Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2019-6690
Description:python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component.
Test IDs: 1.3.6.1.4.1.25623.1.0.852275   1.3.6.1.4.1.25623.1.0.891675   1.3.6.1.4.1.25623.1.0.843992   1.3.6.1.4.1.25623.1.0.876511   1.3.6.1.4.1.25623.1.0.878093   1.3.6.1.4.1.25623.1.0.878095  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2019-6690
BugTraq ID: 106756
http://www.securityfocus.com/bid/106756
Bugtraq: 20190125 CVE-2019-6690: Improper Input Validation in python-gnupg (Google Search)
https://seclists.org/bugtraq/2019/Jan/41
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6KYZMN2PWXY4ENZVJUVTGFBVYEVY7II/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4VFRUG56542LTYK4444TPJBGR57MT25/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WMV6XNPPL3VB3RQRFFOBCJ3AGWC4K47/
http://packetstormsecurity.com/files/151341/Python-GnuPG-0.4.3-Improper-Input-Validation.html
https://blog.hackeriet.no/cve-2019-6690-python-gnupg-vulnerability/
https://pypi.org/project/python-gnupg/#history
https://lists.debian.org/debian-lts-announce/2019/02/msg00021.html
SuSE Security Announcement: SU-2019:0143-1 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00008.html
SuSE Security Announcement: SUSE-SU-2019:0239-1 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00058.html
https://usn.ubuntu.com/3964-1/




© 1998-2021 E-Soft Inc. All rights reserved.