Every CVE whose affected-product data names Gnu Privacy Guard, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2003-0255 — CVSS 10.0 (critical): The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the…
CVE-2006-6235 — CVSS 10.0 (critical): A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute…
CVE-2000-0974 — CVSS 7.5 (high): GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify…
CVE-2001-0522 — CVSS 7.5 (high): Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format…
CVE-2003-0978 — CVSS 7.5 (high): Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and…
CVE-2003-0971 — CVSS 5.0 (medium): GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption…
CVE-2006-0049 — CVSS 5.0 (medium): gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data…
CVE-2001-0072 — CVSS 5.0 (medium): gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the…
CVE-2006-0455 — CVSS 4.6 (medium): gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached…
CVE-2001-0071 — CVSS 2.1 (low): gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a…