2.2.14

DATE	CVE	VULNERABILITY TITLE	RISK
2022-07-01	CVE-2022-34903	Injection vulnerability in multiple products GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. network high complexity gnupg fedoraproject debian netapp CWE-74	6.5
2020-03-20	CVE-2019-14855	Inadequate Encryption Strength vulnerability in multiple products A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. network low complexity gnupg fedoraproject canonical CWE-326	7.5
2019-06-29	CVE-2019-13050	Improper Certificate Validation vulnerability in multiple products Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. network low complexity gnupg sks-keyserver-project fedoraproject opensuse f5 CWE-295	7.5