Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnu gnutls vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-3829
A vulnerability was found in gnutls versions from 3.5.8 prior to 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.
Gnu Gnutls
Fedoraproject Fedora -
7.5
CVSSv3
CVE-2017-7507
GnuTLS version 3.5.12 and previous versions is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.
Gnu Gnutls
7.5
CVSSv3
CVE-2008-0166
OpenSSL 0.9.8c-1 up to versions prior to 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote malicious users to conduct brute force guessing attacks against cryptographic keys.
Openssl Openssl
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 6.06
Debian Debian Linux 4.0
3 EDB exploits
22 Github repositories
7.4
CVSSv3
CVE-2023-0361
A timing side-channel in the handling of RSA ClientKeyExchange messages exists in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker woul...
Gnu Gnutls 3.6.8-11.el8 2
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Netapp Ontap Select Deploy Administration Utility -
Netapp Active Iq Unified Manager -
Netapp Converged Systems Advisor Agent -
7.4
CVSSv3
CVE-2020-13777
GnuTLS 3.6.x prior to 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the firs...
Gnu Gnutls
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 20.04
Debian Debian Linux 10.0
8 Github repositories
7.4
CVSSv3
CVE-2020-11501
GnuTLS 3.6.x prior to 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to ...
Gnu Gnutls
Debian Debian Linux 10.0
Opensuse Leap 15.1
Canonical Ubuntu Linux 19.10
Fedoraproject Fedora 31
Fedoraproject Fedora 32
6.5
CVSSv3
CVE-2021-4209
A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.
Gnu Gnutls
Redhat Enterprise Linux 8.0
Netapp Solidfire \\& Hci Management Node -
Netapp Active Iq Unified Manager -
Netapp Hci Bootstrap Os -
5.9
CVSSv3
CVE-2023-5981
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
Gnu Gnutls 1.5.0
Redhat Linux 8.0
Redhat Linux 9.0
Fedoraproject Fedora 37
Fedoraproject Fedora 38
5.9
CVSSv3
CVE-2015-8313
GnuTLS incorrectly validates the first byte of padding in CBC modes
Gnu Gnutls
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
5.9
CVSSv3
CVE-2008-4989
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS prior to 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle malicious users to insert a spoofed cer...
Gnu Gnutls
Fedoraproject Fedora 9
Fedoraproject Fedora 8
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 8.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 6.06
Debian Debian Linux 4.0
Suse Linux Enterprise Server 11
Suse Linux Enterprise Server 10
Suse Linux Enterprise 11.0
Suse Linux Enterprise 10.0
Opensuse Opensuse
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »