Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
17061.9%CRITICAL

Related CVEs

7
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2026-24883In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).MEDIUM5.535.7%Jan 27, 2026
CVE-2026-24882In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.HIGH7.830.6%Jan 27, 2026
CVE-2026-24881In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.CRITICAL9.878.0%Jan 27, 2026
CVE-2022-3515A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.CRITICAL9.8Jan 12, 2023
CVE-2020-25125GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version.HIGH7.866.5%Sep 3, 2020
CVE-2009-3805gpg2.exe in Gpg4win 2.0.1, as used in KDE Kleopatra 2.0.11, allows remote attackers to cause a denial of service (application crash) via a long certificate signature.NONE68.6%Oct 27, 2009
CVE-2006-6235A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.NONE92.0%Dec 7, 2006