Search CVE reports
11 – 20 of 38 results
CVE-2017-7526
Medium prioritylibgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed...
4 affected packages
gnupg, gnupg1, libgcrypt11, libgcrypt20
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gnupg | — | — | — | Not in release | Fixed |
gnupg1 | — | — | — | Not affected | Not in release |
libgcrypt11 | — | — | — | Not in release | Not in release |
libgcrypt20 | — | — | — | Not affected | Fixed |
CVE-2016-6313
High priorityThe mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by...
4 affected packages
gnupg, gnupg2, libgcrypt11, libgcrypt20
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gnupg | — | — | — | Not in release | Fixed |
gnupg2 | — | — | — | Not affected | Not affected |
libgcrypt11 | — | — | — | Not in release | Not in release |
libgcrypt20 | — | — | — | Fixed | Fixed |
CVE-2015-0837
Low priorityThe mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related...
3 affected packages
gnupg, libgcrypt11, libgcrypt20
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gnupg | — | — | — | — | — |
libgcrypt11 | — | — | — | — | — |
libgcrypt20 | — | — | — | — | — |
CVE-2015-1607
Low prioritySome fixes available 7 of 8
kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a...
2 affected packages
gnupg, gnupg2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gnupg | — | — | — | — | — |
gnupg2 | — | — | — | — | — |
CVE-2015-1606
Low prioritySome fixes available 7 of 8
The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.
2 affected packages
gnupg, gnupg2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gnupg | — | — | — | — | — |
gnupg2 | — | — | — | — | — |
CVE-2014-3591
Low priorityLibgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted...
3 affected packages
gnupg, libgcrypt11, libgcrypt20
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gnupg | — | — | — | — | — |
libgcrypt11 | — | — | — | — | — |
libgcrypt20 | — | — | — | — | — |
CVE-2014-9087
Medium prioritySome fixes available 3 of 4
Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data,...
2 affected packages
gnupg2, libksba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gnupg2 | — | — | — | — | — |
libksba | — | — | — | — | — |
CVE-2014-1929
Medium prioritypython-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists because of an incomplete fix for...
1 affected package
python-gnupg
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-gnupg | — | — | — | — | — |
CVE-2014-1928
Medium priorityThe shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "\"...
1 affected package
python-gnupg
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-gnupg | — | — | — | — | Not affected |
CVE-2014-1927
Medium prioritySome fixes available 1 of 6
The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using...
1 affected package
python-gnupg
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-gnupg | — | — | — | — | Not affected |