Lucene search

K

Pgp Security Vulnerabilities

cve
cve

CVE-2002-1977

Network Associates PGP 7.0.4 and 7.1 does not time out according to the value set in the "Passphrase Cache" option, which could allow attackers to open encrypted files without providing a...

6.9AI Score

0.0004EPSS

2022-10-03 04:23 PM
17
cve
cve

CVE-2012-4351

Integer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 allows local users to gain privileges via a crafted...

6.8AI Score

0.0004EPSS

2022-10-03 04:15 PM
32
cve
cve

CVE-2012-6533

Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted...

6.9AI Score

0.001EPSS

2022-10-03 04:15 PM
28
cve
cve

CVE-2013-1610

Unquoted Windows search path vulnerability in RDDService in Symantec PGP Desktop 10.0.x through 10.2.x and Symantec Encryption Desktop 10.3.0 before MP3 allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level...

8.7AI Score

0.0004EPSS

2022-10-03 04:14 PM
29
cve
cve

CVE-2020-26814

SAP Process Integration (PGP Module - Business-to-Business Add On), version - 1.0, allows an attacker to read PGP Keys under certain conditions in the PGP Module of Business-to-Business Add-On, these keys can then be used to read messages processed by the module leading to Information...

4.9CVSS

5AI Score

0.001EPSS

2020-11-10 05:15 PM
16
cve
cve

CVE-2019-8338

The signature verification routine in the Airmail GPG-PGP Plugin, versions 1.0 (9) and earlier, does not verify the status of the signature at all, which allows remote attackers to spoof arbitrary email signatures by crafting a signed email with an invalid signature. Also, it does not verify the...

5.9CVSS

6.6AI Score

0.016EPSS

2019-05-16 05:29 PM
30
cve
cve

CVE-2014-7288

Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore...

7.4AI Score

0.111EPSS

2015-02-01 02:59 AM
26
cve
cve

CVE-2014-7287

The key-management component in Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allows remote attackers to trigger unintended content in outbound e-mail messages via a crafted key UID value in an inbound e-mail message, as demonstrated by the outbound Subject...

6.7AI Score

0.006EPSS

2015-02-01 02:59 AM
22
cve
cve

CVE-2014-3436

Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP Desktop 10.0.x through 10.2.x, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted encrypted e-mail message that decompresses to a larger...

6.6AI Score

0.002EPSS

2014-08-22 01:55 AM
31
cve
cve

CVE-2014-3431

Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified...

6.5AI Score

0.0004EPSS

2014-06-21 03:55 PM
24
cve
cve

CVE-2014-1646

Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform memory copies, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed...

6.8AI Score

0.003EPSS

2014-04-23 07:55 PM
21
cve
cve

CVE-2014-1647

Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed...

6.8AI Score

0.003EPSS

2014-04-23 07:55 PM
22
cve
cve

CVE-2013-4674

Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail...

5.3AI Score

0.006EPSS

2013-07-31 01:20 PM
16
cve
cve

CVE-2012-3582

Symantec PGP Universal Server 3.2.x before 3.2.1 MP2 does not properly manage sessions that include key search requests, which might allow remote attackers to read a private key in opportunistic circumstances by making a request near the end of a user's...

6.7AI Score

0.002EPSS

2012-09-04 11:04 AM
15
cve
cve

CVE-2002-2224

Buffer overflow in PGPFreeware 7.03 running on Windows NT 4.0 SP6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly including (1) a large Security Parameter Index (SPI) field, (2) large number....

8.1AI Score

0.032EPSS

2007-02-27 02:00 AM
20
cve
cve

CVE-2002-0900

Buffer overflow in pks PGP public key web server before 0.9.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long search argument to the lookup...

8.4AI Score

0.028EPSS

2003-04-02 05:00 AM
19
cve
cve

CVE-2001-1016

PGP Corporate Desktop before 7.1, Personal Security before 7.0.3, Freeware before 7.0.3, and E-Business Server before 7.1 does not properly display when invalid userID's are used to sign a message, which could allow an attacker to make the user believe that the document has been signed by a...

6.9AI Score

0.004EPSS

2002-03-09 05:00 AM
25
cve
cve

CVE-2001-0265

ASCII Armor parser in Windows PGP 7.0.3 and earlier allows attackers to create files in arbitrary locations via a malformed ASCII armored...

6.6AI Score

0.001EPSS

2002-03-09 05:00 AM
26
cve
cve

CVE-2001-0435

The split key mechanism used by PGP 7.0 allows a key share holder to obtain access to the entire key by setting the "Cache passphrase while logged on" option and capturing the passphrases of other share holders as they...

6.8AI Score

0.0004EPSS

2001-07-02 04:00 AM
27
cve
cve

CVE-2000-0678

PGP 5.5.x through 6.5.3 does not properly check if an Additional Decryption Key (ADK) is stored in the signed portion of a public certificate, which allows an attacker who can modify a victim's public certificate to decrypt any data that has been encrypted with the modified...

6.2AI Score

0.002EPSS

2000-10-20 04:00 AM
28
cve
cve

CVE-2000-0445

The pgpk command in PGP 5.x on Unix systems uses an insufficiently random data source for non-interactive key pair generation, which may produce predictable...

6.7AI Score

0.001EPSS

2000-10-13 04:00 AM
24