| CVE-2001-0265 | | 0.03 | — | 0.01 | | Jun 18, 2001 | ASCII Armor parser in Windows PGP 7.0.3 and earlier allows attackers to create files in arbitrary locations via a malformed ASCII armored file. |
| CVE-2002-1977 | | 0.00 | — | 0.00 | | Dec 31, 2002 | Network Associates PGP 7.0.4 and 7.1 does not time out according to the value set in the "Passphrase Cache" option, which could allow attackers to open encrypted files without providing a passphrase. |
| CVE-2001-1016 | | 0.00 | — | 0.01 | | Sep 4, 2001 | PGP Corporate Desktop before 7.1, Personal Security before 7.0.3, Freeware before 7.0.3, and E-Business Server before 7.1 does not properly display when invalid userID's are used to sign a message, which could allow an attacker to make the user believe that the document has been signed by a trusted third party by adding a second, invalid user ID to a key which has already been signed by the third party, aka the "PGPsdk Key Validity Vulnerability." |
| CVE-2001-0435 | | 0.00 | — | 0.00 | | Jul 2, 2001 | The split key mechanism used by PGP 7.0 allows a key share holder to obtain access to the entire key by setting the "Cache passphrase while logged on" option and capturing the passphrases of other share holders as they authenticate. |
| CVE-2000-0678 | | 0.00 | — | 0.00 | | Oct 20, 2000 | PGP 5.5.x through 6.5.3 does not properly check if an Additional Decryption Key (ADK) is stored in the signed portion of a public certificate, which allows an attacker who can modify a victim's public certificate to decrypt any data that has been encrypted with the modified certificate. |
| CVE-2000-0445 | | 0.00 | — | 0.00 | | May 24, 2000 | The pgpk command in PGP 5.x on Unix systems uses an insufficiently random data source for non-interactive key pair generation, which may produce predictable keys. |
