Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnu gnutls vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2009-1415
lib/pk-libgcrypt.c in libgnutls in GnuTLS prior to 2.6.6 does not properly handle invalid DSA signatures, which allows remote malicious users to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) fr...
Gnu Gnutls
1 EDB exploit
4.3
CVSSv2
CVE-2008-4989
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS prior to 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle malicious users to insert a spoofed cer...
Gnu Gnutls
Fedoraproject Fedora 9
Fedoraproject Fedora 8
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 8.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 6.06
Debian Debian Linux 4.0
Suse Linux Enterprise Server 11
Suse Linux Enterprise Server 10
Suse Linux Enterprise 11.0
Suse Linux Enterprise 10.0
Opensuse Opensuse
4
CVSSv2
CVE-2013-1619
The TLS implementation in GnuTLS prior to 2.12.23, 3.0.x prior to 3.0.28, and 3.1.x prior to 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote malicious users to c...
Gnu Gnutls 2.12.2
Gnu Gnutls 2.12.3
Gnu Gnutls 2.6.4
Gnu Gnutls 2.6.5
Gnu Gnutls 2.6.1
Gnu Gnutls 2.12.17
Gnu Gnutls 2.12.9
Gnu Gnutls 2.12.10
Gnu Gnutls 2.8.4
Gnu Gnutls 2.8.5
Gnu Gnutls 2.10.5
Gnu Gnutls 2.12.4
Gnu Gnutls 2.12.5
Gnu Gnutls 2.4.2
Gnu Gnutls 2.4.1
Gnu Gnutls 2.7.4
Gnu Gnutls 2.12.15
Gnu Gnutls 2.3.11
Gnu Gnutls 2.12.11
Gnu Gnutls 2.12.12
Gnu Gnutls 2.8.6
Gnu Gnutls 2.10.0
3.3
CVSSv2
CVE-2018-16868
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in som...
Gnu Gnutls
NA
CVE-2024-0567
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or malicious user...
Gnu Gnutls
NA
CVE-2024-0553
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote malicious user to perform a timing side-channel attack in th...
Gnu Gnutls
Fedoraproject Fedora 39
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
NA
CVE-2023-5981
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
Gnu Gnutls 1.5.0
Redhat Linux 8.0
Redhat Linux 9.0
Fedoraproject Fedora 37
Fedoraproject Fedora 38
NA
CVE-2023-0361
A timing side-channel in the handling of RSA ClientKeyExchange messages exists in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker woul...
Gnu Gnutls 3.6.8-11.el8 2
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Netapp Ontap Select Deploy Administration Utility -
Netapp Active Iq Unified Manager -
Netapp Converged Systems Advisor Agent -
NA
CVE-2021-4209
A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.
Gnu Gnutls
Redhat Enterprise Linux 8.0
Netapp Solidfire \\& Hci Management Node -
Netapp Active Iq Unified Manager -
Netapp Hci Bootstrap Os -
NA
CVE-2022-2509
A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.
Gnu Gnutls
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Fedoraproject Fedora 35
Debian Debian Linux 10.0
Debian Debian Linux 11.0
2 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5