Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnutls vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2021-3181
rfc822.c in Mutt up to and including 2.0.4 allows remote malicious users to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from t...
Mutt Mutt
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
383
VMScore
CVE-2020-14954
Mutt prior to 1.14.4 and NeoMutt prior to 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS conte...
Mutt Mutt
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Neomutt Neomutt
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 8.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Opensuse Leap 15.1
Opensuse Leap 15.2
383
VMScore
CVE-2020-14093
Mutt prior to 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.
Mutt Mutt
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
Opensuse Leap 15.2
383
VMScore
CVE-2015-8313
GnuTLS incorrectly validates the first byte of padding in CBC modes
Gnu Gnutls
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
383
VMScore
CVE-2014-8155
GnuTLS prior to 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle malicious users to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.
Gnu Gnutls
383
VMScore
CVE-2012-0390
The DTLS implementation in GnuTLS 3.0.10 and previous versions executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote malicious users to recover partial plaintext via a timin...
Gnu Gnutls 3.0.9
Gnu Gnutls 3.0.8
Gnu Gnutls 3.0.1
Gnu Gnutls 3.0.0
Gnu Gnutls 2.12.7
Gnu Gnutls 2.12.6
Gnu Gnutls 2.12.0
Gnu Gnutls 2.10.5
Gnu Gnutls 2.10.1-x86
Gnu Gnutls 2.10.0
Gnu Gnutls 2.6.6
Gnu Gnutls 2.6.5
Gnu Gnutls 2.4.2
Gnu Gnutls 2.4.1
Gnu Gnutls 3.0.7
Gnu Gnutls 3.0.6
Gnu Gnutls 2.12.14
Gnu Gnutls
Gnu Gnutls 3.0.3
Gnu Gnutls 3.0.2
Gnu Gnutls 2.12.9
Gnu Gnutls 2.12.8
383
VMScore
CVE-2011-4128
Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x prior to 2.12.14 and 3.x prior to 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash)...
Gnu Gnutls 2.12.2
Gnu Gnutls 2.12.7
Gnu Gnutls 2.12.5
Gnu Gnutls 2.12.8
Gnu Gnutls 2.12.6.1
Gnu Gnutls 2.12.0
Gnu Gnutls 2.12.10
Gnu Gnutls 2.12.6
Gnu Gnutls 2.12.9
Gnu Gnutls 2.12.13
Gnu Gnutls 2.12.12
Gnu Gnutls 2.12.3
Gnu Gnutls 2.12.4
Gnu Gnutls 2.12.11
Gnu Gnutls 2.12.1
Gnu Gnutls 3.0.3
Gnu Gnutls 3.0.6
Gnu Gnutls 3.0.0
Gnu Gnutls 3.0.2
Gnu Gnutls 3.0.5
Gnu Gnutls 3.0.1
Gnu Gnutls 3.0.4
383
VMScore
CVE-2008-4989
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS prior to 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle malicious users to insert a spoofed cer...
Gnu Gnutls
Fedoraproject Fedora 9
Fedoraproject Fedora 8
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 8.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 6.06
Debian Debian Linux 4.0
Suse Linux Enterprise Server 11
Suse Linux Enterprise Server 10
Suse Linux Enterprise 11.0
Suse Linux Enterprise 10.0
Opensuse Opensuse
356
VMScore
CVE-2022-28352
WeeChat (aka Wee Enhanced Environment for Chat) 3.2 to 3.4 prior to 3.4.1 does not properly verify the TLS certificate of the server, after certain GnuTLS options are changed, which allows man-in-the-middle malicious users to spoof a TLS chat server via an arbitrary certificate. ...
Weechat Weechat
356
VMScore
CVE-2013-6422
The GnuTLS backend in libcurl 7.21.4 up to and including 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote malicious users to spoof server...
Debian Debian Linux 7.0
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 13.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 13.04
Haxx Libcurl 7.30.0
Haxx Libcurl 7.28.0
Haxx Libcurl 7.23.1
Haxx Libcurl 7.21.4
Haxx Libcurl 7.27.0
Haxx Libcurl 7.26.0
Haxx Libcurl 7.25.0
Haxx Libcurl 7.24.0
Haxx Libcurl 7.33.0
Haxx Libcurl 7.32.0
Haxx Libcurl 7.21.5
Haxx Libcurl 7.21.6
Haxx Libcurl 7.21.7
Haxx Libcurl 7.31.0
Haxx Libcurl 7.29.0
Haxx Libcurl 7.28.1
Haxx Libcurl 7.23.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »