Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnutls vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2009-5144
mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote malicious users to spoof clients via a crafted certificate.
Mod Gnutls Project Mod Gnutls -
5
CVSSv2
CVE-2017-7507
GnuTLS version 3.5.12 and previous versions is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.
Gnu Gnutls
6.8
CVSSv2
CVE-2017-6891
Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.
Gnu Libtasn1 4.10
Debian Debian Linux 8.0
Apache Bookkeeper 4.12.1
7.5
CVSSv2
CVE-2017-5334
Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS prior to 3.3.26 and 3.5.x prior to 3.5.8 allows remote malicious users to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information ...
Opensuse Leap 42.1
Opensuse Leap 42.2
Gnu Gnutls 3.5.3
Gnu Gnutls 3.5.4
Gnu Gnutls 3.5.5
Gnu Gnutls 3.5.6
Gnu Gnutls 3.5.1
Gnu Gnutls 3.5.2
Gnu Gnutls
Gnu Gnutls 3.5.7
Gnu Gnutls 3.5.0
7.5
CVSSv2
CVE-2015-3308
Double free vulnerability in lib/x509/x509_ext.c in GnuTLS prior to 3.3.14 allows remote malicious users to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.
Gnu Gnutls
Canonical Ubuntu Linux 15.04
5
CVSSv2
CVE-2015-6251
Double free vulnerability in GnuTLS prior to 3.3.17 and 3.4.x prior to 3.4.4 allows remote malicious users to cause a denial of service via a long DistinguishedName (DN) entry in a certificate.
Gnu Gnutls 3.3.16
Gnu Gnutls 3.3.15
Gnu Gnutls 3.3.8
Gnu Gnutls 3.3.7
Gnu Gnutls 3.3.0
Gnu Gnutls 3.3.12
Gnu Gnutls 3.3.11
Gnu Gnutls 3.3.4
Gnu Gnutls 3.3.3
Gnu Gnutls 3.4.3
Gnu Gnutls 3.3.10
Gnu Gnutls 3.3.9
Gnu Gnutls 3.3.2
Gnu Gnutls 3.3.1
Gnu Gnutls 3.3.14
Gnu Gnutls 3.3.13
Gnu Gnutls 3.3.6
Gnu Gnutls 3.3.5
Gnu Gnutls 3.4.0
Gnu Gnutls 3.4.1
Gnu Gnutls 3.4.2
Debian Debian Linux 8.0
4.3
CVSSv2
CVE-2014-8155
GnuTLS prior to 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle malicious users to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.
Gnu Gnutls
5
CVSSv2
CVE-2015-2091
The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and previous versions does not validate client certificates when "GnuTLSClientVerify require" is set, which allows remote malicious users to spoof clients via a crafted certificate.
Apache Mod-gnutls
5.8
CVSSv2
CVE-2014-1959
lib/x509/verify.c in GnuTLS prior to 3.1.21 and 3.2.x prior to 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote malicious users to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.
Gnu Gnutls 3.1.12
Gnu Gnutls 3.1.13
Gnu Gnutls 3.1.14
Gnu Gnutls 3.1.6
Gnu Gnutls 3.1.7
Gnu Gnutls 3.1.15
Gnu Gnutls 3.1.16
Gnu Gnutls 3.1.8
Gnu Gnutls 3.1.9
Gnu Gnutls 3.1.10
Gnu Gnutls 3.1.11
Gnu Gnutls 3.1.4
Gnu Gnutls 3.1.5
Gnu Gnutls 3.1.18
Gnu Gnutls 3.1.17
Gnu Gnutls 3.1.0
Gnu Gnutls 3.1.1
Gnu Gnutls 3.1.2
Gnu Gnutls 3.1.3
Gnu Gnutls
Gnu Gnutls 3.1.19
Gnu Gnutls 3.2.7
5.8
CVSSv2
CVE-2009-5138
GnuTLS prior to 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote malicious users to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new...
Gnu Gnutls 2.7.3
Gnu Gnutls 2.7.2
Gnu Gnutls 2.7.4
Gnu Gnutls 2.7.1
Gnu Gnutls 2.7.0
Gnu Gnutls
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »