Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openpgpjs openpgpjs vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2015-8013
s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote malicious users to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message.
Openpgpjs Openpgpjs
7.5
CVSSv3
CVE-2019-9153
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an malicious user to forge signed messages by replacing its signatures with a "standalone" or "timestamp" signature.
Openpgpjs Openpgpjs
1 Github repository
7.5
CVSSv3
CVE-2019-9154
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an malicious user to pass off unsigned data as signed.
Openpgpjs Openpgpjs
4.3
CVSSv3
CVE-2023-41037
OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In affected versions OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools. These messages typically contain a "Hash: ..." header...
Openpgpjs Openpgpjs
5.9
CVSSv3
CVE-2019-9155
A cryptographic issue in OpenPGP.js <=4.2.0 allows an attacker who is able provide forged messages and gain feedback about whether decryption of these messages succeeded to conduct an invalid curve attack in order to gain the victim's ECDH private key.
Openpgpjs Openpgpjs
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started