Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnu gnutls 2.7.4 vulnerabilities and exploits
(subscribe to this query)
516
VMScore
CVE-2009-5138
GnuTLS prior to 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote malicious users to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new...
Gnu Gnutls 2.7.3
Gnu Gnutls 2.7.2
Gnu Gnutls 2.7.4
Gnu Gnutls 2.7.1
Gnu Gnutls 2.7.0
Gnu Gnutls
445
VMScore
CVE-2012-1573
gnutls_cipher.c in libgnutls in GnuTLS prior to 2.12.17 and 3.x prior to 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote malicious users to cause a denial of service (heap memory corruption and application crash) via a crafted record, as de...
Gnu Gnutls 2.12.15
Gnu Gnutls 2.3.5
Gnu Gnutls 2.10.2
Gnu Gnutls 2.0.0
Gnu Gnutls 2.8.3
Gnu Gnutls 2.3.4
Gnu Gnutls 2.12.2
Gnu Gnutls 2.7.4
Gnu Gnutls 2.6.1
Gnu Gnutls 2.2.4
Gnu Gnutls 2.1.0
Gnu Gnutls 2.3.1
Gnu Gnutls 2.12.7
Gnu Gnutls 2.12.5
Gnu Gnutls 2.2.5
Gnu Gnutls 2.1.1
Gnu Gnutls 2.3.8
Gnu Gnutls 2.8.5
Gnu Gnutls 2.1.7
Gnu Gnutls 2.10.4
Gnu Gnutls 2.1.4
Gnu Gnutls 2.6.0
356
VMScore
CVE-2013-1619
The TLS implementation in GnuTLS prior to 2.12.23, 3.0.x prior to 3.0.28, and 3.1.x prior to 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote malicious users to c...
Gnu Gnutls 2.12.2
Gnu Gnutls 2.12.3
Gnu Gnutls 2.6.4
Gnu Gnutls 2.6.5
Gnu Gnutls 2.6.1
Gnu Gnutls 2.12.17
Gnu Gnutls 2.12.9
Gnu Gnutls 2.12.10
Gnu Gnutls 2.8.4
Gnu Gnutls 2.8.5
Gnu Gnutls 2.10.5
Gnu Gnutls 2.12.4
Gnu Gnutls 2.12.5
Gnu Gnutls 2.4.2
Gnu Gnutls 2.4.1
Gnu Gnutls 2.7.4
Gnu Gnutls 2.12.15
Gnu Gnutls 2.3.11
Gnu Gnutls 2.12.11
Gnu Gnutls 2.12.12
Gnu Gnutls 2.8.6
Gnu Gnutls 2.10.0
755
VMScore
CVE-2012-1663
Double free vulnerability in libgnutls in GnuTLS prior to 3.0.14 allows remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.
Gnu Gnutls 1.1.21
Gnu Gnutls 1.2.10
Gnu Gnutls 1.2.3
Gnu Gnutls 1.2.8
Gnu Gnutls 1.2.9
Gnu Gnutls 1.4.1
Gnu Gnutls 1.0.22
Gnu Gnutls 1.0.16
Gnu Gnutls 2.4.1
Gnu Gnutls 1.1.15
Gnu Gnutls 1.0.24
Gnu Gnutls 1.4.5
Gnu Gnutls 2.10.5
Gnu Gnutls 1.1.13
Gnu Gnutls 1.7.18
Gnu Gnutls 2.0.3
Gnu Gnutls 1.4.3
Gnu Gnutls 1.5.2
Gnu Gnutls 2.1.0
Gnu Gnutls 1.5.5
Gnu Gnutls 2.1.5
Gnu Gnutls 2.1.8
1 EDB exploit
445
VMScore
CVE-2012-1569
The asn1_get_length_der function in decoding.c in GNU Libtasn1 prior to 2.12, as used in GnuTLS prior to 3.0.16 and other products, does not properly handle certain large length values, which allows remote malicious users to cause a denial of service (heap memory corruption and a...
Gnu Libtasn1 2.10
Gnu Libtasn1 2.3
Gnu Libtasn1 2.2
Gnu Libtasn1 1.3
Gnu Libtasn1 1.2
Gnu Libtasn1 0.3.6
Gnu Libtasn1 0.3.5
Gnu Libtasn1 0.2.17
Gnu Libtasn1 0.2.16
Gnu Libtasn1 0.2.15
Gnu Libtasn1 0.2.8
Gnu Libtasn1 0.2.7
Gnu Libtasn1 0.2.0
Gnu Libtasn1 0.1.2
Gnu Gnutls 1.0.20
Gnu Gnutls 1.0.21
Gnu Libtasn1 2.5
Gnu Libtasn1 2.4
Gnu Libtasn1 1.5
Gnu Libtasn1 1.4
Gnu Libtasn1 0.3.8
Gnu Libtasn1 0.3.7
454
VMScore
CVE-2009-2409
The Network Security Services (NSS) library prior to 3.12.3, as used in Firefox; GnuTLS prior to 2.6.4 and 2.7.4; OpenSSL 0.9.8 up to and including 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote malicious users to spoof certificates by us...
Mozilla Firefox
Mozilla Nss
Mozilla Nss 3.0
Mozilla Nss 3.2
Mozilla Nss 3.2.1
Mozilla Nss 3.3
Mozilla Nss 3.3.1
Mozilla Nss 3.3.2
Mozilla Nss 3.4
Mozilla Nss 3.4.1
Mozilla Nss 3.4.2
Mozilla Nss 3.4.3
Mozilla Nss 3.5
Mozilla Nss 3.6
Mozilla Nss 3.6.1
Mozilla Nss 3.7
Mozilla Nss 3.7.1
Mozilla Nss 3.7.2
Mozilla Nss 3.7.3
Mozilla Nss 3.7.5
Mozilla Nss 3.7.7
Mozilla Nss 3.8
NA
CVE-2023-0361
A timing side-channel in the handling of RSA ClientKeyExchange messages exists in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker woul...
Gnu Gnutls 3.6.8-11.el8 2
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Netapp Ontap Select Deploy Administration Utility -
Netapp Active Iq Unified Manager -
Netapp Converged Systems Advisor Agent -
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started