CVE-2020-25125
- EPSS 1.28%
- Veröffentlicht 03.09.2020 18:15:15
- Zuletzt bearbeitet 21.11.2024 05:17:24
GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check...
CVE-2019-14855
- EPSS 1.05%
- Veröffentlicht 20.03.2020 16:15:14
- Zuletzt bearbeitet 21.11.2024 04:27:30
A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.
CVE-2015-0837
- EPSS 1.95%
- Veröffentlicht 29.11.2019 22:15:11
- Zuletzt bearbeitet 21.11.2024 02:23:49
The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cach...
CVE-2014-3591
- EPSS 0.58%
- Veröffentlicht 29.11.2019 22:15:11
- Zuletzt bearbeitet 21.11.2024 02:08:27
Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluct...
CVE-2011-2207
- EPSS 1.2%
- Veröffentlicht 27.11.2019 19:15:11
- Zuletzt bearbeitet 21.11.2024 01:27:49
dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate.
CVE-2015-1607
- EPSS 2.47%
- Veröffentlicht 20.11.2019 19:15:11
- Zuletzt bearbeitet 21.11.2024 02:25:46
kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, rela...
CVE-2015-1606
- EPSS 1.92%
- Veröffentlicht 20.11.2019 19:15:11
- Zuletzt bearbeitet 21.11.2024 02:25:45
The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.
CVE-2019-13050
- EPSS 2.66%
- Veröffentlicht 29.06.2019 17:15:08
- Zuletzt bearbeitet 21.11.2024 04:24:06
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this n...
CVE-2018-1000858
- EPSS 1.04%
- Veröffentlicht 20.12.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:40:30
GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e...
CVE-2018-12020
- EPSS 8.65%
- Veröffentlicht 08.06.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 03:44:25
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" optio...