High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-06-08	CVE-2021-33560	Information Exposure Through Discrepancy vulnerability in multiple products Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. network low complexity gnupg debian fedoraproject oracle CWE-203	7.5
2021-01-29	CVE-2021-3345	Out-of-bounds Write vulnerability in multiple products _gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. local low complexity gnupg oracle CWE-787	7.8
2020-09-03	CVE-2020-25125	Classic Buffer Overflow vulnerability in multiple products GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. local low complexity gnupg gpg4win CWE-120	7.8
2020-03-20	CVE-2019-14855	Inadequate Encryption Strength vulnerability in multiple products A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. network low complexity gnupg fedoraproject canonical CWE-326	7.5
2019-06-29	CVE-2019-13050	Improper Certificate Validation vulnerability in multiple products Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. network low complexity gnupg sks-keyserver-project fedoraproject opensuse f5 CWE-295	7.5
2018-12-20	CVE-2018-1000858	Cross-Site Request Forgery (CSRF) vulnerability in multiple products GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. network low complexity gnupg canonical CWE-352	8.8
2018-06-08	CVE-2018-12020	Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. network low complexity redhat canonical debian gnupg CWE-706	7.5
2018-04-04	CVE-2018-9234	Key Management Errors vulnerability in multiple products GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. network low complexity gnupg canonical CWE-320	7.5
2018-02-07	CVE-2018-6829	Use of a Broken or Risky Cryptographic Algorithm vulnerability in Gnupg Libgcrypt cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). network low complexity gnupg CWE-327	7.5
2017-08-29	CVE-2017-0379	Information Exposure vulnerability in multiple products Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c. network low complexity gnupg debian CWE-200	7.5