CVSS: 7.5EPSS: 4%CPEs: 24EXPL: 0CVE-2006-0049
https://notcve.org/view.php?id=CVE-2006-0049
13 Mar 2006 — gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455. • ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U •
CVSS: 9.8EPSS: 1%CPEs: 23EXPL: 2CVE-2006-0455 – GnuPG 1.x - Detached Signature Verification Bypass
https://notcve.org/view.php?id=CVE-2006-0455
15 Feb 2006 — gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify". gpgv en GnuPG en versiones anteriores a 1.4.2.1, cuando se utiliza verificación de firma desatendida, devuelve un código de salida 0 en algunos casos, incluso... • https://www.exploit-db.com/exploits/27231 •
CVSS: 9.8EPSS: 2%CPEs: 6EXPL: 0CVE-2003-0978
https://notcve.org/view.php?id=CVE-2003-0978
10 Dec 2003 — Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key retrieval. Vulnerabilidad de cadena de formato en el cliente de GnuPG (gpg) 1.2.2 y anteriores permite a atacantes remotos o a un servidor de claves malicioso causar una denegación de servicio (caída) y posiblemente ejecutar código arbitr... • http://marc.info/?l=bugtraq&m=107047470625214&w=2 •
CVSS: 7.5EPSS: 1%CPEs: 12EXPL: 0CVE-2003-0971
https://notcve.org/view.php?id=CVE-2003-0971
02 Dec 2003 — GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature. GnuPG (GPG) 1.0.2 y otras versiones anteriores a 1.2.3 crea claves firma+cifra ElGamal usando el mismo componente para cifrado y para firma, lo que permite a atacantes determinar la clave privada a partir de una firma. • ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc •