CVSS: 7.5EPSS: 4%CPEs: 21EXPL: 1CVE-2020-8945 – proglottis/gpgme: Use-after-free in GPGME bindings during container image pull
https://notcve.org/view.php?id=CVE-2020-8945
12 Feb 2020 — The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification. El contenedor Proglottis Go versiones anteriores a 0.1.1 para la biblioteca GPGME, presenta un uso de la memoria previamente liberada, como es demostrado por el uso para las extracciones de imágenes de contenedores para Docker o CRI-O. Esto conlleva a un bloqueo o posible ej... • https://access.redhat.com/errata/RHSA-2020:0679 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 2%CPEs: 4EXPL: 0CVE-2014-3564 – Mandriva Linux Security Advisory 2014-160
https://notcve.org/view.php?id=CVE-2014-3564
07 Aug 2014 — Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different line lengths in a specific order." Múltiples desbordamientos de buffer basado en memoria dinámica en la función status_handler en (1) engine-gpgsm.c y (2) engine-uiserver.c en GPGME anterior a 1.5.1 permiten a atacantes remotos causar una deneg... • http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git%3Ba=commit%3Bh=2cbd76f7911fc215845e89b50d6af5ff4a83dd77 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 16%CPEs: 2EXPL: 1CVE-2007-1263 – GnuPG 1.x - Signed Message Arbitrary Content Injection
https://notcve.org/view.php?id=CVE-2007-1263
06 Mar 2007 — GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection. GnuPG 1.4.6 y anteriores y GPGME anterior a 1.1.4, al ser ejecutado desde la línea de comandos, no distingue visualmente trozos firmados de no firmados en mensajes OpenPGP con múltiples componentes, lo cual podría permitir a atacantes rem... • https://www.exploit-db.com/exploits/29689 •