Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnupg gnupg vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2007-1266
Evolution 2.8.1 and previous versions does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote malicious users t...
Gnome Evolution
1 EDB exploit
7.5
CVSSv2
CVE-2001-0522
Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and previous versions can allow an malicious user to gain privileges via format strings in the original filename that is stored in an encrypted file.
Gnu Privacy Guard 7.1
Gnu Privacy Guard 7.2
Gnu Privacy Guard 8.0
1 EDB exploit
5
CVSSv2
CVE-2021-33560
Libgcrypt prior to 1.8.8 and 1.9.x prior to 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.
Gnupg Libgcrypt
Debian Debian Linux 9.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Oracle Communications Cloud Native Core Network Repository Function 1.14.0
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.9.0
Oracle Communications Cloud Native Core Network Slice Selection Function 1.8.0
Oracle Communications Cloud Native Core Network Repository Function 1.15.0
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0
Oracle Communications Cloud Native Core Service Communication Proxy 1.15.0
Oracle Communications Cloud Native Core Network Repository Function 1.15.1
Oracle Communications Cloud Native Core Binding Support Function 1.11.0
1 Github repository
5
CVSSv2
CVE-2007-1264
Enigmail 0.94.2 and previous versions does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote malicious users to...
Enigmail Enigmail
1 EDB exploit
7.5
CVSSv2
CVE-2018-12356
An issue exists in password-store.sh in pass in Simple Password Store 1.7.x prior to 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote malicious users to spoof file signatures on configuration files and...
Simple Password Store Project Simple Password Store
1 Article
2.6
CVSSv2
CVE-2001-0273
pgp4pine Pine/PGP interface version 1.75-6 does not properly check to see if a public key has expired when obtaining the keys via Gnu Privacy Guard (GnuPG), which causes the message to be sent in cleartext.
Holger Lamm Pgp4pine 1.75.6
7.5
CVSSv2
CVE-2003-0256
The GnuPG plugin in kopete prior to 0.6.2 does not properly cleanse the command line when executing gpg, which allows remote malicious users to execute arbitrary commands.
Kde Kopete 0.6.1
2.1
CVSSv2
CVE-2001-0071
gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows malicious users to modify the contents of a file without detection.
Gnu Privacy Guard 1.0.3b
Gnu Privacy Guard 1.0
Gnu Privacy Guard 1.0.1
Gnu Privacy Guard 1.0.2
Gnu Privacy Guard 1.0.3
7.5
CVSSv2
CVE-2000-0974
GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an malicious user to modify contents of all documents but the first without detection.
Gnu Privacy Guard 1.0.2
Gnu Privacy Guard 1.0.3
Gnu Privacy Guard 1.0
Gnu Privacy Guard 1.0.1
2.1
CVSSv2
CVE-2021-3349
GNOME Evolution up to and including 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, a...
Gnome Evolution
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »