HIGH8.8CVE-2018-1000858GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled C… from 0, < 2.2.12-1
from 0, < 2.0.14-2
from 0, < 2.0.9-3.1+lenny1
HIGH7.8In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and…
from 0
HIGH7.5A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm.
from 0, < 2.2.19-1
HIGH7.5gnupg - security update
from 0, < 2.2.8-1
HIGH7.5gnupg - security update
from 0, < 2.0.26-6+deb8u2
HIGH7.5GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in…
from 0, < 2.2.7-1
HIGH7.0gnupg2 - security update
from 0, < 2.2.27-2+deb11u3
HIGH7.0gnupg2 - security update
from 0, < 2.2.27-2+deb11u3
MEDIUM6.5gnupg2 - security update
from 0, < 2.2.12-1+deb10u2
MEDIUM6.5gnupg2 - security update
from 0, < 2.2.27-2+deb11u2
MEDIUM5.5kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which…
from 0, < 2.0.26-5
MEDIUM5.5The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (…
from 0, < 2.0.26-5
MEDIUM4.7In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that place…
from 0
MEDIUM4.7In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has in…
from 0
LOW3.7In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leadi…
from 0
LOW3.3GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compres…
from 0
—gnupg2 - security update
from 0, < 2.0.24-1
—gnupg2 - security update
from 0, < 2.0.14-2+squeeze2
—gnupg2 - security update
from 0, < 2.0.19-2+deb7u2
—The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (inf…
from 0, < 2.0.22-1
—gnupg2 - several
from 0, < 2.0.22-1
—gnupg2 - several
from 0, < 2.0.14-2+squeeze2
—gnupg - missing input sanitation
from 0, < 2.0.19-2
—gnupg - missing input sanitation
from 0, < 2.0.14-2+squeeze1
—GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted du…
from 0, < 2.0.9-1
—gnupg - several vulnerabilities
from 0, < 2.0.3-1
—A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute a…
from 0, < 2.0.0-5.2
—gnupg
from 0, < 2.0.0-5.1
—gnupg2 - integer overflow
from 0, < 1.9.15-6sarge2
—gnupg2 - integer overflow
from 0, < 1.9.20-2
—gnupg2 - integer overflow
from 0, < 1.9.20-1.1
—gnupg2 - integer overflow
from 0, < 1.9.15-6sarge1
—The send_pinentry_environment function in asshelp.c in gpg2 on SUSE Linux 9.3 does not properly handle certain options, which can prevent p…
from 0, < 1.9.15-1