14 matches found
EUVD-2017-16438
Malware in sbrugna...
EUVD-2000-0674
Malware in sbrugna...
EUVD-2001-0265
Malware in sbrugna...
EUVD-2001-0997
Malware in sbrugna...
PT-2023-33040 · Gnupg +1 · Gnupg +1
Name of the Vulnerable Software and Affected Versions: in-toto affected versions not specified Description: The issue concerns how in-toto uses PGP keys, specifically with regards to the validation of key creation time, consideration of key revocation, and checking of key usage flags. An attacker...
CVE-2019-10732
In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the...
Details on a New PGP Vulnerability
A new PGP vulnerability was announced today. Basically, the vulnerability makes use of the fact that modern e-mail programs allow for embedded HTML objects. Essentially, if an attacker can intercept and modify a message in transit, he can insert code that sends the plaintext in a URL to a remote...
CVE-2001-1016
PGP Corporate Desktop before 7.1, Personal Security before 7.0.3, Freeware before 7.0.3, and E-Business Server before 7.1 does not properly display when invalid userID's are used to sign a message, which could allow an attacker to make the user believe that the document has been signed by a trust...
PGP 5.x6.x7.0 - ASCII Armor Parser Arbitrary File Creation
PGP 5.x6.x7.0 - ASCII Armor Parser Arbitrary File Creation source: https://www.securityfocus.com/bid/2556/info ASCII Armor is a text based encoding format used by PGP Pretty Good Privacy. While it is possible to encode any file using ASCII Armor, it is used by PGP to encode signature files and...
Advisory: PGP 7.0 signature verification vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Product: Pretty Good Privacy Severity: Medium to high Impact: Users with write access to signed exported key blocks may replace them with arbitrary keys without any warning being issued upon import of those keys Local: Yes Remote: No though...
CVE-2000-0678
PGP 5.5.x through 6.5.3 does not properly check if an Additional Decryption Key ADK is stored in the signed portion of a public certificate, which allows an attacker who can modify a victim's public certificate to decrypt any data that has been encrypted with the modified certificate...
CVE-2000-0445
The pgpk command in PGP 5.x on Unix systems uses an insufficiently random data source for non-interactive key pair generation, which may produce predictable keys...
CVE-2000-0678
PGP 5.5.x through 6.5.3 does not properly check if an Additional Decryption Key ADK is stored in the signed portion of a public certificate, which allows an attacker who can modify a victim's public certificate to decrypt any data that has been encrypted with the modified certificate...
ADK flaw in recent versions of PGP
Overview Additional Decryption Keys ADKs is a feature introduced into PGP Pretty Good Privacy versions 5.5.x through 6.5.3 that allows authorized extra decryption keys to be added to a user's public key certificate. However, an implementation flaw in PGP allows unsigned ADKs which have been...