Page 2 of 7 results (0.009 seconds)

CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0

gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000368 http://www.debian.org/security/2000/20001225b http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3 http://www.osvdb.org/1702 http://www.redhat.com/support/errata/RHSA-2000-131.html http://www.securityfocus.com/archive/1/152197 http://www.securityfocus.com/bid/2153 https://exchange.xforce.ibmcloud.com/vulnerabilities/5803 •

CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 1

GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection. • ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:67.gnupg.asc ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-038.0.txt http://archives.neohapsis.com/archives/bugtraq/2000-10/0201.html http://archives.neohapsis.com/archives/bugtraq/2000-10/0361.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000334 http://www.debian.org/security/2000/20001111 http://www.osvdb.org/1608 http://www.redhat.com/support/errata/RHSA-2000-089.html http:/ •