Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnutls vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2009-1416
lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 up to and including 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote malicious users to spoof signatures on certificates or have unspecified other impact by leveraging an inv...
Gnu Gnutls 2.5.0
Gnu Gnutls 2.6.1
Gnu Gnutls 2.6.2
Gnu Gnutls 2.6.5
Gnu Gnutls 2.6.0
Gnu Gnutls 2.6.3
Gnu Gnutls 2.6.4
1 EDB exploit
516
VMScore
CVE-2009-5138
GnuTLS prior to 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote malicious users to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new...
Gnu Gnutls 2.7.3
Gnu Gnutls 2.7.2
Gnu Gnutls 2.7.4
Gnu Gnutls 2.7.1
Gnu Gnutls 2.7.0
Gnu Gnutls
676
VMScore
CVE-2008-2377
Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 up to and including 2.4.0 allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmi...
Gnu Gnutls 2.3.7
Gnu Gnutls 2.3.8
Gnu Gnutls 2.3.9
Gnu Gnutls 2.4.0
Gnu Gnutls 2.3.5
Gnu Gnutls 2.3.6
668
VMScore
CVE-2017-5334
Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS prior to 3.3.26 and 3.5.x prior to 3.5.8 allows remote malicious users to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information ...
Opensuse Leap 42.1
Opensuse Leap 42.2
Gnu Gnutls 3.5.3
Gnu Gnutls 3.5.4
Gnu Gnutls 3.5.5
Gnu Gnutls 3.5.6
Gnu Gnutls 3.5.1
Gnu Gnutls 3.5.2
Gnu Gnutls
Gnu Gnutls 3.5.7
Gnu Gnutls 3.5.0
NA
CVE-2023-25824
Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 (including) did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU ...
Mod Gnutls Project Mod Gnutls
445
VMScore
CVE-2009-5144
mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote malicious users to spoof clients via a crafted certificate.
Mod Gnutls Project Mod Gnutls -
383
VMScore
CVE-2014-8155
GnuTLS prior to 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle malicious users to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.
Gnu Gnutls
445
VMScore
CVE-2017-7507
GnuTLS version 3.5.12 and previous versions is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.
Gnu Gnutls
NA
CVE-2024-0567
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or malicious user...
Gnu Gnutls
295
VMScore
CVE-2018-16868
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in som...
Gnu Gnutls
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »