Vulnerabilities > PGP > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-04-15 | CVE-2009-0681 | Improper Input Validation vulnerability in PGP Desktop 8.0/9.0/9.0.6 PGP Desktop before 9.10 allows local users to (1) cause a denial of service (crash) via a crafted IOCTL request to pgpdisk.sys, and (2) cause a denial of service (crash) and execute arbitrary code via a crafted IRP in an IOCTL request to pgpwded.sys. | 7.2 |
| 2007-01-30 | CVE-2007-0603 | Remote Code Execution vulnerability in PGP Corporate Desktop 9.5 PGP Desktop before 9.5.1 does not validate data objects received over the (1) \pipe\pgpserv named pipe for PGPServ.exe or the (2) \pipe\pgpsdkserv named pipe for PGPsdkServ.exe, which allows remote authenticated users to gain privileges by sending a data object representing an absolute pointer, which causes code execution at the corresponding address. | 7.1 |
| 2002-12-31 | CVE-2002-2069 | Incomplete Cleanup vulnerability in PGP Personal Privacy PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted. | 7.5 |
| 2002-10-04 | CVE-2002-0850 | Buffer Overflow vulnerability in PGP Corporate Desktop 7.1.1 Buffer overflow in PGP Corporate Desktop 7.1.1 allows remote attackers to execute arbitrary code via an encrypted document that has a long filename when it is decrypted. | 7.5 |
| 2002-07-23 | CVE-2002-0685 | Unspecified vulnerability in PGP Desktop Security, Freeware and Personal Security Heap-based buffer overflow in the message decoding functionality for PGP Outlook Encryption Plug-In, as used in NAI PGP Desktop Security 7.0.4, Personal Security 7.0.3, and Freeware 7.0.3, allows remote attackers to modify the heap and gain privileges via a large, malformed mail message. | 7.5 |
| 2001-09-04 | CVE-2001-1456 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in the (1) smap/smapd and (2) CSMAP daemons for Gauntlet Firewall 5.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted mail message. | 7.5 |
| 2001-09-04 | CVE-2001-1016 | Unspecified vulnerability in PGP products PGP Corporate Desktop before 7.1, Personal Security before 7.0.3, Freeware before 7.0.3, and E-Business Server before 7.1 does not properly display when invalid userID's are used to sign a message, which could allow an attacker to make the user believe that the document has been signed by a trusted third party by adding a second, invalid user ID to a key which has already been signed by the third party, aka the "PGPsdk Key Validity Vulnerability." | 7.5 |
| 2001-07-16 | CVE-2001-1320 | Buffer Overflow vulnerability in PGP Keyserver 7.0 Network Associates PGP Keyserver 7.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via exceptional BER encodings (possibly buffer overflows), as demonstrated by the PROTOS LDAPv3 test suite. | 7.5 |