CVE-2018-12020

HIGH Year: 2018
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-706
View all →

Vulnerability Description

mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.

Related Vulnerabilities

CVE-2019-1351

HIGH
CVSS:7.5(High)

A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'.

CWE-7062019

CVE-2020-35894

HIGH
CVSS:7.5(High)

An issue was discovered in the obstack crate before 0.1.4 for Rust. Unaligned references can occur.

CWE-7062020

CVE-2021-27306

HIGH
CVSS:7.5(High)

An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT.

CWE-7062021

CVE-2021-40856

HIGH
CVSS:7.5(High)

Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the /about/../ substring.

CWE-7062021

CVE-2023-42451

HIGH
CVSS:7.5(High)

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0-rc2, under certain circumstances, attackers can exploit a flaw in domain ...

CWE-7062023

CVE-2024-27292

HIGH
CVSS:7.5(High)

Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It af...

CWE-7062024