Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnutls vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-1416
lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 up to and including 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote malicious users to spoof signatures on certificates or have unspecified other impact by leveraging an inv...
Gnu Gnutls 2.5.0
Gnu Gnutls 2.6.1
Gnu Gnutls 2.6.2
Gnu Gnutls 2.6.5
Gnu Gnutls 2.6.0
Gnu Gnutls 2.6.3
Gnu Gnutls 2.6.4
1 EDB exploit
5.9
CVSSv3
CVE-2008-4989
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS prior to 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle malicious users to insert a spoofed cer...
Gnu Gnutls
Fedoraproject Fedora 9
Fedoraproject Fedora 8
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 8.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 6.06
Debian Debian Linux 4.0
Suse Linux Enterprise Server 11
Suse Linux Enterprise Server 10
Suse Linux Enterprise 11.0
Suse Linux Enterprise 10.0
Opensuse Opensuse
NA
CVE-2008-2377
Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 up to and including 2.4.0 allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmi...
Gnu Gnutls 2.3.7
Gnu Gnutls 2.3.8
Gnu Gnutls 2.3.9
Gnu Gnutls 2.4.0
Gnu Gnutls 2.3.5
Gnu Gnutls 2.3.6
NA
CVE-2008-1948
The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS prior to 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote malicious users to ca...
Gnu Gnutls 2.3.5
Gnu Gnutls 1.6.0
Gnu Gnutls 2.0.0
Gnu Gnutls 1.5.0
Gnu Gnutls 1.2.8
Gnu Gnutls 1.1.14
Gnu Gnutls 2.3.4
Gnu Gnutls 1.7.3
Gnu Gnutls 1.4.1
Gnu Gnutls 1.4.3
Gnu Gnutls 1.2.11
Gnu Gnutls 1.1.21
Gnu Gnutls 1.7.5
Gnu Gnutls 1.7.11
Gnu Gnutls 1.0.20
Gnu Gnutls 1.2.5
Gnu Gnutls 2.2.4
Gnu Gnutls 1.2.4
Gnu Gnutls 1.3.1
Gnu Gnutls 1.0.24
Gnu Gnutls 1.7.15
Gnu Gnutls 1.6.1
NA
CVE-2008-1949
The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS prior to 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote malicious users to cause a denial of servi...
Gnu Gnutls 2.3.5
Gnu Gnutls 1.6.0
Gnu Gnutls 2.0.0
Gnu Gnutls 1.5.0
Gnu Gnutls 1.2.8
Gnu Gnutls 1.1.14
Gnu Gnutls 2.3.4
Gnu Gnutls 1.7.3
Gnu Gnutls 1.4.1
Gnu Gnutls 1.4.3
Gnu Gnutls 1.2.11
Gnu Gnutls 1.1.21
Gnu Gnutls 1.7.5
Gnu Gnutls 1.7.11
Gnu Gnutls 1.0.20
Gnu Gnutls 1.2.5
Gnu Gnutls 2.2.4
Gnu Gnutls 1.2.4
Gnu Gnutls 1.3.1
Gnu Gnutls 1.0.24
Gnu Gnutls 1.7.15
Gnu Gnutls 1.6.1
NA
CVE-2008-1950
Integer signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS prior to 2.2.4 allows remote malicious users to cause a denial of service (buffer over-read and crash) via a certain integer value in the Random field in an encryp...
Gnu Gnutls 2.3.5
Gnu Gnutls 1.6.0
Gnu Gnutls 2.0.0
Gnu Gnutls 1.5.0
Gnu Gnutls 1.2.8
Gnu Gnutls 1.1.14
Gnu Gnutls 2.3.4
Gnu Gnutls 1.7.3
Gnu Gnutls 1.4.1
Gnu Gnutls 1.4.3
Gnu Gnutls 1.2.11
Gnu Gnutls 1.1.21
Gnu Gnutls 1.7.5
Gnu Gnutls 1.7.11
Gnu Gnutls 1.0.20
Gnu Gnutls 1.2.5
Gnu Gnutls 2.2.4
Gnu Gnutls 1.2.4
Gnu Gnutls 1.3.1
Gnu Gnutls 1.0.24
Gnu Gnutls 1.7.15
Gnu Gnutls 1.6.1
7.5
CVSSv3
CVE-2008-0166
OpenSSL 0.9.8c-1 up to versions prior to 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote malicious users to conduct brute force guessing attacks against cryptographic keys.
Openssl Openssl
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 6.06
Debian Debian Linux 4.0
3 EDB exploits
25 Github repositories
NA
CVE-2007-4995
Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 prior to 0.9.8f allows remote malicious users to execute arbitrary code via unspecified vectors.
Openssl Openssl 0.9.8d
Openssl Openssl 0.9.8e
Openssl Openssl 0.9.8b
Openssl Openssl 0.9.8c
Openssl Openssl 0.9.8
Openssl Openssl 0.9.8a
NA
CVE-2007-3108
The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and previous versions does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.
Openssl Openssl
NA
CVE-2007-3564
libcurl 7.14.0 up to and including 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote malicious users to bypass certain access restrictions.
Libcurl Libcurl 7.15.2
Libcurl Libcurl 7.15.3
Libcurl Libcurl 7.15
Libcurl Libcurl 7.15.1
Libcurl Libcurl 7.16.3
Libcurl Libcurl 7.14
Libcurl Libcurl 7.14.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
NEXT »