GCVE - cpe:2.3:a:pgp:freeware:7.0.3:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:pgp:freeware:7.0.3:*:*:*:*:*:*:*

part: a version: 7.0.3 update: *

Vendor	Pgp (`c61d4616-3f35-5bb7-97da-6940a76b3c63`)
Product	Freeware (`4ebbcd86-c299-5d72-92a7-56511442b91f`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2002-0788`	vulnerable	2026-06-03 14:26:15.102878	Details available An interaction between PGP 7.0.3 with the "wipe deleted files" option, when used on Windows Encrypted File System (EFS), creates a cleartext temporary files that cannot be wiped or deleted due to strong permissions, which could allow certain local users or attackers with physical access to obtain cleartext information. Published: 2003-04-02T05:00:00.000Z Updated: 2024-08-08T03:03:49.261Z Open on db.gcve.eu Reference links http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1/hotfix/ReadMe.txt http://www.securityfocus.com/bid/4702 http://www.osvdb.org/4363 http://archives.neohapsis.com/archives/bugtraq/2002-05/0052.html http://www.iss.net/security_center/static/9044.php	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2002-0685`	vulnerable	2026-06-03 14:26:14.864777	Details available Heap-based buffer overflow in the message decoding functionality for PGP Outlook Encryption Plug-In, as used in NAI PGP Desktop Security 7.0.4, Personal Security 7.0.3, and Freeware 7.0.3, allows remote attackers to modify the heap and gain privileges via a large, malformed mail message. Published: 2003-04-02T05:00:00.000Z Updated: 2024-08-08T02:56:38.704Z Open on db.gcve.eu Reference links http://www.osvdb.org/4364 http://www.iss.net/security_center/static/9525.php http://www.kb.cert.org/vuls/id/821139 http://www.securityfocus.com/bid/5202 http://marc.info/?l=ntbugtraq&m=102639521518942&w=2	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2001-1016`	vulnerable	2026-06-03 14:26:02.772974	Details available PGP Corporate Desktop before 7.1, Personal Security before 7.0.3, Freeware before 7.0.3, and E-Business Server before 7.1 does not properly display when invalid userID's are used to sign a message, which could allow an attacker to make the user believe that the document has been signed by a trusted third party by adding a second, invalid user ID to a key which has already been signed by the third party, aka the "PGPsdk Key Validity Vulnerability." Published: 2002-03-09T05:00:00.000Z Updated: 2024-08-08T04:44:06.414Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/211806 http://www.pgp.com/support/product-advisories/pgpsdk.asp http://www.securityfocus.com/bid/3280 https://exchange.xforce.ibmcloud.com/vulnerabilities/7081 http://www.osvdb.org/1946	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.