410 matches found
security flaw
gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different...
security flaw
gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also...
GnuPG creates ElGamal keys for signing using insufficient entropy
Overview Gnu Privacy Guard GnuPG is a cryptographic utility used to generate cryptographic keys and perform other cryptographic functions. A vulnerability in the way GnuPG generates ElGamal keys has been discovered. This vulnerability renders ElGamal signing key untrustworthy. Description A...
CVE-2001-0522
Format string vulnerability in Gnu Privacy Guard aka GnuPG or gpg 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file...
CVE-2001-0522
Format string vulnerability in Gnu Privacy Guard aka GnuPG or gpg 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file...
pgp4pine fails to properly check for expired public keys
Overview The program pgp4pine version 1.75.6 fails to properly identify expired keys when working with the Gnu Privacy Guard program GnuPG. This failure may result in the clear-text transmission of senstive information when used with the PINE mail reading package. Description The program pgp4pine...
CVE-2001-0273
pgp4pine Pine/PGP interface version 1.75-6 does not properly check to see if a public key has expired when obtaining the keys via Gnu Privacy Guard GnuPG, which causes the message to be sent in cleartext...
CVE-2001-0273
pgp4pine Pine/PGP interface version 1.75-6 does not properly check to see if a public key has expired when obtaining the keys via Gnu Privacy Guard GnuPG, which causes the message to be sent in cleartext...
CVE-2001-0273
CVE-2001-0273 affects pgp4pine 1.75-6. The module fails to verify whether public keys loaded from GnuPG are expired, which can lead to encrypt attempts returning errors while the cleartext message is transmitted. According to CERT/CC and NVD entries, the vulnerability can cause sensitive informat...
[CryptNET Advisory] pgp4pine-1.75-6 - expired public keys
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------------ CryptNET Security Advisory http://www.cryptnet.net/ Advisory Type: Privacy - Programmatic Error Synopsis: pgp4pine may fail to identify expired public keys Issue Date:...