Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnutls vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2018-21029
systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability ...
Systemd Project Systemd
Fedoraproject Fedora 31
7.5
CVSSv2
CVE-2006-0645
Tiny ASN.1 Library (libtasn1) prior to 0.2.18, as used by (1) GnuTLS 1.2.x prior to 1.2.10 and 1.3.x prior to 1.3.4, and (2) GNU Shishi, allows malicious users to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid inpu...
Free Software Foundation Inc. Libtasn1 0.2.0
Free Software Foundation Inc. Libtasn1 0.2.1
Free Software Foundation Inc. Libtasn1 0.2.17
Free Software Foundation Inc. Libtasn1 0.2.2
Free Software Foundation Inc. Libtasn1 0.2.9
Free Software Foundation Inc. Libtasn1 0.1.1
Free Software Foundation Inc. Libtasn1 0.1.2
Free Software Foundation Inc. Libtasn1 0.2.14
Free Software Foundation Inc. Libtasn1 0.2.15
Free Software Foundation Inc. Libtasn1 0.2.16
Free Software Foundation Inc. Libtasn1 0.2.7
Free Software Foundation Inc. Libtasn1 0.2.8
Free Software Foundation Inc. Libtasn1 0.2.10
Free Software Foundation Inc. Libtasn1 0.2.11
Free Software Foundation Inc. Libtasn1 0.2.3
Free Software Foundation Inc. Libtasn1 0.2.4
Free Software Foundation Inc. Libtasn1 0.1.0
Free Software Foundation Inc. Libtasn1 0.2.12
Free Software Foundation Inc. Libtasn1 0.2.13
Free Software Foundation Inc. Libtasn1 0.2.5
Free Software Foundation Inc. Libtasn1 0.2.6
5
CVSSv2
CVE-2021-3580
A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.
Nettle Project Nettle
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Debian Debian Linux 9.0
Netapp Ontap Select Deploy Administration Utility -
5.8
CVSSv2
CVE-2009-2474
neon prior to 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle malicious users to spoof arbitrary SSL servers via a cra...
Webdav Neon
Apple Mac Os X
Canonical Ubuntu Linux 6.06
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 8.10
Canonical Ubuntu Linux 9.04
Fedoraproject Fedora 10
Fedoraproject Fedora 11
5.8
CVSSv2
CVE-2012-5821
Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle malicious users to spoof SSL servers via a crafted certificate, related to improper use of a certain GnuTLS function.
Lynx Lynx -
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 12.04
5.8
CVSSv2
CVE-2020-14154
Mutt prior to 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.
Mutt Mutt
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
5.8
CVSSv2
CVE-2011-1428
Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and previous versions does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle malicious users to spoof an SSL chat server via an arbitrar...
Flashtux Weechat 0.2.3
Flashtux Weechat 0.2.6.3
Flashtux Weechat 0.0.4
Flashtux Weechat 0.2.6.1
Flashtux Weechat 0.1.8
Flashtux Weechat 0.3.1
Flashtux Weechat 0.1.0
Flashtux Weechat 0.0.2
Flashtux Weechat 0.3.2
Flashtux Weechat 0.1.7
Flashtux Weechat 0.1.1
Flashtux Weechat 0.1.3
Flashtux Weechat 0.0.7
Flashtux Weechat 0.0.5
Flashtux Weechat 0.1.9
Flashtux Weechat 0.2.6
Flashtux Weechat 0.3.0
Flashtux Weechat 0.1.5
Flashtux Weechat 0.1.6
Flashtux Weechat 0.2.6.2
Flashtux Weechat 0.1.4
Flashtux Weechat 0.0.8
5
CVSSv2
CVE-2022-1328
Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 prior to 2.2.3 allows read past end of input line
Mutt Mutt
Debian Debian Linux 9.0
Fedoraproject Fedora 36
4.3
CVSSv2
CVE-2020-14954
Mutt prior to 1.14.4 and NeoMutt prior to 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and evaluates it in a TLS conte...
Mutt Mutt
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Neomutt Neomutt
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 8.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Opensuse Leap 15.1
Opensuse Leap 15.2
2.6
CVSSv2
CVE-2020-28896
Mutt prior to 2.0.2 and NeoMutt prior to 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in ...
Mutt Mutt
Neomutt Neomutt
Debian Debian Linux 9.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
CVE-2024-20360
CVE-2021-47559
XXE
CVE-2024-5229
CVE-2021-47543
CVE-2021-47571
SSTI
CVE-2024-4978
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
NEXT »