rpm package
suse/gpg2&distro=SUSE Linux Enterprise Module for Basesystem 15
pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-13050 | — | < 2.2.5-4.11.1 | 2.2.5-4.11.1 | Jun 29, 2019 | Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent | ||
| CVE-2018-1000858 | — | < 2.2.5-4.6.2 | 2.2.5-4.6.2 | Dec 20, 2018 | GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in | ||
| CVE-2018-12020 | — | < 2.2.5-4.3.1 | 2.2.5-4.3.1 | Jun 8, 2018 | mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP da |
- CVE-2019-13050Jun 29, 2019affected < 2.2.5-4.11.1fixed 2.2.5-4.11.1
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent
- CVE-2018-1000858Dec 20, 2018affected < 2.2.5-4.6.2fixed 2.2.5-4.6.2
GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in
- CVE-2018-12020Jun 8, 2018affected < 2.2.5-4.3.1fixed 2.2.5-4.3.1
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP da