Vulnerabilities > Gnupg > Gnupg > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-07-01 CVE-2022-34903 Injection vulnerability in multiple products
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
network
high complexity
gnupg fedoraproject debian netapp CWE-74
6.5
2019-11-29 CVE-2015-0837 Information Exposure Through Discrepancy vulnerability in multiple products
The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."
network
high complexity
gnupg debian CWE-203
5.9
2019-11-29 CVE-2014-3591 Information Exposure vulnerability in multiple products
Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.
high complexity
gnupg debian CWE-200
4.2
2019-11-27 CVE-2011-2207 Improper Certificate Validation vulnerability in multiple products
dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate.
network
low complexity
gnupg redhat debian CWE-295
5.3
2019-11-20 CVE-2015-1607 Improper Input Validation vulnerability in multiple products
kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges."
local
low complexity
gnupg canonical CWE-20
5.5
2019-11-20 CVE-2015-1606 Use After Free vulnerability in multiple products
The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.
local
low complexity
gnupg debian CWE-416
5.5
2016-12-13 CVE-2016-6313 Information Exposure vulnerability in multiple products
The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.
network
low complexity
gnupg debian canonical CWE-200
5.3