Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openpgp vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2007-1269
GNUMail 1.1.2 and previous versions does not properly use the --status-fd argument when invoking GnuPG, which prevents GNUMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote malicious users to fo...
Gnu Gnumail
5
CVSSv2
CVE-2007-1268
Mutt 1.5.13 and previous versions does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote malicious users to forge t...
Mutt Mutt
5
CVSSv2
CVE-2007-1266
Evolution 2.8.1 and previous versions does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote malicious users t...
Gnome Evolution
1 EDB exploit
2.6
CVSSv2
CVE-2021-40528
The ElGamal implementation in Libgcrypt prior to 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's p...
Gnupg Libgcrypt
4.3
CVSSv2
CVE-2019-11841
A message-forgery issue exists in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash"...
Golang Crypto 2019-03-25
Debian Debian Linux 8.0
Debian Debian Linux 9.0
6.8
CVSSv2
CVE-2020-25125
GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3...
Gnupg Gnupg 2.2.21
Gnupg Gnupg 2.2.22
Gpg4win Gpg4win 3.1.12
NA
CVE-2021-4126
When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mailing list gateway, Thunderbird only considered the inner signed message for the signature validity. This gave the false impression ...
Mozilla Thunderbird
5
CVSSv2
CVE-2007-1263
GnuPG 1.4.6 and previous versions and GPGME prior to 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote malicious users to forge the contents of a message without...
Gnupg Gnupg
Gnu Gpgme
1 EDB exploit
4
CVSSv2
CVE-2021-23991
If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid su...
Mozilla Thunderbird
4.3
CVSSv2
CVE-2021-23993
An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user imports the crafted key, then Thunderbird may try to use...
Mozilla Thunderbird
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »