CVSS: 10.0EPSS: 8%CPEs: 32EXPL: 0CVE-2006-6235
https://notcve.org/view.php?id=CVE-2006-6235
07 Dec 2006 — A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory. Una vulnerabilidad de "escritura en pila" en GnuPG (gpg) 1.x anterior a la 1.4.6, 2.x anterior a la 2.0.2 y 1.9.0 hasta la 1.9.95 permite a atacantes ejecutar código de su elección mediante paquetes OpenPGP artesanales que provocan que GnuPG haga re... • ftp://patches.sgi.com/support/free/security/advisories/20061201-01-P.asc •
CVSS: 7.5EPSS: 4%CPEs: 24EXPL: 0CVE-2006-0049
https://notcve.org/view.php?id=CVE-2006-0049
13 Mar 2006 — gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455. • ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U •