Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnutls vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2017-5334
Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS prior to 3.3.26 and 3.5.x prior to 3.5.8 allows remote malicious users to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information ...
Opensuse Leap 42.1
Opensuse Leap 42.2
Gnu Gnutls 3.5.3
Gnu Gnutls 3.5.4
Gnu Gnutls 3.5.5
Gnu Gnutls 3.5.6
Gnu Gnutls 3.5.1
Gnu Gnutls 3.5.2
Gnu Gnutls
Gnu Gnutls 3.5.7
Gnu Gnutls 3.5.0
7.5
CVSSv2
CVE-2015-3308
Double free vulnerability in lib/x509/x509_ext.c in GnuTLS prior to 3.3.14 allows remote malicious users to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.
Gnu Gnutls
Canonical Ubuntu Linux 15.04
7.5
CVSSv2
CVE-2012-1663
Double free vulnerability in libgnutls in GnuTLS prior to 3.0.14 allows remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.
Gnu Gnutls 1.1.21
Gnu Gnutls 1.2.10
Gnu Gnutls 1.2.3
Gnu Gnutls 1.2.8
Gnu Gnutls 1.2.9
Gnu Gnutls 1.4.1
Gnu Gnutls 1.0.22
Gnu Gnutls 1.0.16
Gnu Gnutls 2.4.1
Gnu Gnutls 1.1.15
Gnu Gnutls 1.0.24
Gnu Gnutls 1.4.5
Gnu Gnutls 2.10.5
Gnu Gnutls 1.1.13
Gnu Gnutls 1.7.18
Gnu Gnutls 2.0.3
Gnu Gnutls 1.4.3
Gnu Gnutls 1.5.2
Gnu Gnutls 2.1.0
Gnu Gnutls 1.5.5
Gnu Gnutls 2.1.5
Gnu Gnutls 2.1.8
1 EDB exploit
7.5
CVSSv2
CVE-2010-0731
The gnutls_x509_crt_get_serial function in the GnuTLS library prior to 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong length value, which allows remote malicious users to bypass the certificate re...
Gnu Gnutls 1.1.21
Gnu Gnutls 1.1.20
Gnu Gnutls 1.1.13
Gnu Gnutls 1.0.22
Gnu Gnutls 1.0.24
Gnu Gnutls 1.0.25
Gnu Gnutls 1.1.23
Gnu Gnutls 1.1.22
Gnu Gnutls 1.1.15
Gnu Gnutls 1.1.14
Gnu Gnutls 1.0.16
Gnu Gnutls 1.0.17
Gnu Gnutls
Gnu Gnutls 1.1.17
Gnu Gnutls 1.1.16
Gnu Gnutls 1.0.18
Gnu Gnutls 1.0.19
Gnu Gnutls 1.1.19
Gnu Gnutls 1.1.18
Gnu Gnutls 1.0.23
Gnu Gnutls 1.0.20
Gnu Gnutls 1.0.21
7.5
CVSSv2
CVE-2009-2730
libgnutls in GnuTLS prior to 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle malicious users to spoof arbitrar...
Gnu Gnutls 2.6.5
Gnu Gnutls 2.4.2
Gnu Gnutls 2.3.3
Gnu Gnutls 2.3.9
Gnu Gnutls 1.0.18
Gnu Gnutls 1.0.19
Gnu Gnutls 1.1.14
Gnu Gnutls 1.1.15
Gnu Gnutls 1.2.0
Gnu Gnutls 1.2.11
Gnu Gnutls 1.2.6
Gnu Gnutls 1.2.8.1a1
Gnu Gnutls 1.3.4
Gnu Gnutls 1.3.5
Gnu Gnutls 2.2.1
Gnu Gnutls 1.7.12
Gnu Gnutls 2.2.5
Gnu Gnutls 1.7.16
Gnu Gnutls 2.0.3
Gnu Gnutls 1.4.3
Gnu Gnutls 2.0.0
Gnu Gnutls 1.5.2
7.5
CVSSv2
CVE-2009-1416
lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 up to and including 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote malicious users to spoof signatures on certificates or have unspecified other impact by leveraging an inv...
Gnu Gnutls 2.5.0
Gnu Gnutls 2.6.1
Gnu Gnutls 2.6.2
Gnu Gnutls 2.6.5
Gnu Gnutls 2.6.0
Gnu Gnutls 2.6.3
Gnu Gnutls 2.6.4
1 EDB exploit
7.5
CVSSv2
CVE-2007-3564
libcurl 7.14.0 up to and including 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote malicious users to bypass certain access restrictions.
Libcurl Libcurl 7.15.2
Libcurl Libcurl 7.15.3
Libcurl Libcurl 7.15
Libcurl Libcurl 7.15.1
Libcurl Libcurl 7.16.3
Libcurl Libcurl 7.14
Libcurl Libcurl 7.14.1
7.5
CVSSv2
CVE-2006-0645
Tiny ASN.1 Library (libtasn1) prior to 0.2.18, as used by (1) GnuTLS 1.2.x prior to 1.2.10 and 1.3.x prior to 1.3.4, and (2) GNU Shishi, allows malicious users to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid inpu...
Free Software Foundation Inc. Libtasn1 0.2.0
Free Software Foundation Inc. Libtasn1 0.2.1
Free Software Foundation Inc. Libtasn1 0.2.17
Free Software Foundation Inc. Libtasn1 0.2.2
Free Software Foundation Inc. Libtasn1 0.2.9
Free Software Foundation Inc. Libtasn1 0.1.1
Free Software Foundation Inc. Libtasn1 0.1.2
Free Software Foundation Inc. Libtasn1 0.2.14
Free Software Foundation Inc. Libtasn1 0.2.15
Free Software Foundation Inc. Libtasn1 0.2.16
Free Software Foundation Inc. Libtasn1 0.2.7
Free Software Foundation Inc. Libtasn1 0.2.8
Free Software Foundation Inc. Libtasn1 0.2.10
Free Software Foundation Inc. Libtasn1 0.2.11
Free Software Foundation Inc. Libtasn1 0.2.3
Free Software Foundation Inc. Libtasn1 0.2.4
Free Software Foundation Inc. Libtasn1 0.1.0
Free Software Foundation Inc. Libtasn1 0.2.12
Free Software Foundation Inc. Libtasn1 0.2.13
Free Software Foundation Inc. Libtasn1 0.2.5
Free Software Foundation Inc. Libtasn1 0.2.6
6.8
CVSSv2
CVE-2017-6891
Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.
Gnu Libtasn1 4.10
Debian Debian Linux 8.0
Apache Bookkeeper 4.12.1
6.8
CVSSv2
CVE-2009-1390
Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote malicious users to spoof trusted servers via a man-in-...
Mutt Mutt 1.5.19
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »