Search CVE reports


Toggle filters

11 – 20 of 38 results


CVE-2017-7526

Medium priority
Fixed

libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed...

4 affected packages

gnupg, gnupg1, libgcrypt11, libgcrypt20

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnupg Not in release Fixed
gnupg1 Not affected Not in release
libgcrypt11 Not in release Not in release
libgcrypt20 Not affected Fixed
Show less packages

CVE-2016-6313

High priority
Fixed

The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by...

4 affected packages

gnupg, gnupg2, libgcrypt11, libgcrypt20

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnupg Not in release Fixed
gnupg2 Not affected Not affected
libgcrypt11 Not in release Not in release
libgcrypt20 Fixed Fixed
Show less packages

CVE-2015-0837

Low priority
Fixed

The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related...

3 affected packages

gnupg, libgcrypt11, libgcrypt20

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnupg
libgcrypt11
libgcrypt20
Show less packages

CVE-2015-1607

Low priority

Some fixes available 7 of 8

kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a...

2 affected packages

gnupg, gnupg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnupg
gnupg2
Show less packages

CVE-2015-1606

Low priority

Some fixes available 7 of 8

The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.

2 affected packages

gnupg, gnupg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnupg
gnupg2
Show less packages

CVE-2014-3591

Low priority
Fixed

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted...

3 affected packages

gnupg, libgcrypt11, libgcrypt20

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnupg
libgcrypt11
libgcrypt20
Show less packages

CVE-2014-9087

Medium priority

Some fixes available 3 of 4

Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data,...

2 affected packages

gnupg2, libksba

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnupg2
libksba
Show less packages

CVE-2014-1929

Medium priority
Ignored

python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists because of an incomplete fix for...

1 affected package

python-gnupg

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-gnupg
Show less packages

CVE-2014-1928

Medium priority
Ignored

The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "\"...

1 affected package

python-gnupg

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-gnupg Not affected
Show less packages

CVE-2014-1927

Medium priority

Some fixes available 1 of 6

The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using...

1 affected package

python-gnupg

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-gnupg Not affected
Show less packages