Vulnerabilities (CVE)

Filtered by vendor Openpgpjs Subscribe

Filtered by product Openpgpjs

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2019-9153	1 Openpgpjs	1 Openpgpjs	2019-08-30	5.0 MEDIUM	7.5 HIGH
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to forge signed messages by replacing its signatures with a "standalone" or "timestamp" signature.
CVE-2019-9154	1 Openpgpjs	1 Openpgpjs	2019-08-30	5.0 MEDIUM	7.5 HIGH
Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to pass off unsigned data as signed.
CVE-2015-8013	1 Openpgpjs	1 Openpgpjs	2017-08-10	5.0 MEDIUM	7.5 HIGH
s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message.