Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pgp openpgp vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2001-0381
The OpenPGP PGP standard allows an malicious user to determine the private signature key via a cryptanalytic attack in which the attacker alters the encrypted private key file and captures a single message signed with the signature key.
Pgp Openpgp
5.9
CVSSv3
CVE-2019-8338
The signature verification routine in the Airmail GPG-PGP Plugin, versions 1.0 (9) and previous versions, does not verify the status of the signature at all, which allows remote malicious users to spoof arbitrary email signatures by crafting a signed email with an invalid signatu...
Gpg-pgp Project Gpg-pgp
NA
CVE-2010-3618
PGP Desktop 10.0.x prior to 10.0.3 SP2 and 10.1.0 prior to 10.1.0 SP1 does not properly implement the "Decrypt/Verify File via Right-Click" functionality for multi-packet OpenPGP messages that represent multi-message input, which allows remote malicious users to spoof s...
Pgp Desktop For Windows 10.0.1
Pgp Desktop For Windows 10.0.2
Pgp Desktop For Windows 10.1.0
Pgp Desktop For Windows 10.0.3
Pgp Desktop For Windows 10.0.0
Pgp Desktop For Windows
Pgp Desktop For Mac 10.1.0
Pgp Desktop For Mac 10.0.2
Pgp Desktop For Mac 10.0.1
Pgp Desktop For Mac
Pgp Desktop For Mac 10.0.0
Pgp Desktop For Mac 10.0.3
5.9
CVSSv3
CVE-2017-17689
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
Microsoft Outlook 2016
Microsoft Outlook 2007
Microsoft Outlook 2013
Microsoft Outlook 2010
Horde Horde Imp -
Google Gmail -
9folders Nine -
Flipdogsolutions Maildroid -
R2mail2 R2mail2 -
Apple Mail -
Bloop Airmail -
Freron Mailmate -
Kde Kmail -
Kde Trojita -
Gnome Evolution -
Mozilla Thunderbird -
Ibm Notes -
Emclient Emclient -
Postbox-inc Postbox -
Ritlabs The Bat -
1 Github repository
1 Article
6.5
CVSSv3
CVE-2018-15586
Enigmail prior to 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email.
Enigmail Enigmail
5.9
CVSSv3
CVE-2017-17688
The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature o...
Microsoft Outlook 2007
Horde Horde Imp -
Flipdogsolutions Maildroid -
R2mail2 R2mail2 -
Apple Mail -
Bloop Airmail -
Freron Mailmate -
Mozilla Thunderbird -
Emclient Emclient -
Postbox-inc Postbox -
Roundcube Webmail -
1 Github repository
1 Article
6.5
CVSSv3
CVE-2018-15587
GNOME Evolution up to and including 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment.
Gnome Evolution
Debian Debian Linux 8.0
NA
CVE-2007-1263
GnuPG 1.4.6 and previous versions and GPGME prior to 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote malicious users to forge the contents of a message without...
Gnu Gpgme
Gnupg Gnupg
1 EDB exploit
NA
CVE-2001-0273
pgp4pine Pine/PGP interface version 1.75-6 does not properly check to see if a public key has expired when obtaining the keys via Gnu Privacy Guard (GnuPG), which causes the message to be sent in cleartext.
Holger Lamm Pgp4pine 1.75.6
NA
CVE-2001-0522
Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and previous versions can allow an malicious user to gain privileges via format strings in the original filename that is stored in an encrypted file.
Gnu Privacy Guard 7.2
Gnu Privacy Guard 8.0
Gnu Privacy Guard 7.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »