|
VCID-ey5p-3qp3-aaam
Aliases: CVE-2022-34903 |
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. |
Affected by 2 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-gkq6-68mx-aaak
Aliases: CVE-2018-9234 |
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. |
Affected by 2 other vulnerabilities. |
|
VCID-m3q4-wftu-aaaa
Aliases: CVE-2019-14855 |
A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18. |
Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T16:35:57.388889+00:00 | Debian Oval Importer | Affected by | VCID-ey5p-3qp3-aaam | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T15:44:03.779352+00:00 | Debian Oval Importer | Affected by | VCID-bv5h-ayrs-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T14:11:52.635827+00:00 | Debian Oval Importer | Affected by | VCID-4u1u-zxbs-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:57:15.332081+00:00 | Debian Oval Importer | Affected by | VCID-gkq6-68mx-aaak | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T11:05:42.660779+00:00 | Debian Oval Importer | Affected by | VCID-4u1u-zxbs-aaag | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.3 |
| 2025-06-21T06:04:25.653876+00:00 | Debian Oval Importer | Affected by | VCID-m3q4-wftu-aaaa | None | 36.1.3 |
| 2025-06-21T00:16:54.393597+00:00 | Debian Oval Importer | Affected by | VCID-bv5h-ayrs-aaan | None | 36.1.3 |
| 2025-06-20T23:57:43.882242+00:00 | Debian Oval Importer | Affected by | VCID-gkq6-68mx-aaak | None | 36.1.3 |
| 2025-06-20T20:23:27.741506+00:00 | Debian Oval Importer | Affected by | VCID-ey5p-3qp3-aaam | None | 36.1.3 |
| 2025-06-20T19:54:14.613692+00:00 | Debian Oval Importer | Affected by | VCID-4u1u-zxbs-aaag | None | 36.1.3 |
| 2025-06-08T13:13:31.450107+00:00 | Debian Oval Importer | Affected by | VCID-bv5h-ayrs-aaan | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T12:06:53.180128+00:00 | Debian Oval Importer | Affected by | VCID-ey5p-3qp3-aaam | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T09:21:37.016888+00:00 | Debian Oval Importer | Affected by | VCID-ey5p-3qp3-aaam | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T08:37:54.595922+00:00 | Debian Oval Importer | Affected by | VCID-bv5h-ayrs-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T07:05:14.852551+00:00 | Debian Oval Importer | Affected by | VCID-4u1u-zxbs-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:51:24.831577+00:00 | Debian Oval Importer | Affected by | VCID-gkq6-68mx-aaak | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T04:35:14.726069+00:00 | Debian Oval Importer | Affected by | VCID-4u1u-zxbs-aaag | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.1.0 |
| 2025-06-07T23:43:10.707034+00:00 | Debian Oval Importer | Affected by | VCID-m3q4-wftu-aaaa | None | 36.1.0 |
| 2025-06-07T17:39:48.030535+00:00 | Debian Oval Importer | Affected by | VCID-bv5h-ayrs-aaan | None | 36.1.0 |
| 2025-06-07T17:20:37.897560+00:00 | Debian Oval Importer | Affected by | VCID-gkq6-68mx-aaak | None | 36.1.0 |
| 2025-06-07T13:58:51.953712+00:00 | Debian Oval Importer | Affected by | VCID-ey5p-3qp3-aaam | None | 36.1.0 |
| 2025-06-07T13:45:03.251257+00:00 | Debian Oval Importer | Affected by | VCID-4u1u-zxbs-aaag | None | 36.1.0 |
| 2025-04-12T22:39:32.232652+00:00 | Debian Oval Importer | Affected by | VCID-gkq6-68mx-aaak | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T22:37:31.751449+00:00 | Debian Oval Importer | Affected by | VCID-4u1u-zxbs-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T21:39:24.963271+00:00 | Debian Oval Importer | Affected by | VCID-m3q4-wftu-aaaa | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T19:01:22.042541+00:00 | Debian Oval Importer | Affected by | VCID-bv5h-ayrs-aaan | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T17:52:24.380428+00:00 | Debian Oval Importer | Affected by | VCID-ey5p-3qp3-aaam | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-08T07:53:51.646978+00:00 | Debian Oval Importer | Affected by | VCID-ey5p-3qp3-aaam | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T07:09:20.864236+00:00 | Debian Oval Importer | Affected by | VCID-bv5h-ayrs-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:37:52.247094+00:00 | Debian Oval Importer | Affected by | VCID-4u1u-zxbs-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:23:53.362991+00:00 | Debian Oval Importer | Affected by | VCID-gkq6-68mx-aaak | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T03:05:51.252098+00:00 | Debian Oval Importer | Affected by | VCID-4u1u-zxbs-aaag | https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 | 36.0.0 |
| 2025-04-07T22:15:15.944959+00:00 | Debian Oval Importer | Affected by | VCID-m3q4-wftu-aaaa | None | 36.0.0 |
| 2025-04-07T16:14:43.139042+00:00 | Debian Oval Importer | Affected by | VCID-bv5h-ayrs-aaan | None | 36.0.0 |
| 2025-04-07T15:54:39.487390+00:00 | Debian Oval Importer | Affected by | VCID-gkq6-68mx-aaak | None | 36.0.0 |
| 2025-04-07T12:33:21.783764+00:00 | Debian Oval Importer | Affected by | VCID-ey5p-3qp3-aaam | None | 36.0.0 |
| 2025-04-07T12:20:18.277634+00:00 | Debian Oval Importer | Affected by | VCID-4u1u-zxbs-aaag | None | 36.0.0 |