rpm package
suse/gpg2&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP5
pkg:rpm/suse/gpg2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-34903 | — | < 2.0.24-9.11.1 | 2.0.24-9.11.1 | Jul 1, 2022 | GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. | ||
| CVE-2018-9234 | — | < 2.0.24-9.14.1 | 2.0.24-9.14.1 | Apr 4, 2018 | GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. |
- CVE-2022-34903Jul 1, 2022affected < 2.0.24-9.11.1fixed 2.0.24-9.11.1
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
- CVE-2018-9234Apr 4, 2018affected < 2.0.24-9.14.1fixed 2.0.24-9.14.1
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.