Vulnerabilities > Gnupg > Gnupg > 2.2.11
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-07-01 | CVE-2022-34903 | Injection vulnerability in multiple products GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. | 6.5 |
2020-03-20 | CVE-2019-14855 | Inadequate Encryption Strength vulnerability in multiple products A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. | 7.5 |
2019-06-29 | CVE-2019-13050 | Improper Certificate Validation vulnerability in multiple products Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. | 7.5 |
2018-12-20 | CVE-2018-1000858 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. | 8.8 |