Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pgp pgp vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2019-10734
In KDE Trojita 0.7, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the...
Trojita Project Trojita 0.7
4.3
CVSSv3
CVE-2019-10740
In Roundcube Webmail prior to 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can...
Roundcube Webmail
Fedoraproject Fedora 29
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
7.5
CVSSv3
CVE-2015-3406
The PGP signature parsing in Module::Signature prior to 0.74 allows remote malicious users to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors.
Module-signature Project Module-signature
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 14.10
Canonical Ubuntu Linux 15.04
6.5
CVSSv3
CVE-2019-14664
In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the malici...
Enigmail Enigmail
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
9.8
CVSSv3
CVE-2021-32685
tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser (hashing, random, encryption, decryption, signatures, conversions), used by TogaTech.org. In versions before 7.0.3, the `verifyWithMessage` method of `tEnvoyNaClSigningKey` always returns `true` for any signatur...
Togatech Tenvoy
6.1
CVSSv3
CVE-2016-6853
An issue exists in Open-Xchange OX Guard prior to 2.4.2-rev5. Script code and references to external websites can be injected to the names of PGP public keys. When requesting that key later on using a specific URL, such script code might get executed. In case of injecting externa...
Open-xchange Ox Guard
1 EDB exploit
6.1
CVSSv3
CVE-2017-15736
Cross-site scripting (XSS) vulnerability (stored) in SPIP prior to 3.1.7 allows remote malicious users to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/texte_mini.php.
Spip Spip
9.8
CVSSv3
CVE-2018-14361
An issue exists in NeoMutt prior to 2018-07-16. nntp.c proceeds even if memory allocation fails for messages data.
Debian Debian Linux 9.0
Debian Debian Linux 8.0
Neomutt Neomutt
NA
CVE-2001-0499
Buffer overflow in Transparent Network Substrate (TNS) Listener in Oracle 8i 8.1.7 and previous versions allows remote malicious users to gain privileges via a long argument to the commands (1) STATUS, (2) PING, (3) SERVICES, (4) TRC_FILE, (5) SAVE_CONFIG, or (6) RELOAD.
Oracle Oracle8i
2 EDB exploits
NA
CVE-2003-0167
Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and previous versions, and Balsa 1.2.4 and previous versions, allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail fol...
Mutt Mutt 1.3.12.1
Mutt Mutt 1.3.17
Mutt Mutt 1.3.28
Mutt Mutt 1.3.22
Mutt Mutt 1.3.24
Mutt Mutt 1.3.25
Mutt Mutt 1.3.27
Mutt Mutt 1.3.12
Mutt Mutt 1.3.16
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »