Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnutls vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2007-3564
libcurl 7.14.0 up to and including 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote malicious users to bypass certain access restrictions.
Libcurl Libcurl 7.15.2
Libcurl Libcurl 7.15.3
Libcurl Libcurl 7.15
Libcurl Libcurl 7.15.1
Libcurl Libcurl 7.16.3
Libcurl Libcurl 7.14
Libcurl Libcurl 7.14.1
NA
CVE-2024-28834
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noti...
NA
CVE-2024-28835
A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.
NA
CVE-2022-1615
In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values.
Samba Samba
Fedoraproject Fedora 37
668
VMScore
CVE-2013-7098
OpenConnect VPN client with GnuTLS prior to 5.02 contains a heap overflow if MTU is increased on reconnection.
Infradead Openconnect
605
VMScore
CVE-2017-6891
Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.
Gnu Libtasn1 4.10
Debian Debian Linux 8.0
Apache Bookkeeper 4.12.1
356
VMScore
CVE-2013-6422
The GnuTLS backend in libcurl 7.21.4 up to and including 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote malicious users to spoof server...
Debian Debian Linux 7.0
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 13.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 13.04
Haxx Libcurl 7.30.0
Haxx Libcurl 7.28.0
Haxx Libcurl 7.23.1
Haxx Libcurl 7.21.4
Haxx Libcurl 7.27.0
Haxx Libcurl 7.26.0
Haxx Libcurl 7.25.0
Haxx Libcurl 7.24.0
Haxx Libcurl 7.33.0
Haxx Libcurl 7.32.0
Haxx Libcurl 7.21.5
Haxx Libcurl 7.21.6
Haxx Libcurl 7.21.7
Haxx Libcurl 7.31.0
Haxx Libcurl 7.29.0
Haxx Libcurl 7.28.1
Haxx Libcurl 7.23.0
593
VMScore
CVE-2009-3555
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and previous versions, OpenSSL prior to 0.9.8l, GnuTLS 2.8.5 and previous versions, Mozilla Network Security Ser...
Openssl Openssl 1.0
Apache Http Server
Openssl Openssl
Gnu Gnutls
Mozilla Nss
Debian Debian Linux 5.0
Canonical Ubuntu Linux 10.10
Fedoraproject Fedora 11
Fedoraproject Fedora 13
Debian Debian Linux 4.0
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Canonical Ubuntu Linux 9.04
Debian Debian Linux 6.0
Fedoraproject Fedora 12
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 8.10
Canonical Ubuntu Linux 9.10
Fedoraproject Fedora 14
F5 Nginx
2 EDB exploits
10 Github repositories
605
VMScore
CVE-2009-1390
Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote malicious users to spoof trusted servers via a man-in-...
Mutt Mutt 1.5.19
356
VMScore
CVE-2022-28352
WeeChat (aka Wee Enhanced Environment for Chat) 3.2 to 3.4 prior to 3.4.1 does not properly verify the TLS certificate of the server, after certain GnuTLS options are changed, which allows man-in-the-middle malicious users to spoof a TLS chat server via an arbitrary certificate. ...
Weechat Weechat
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »