Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnutls vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2009-1416
lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 up to and including 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote malicious users to spoof signatures on certificates or have unspecified other impact by leveraging an inv...
Gnu Gnutls 2.5.0
Gnu Gnutls 2.6.1
Gnu Gnutls 2.6.2
Gnu Gnutls 2.6.5
Gnu Gnutls 2.6.0
Gnu Gnutls 2.6.3
Gnu Gnutls 2.6.4
1 EDB exploit
5.8
CVSSv2
CVE-2009-5138
GnuTLS prior to 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote malicious users to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new...
Gnu Gnutls 2.7.3
Gnu Gnutls 2.7.2
Gnu Gnutls 2.7.4
Gnu Gnutls 2.7.1
Gnu Gnutls 2.7.0
Gnu Gnutls
7.6
CVSSv2
CVE-2008-2377
Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 up to and including 2.4.0 allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmi...
Gnu Gnutls 2.3.7
Gnu Gnutls 2.3.8
Gnu Gnutls 2.3.9
Gnu Gnutls 2.4.0
Gnu Gnutls 2.3.5
Gnu Gnutls 2.3.6
7.5
CVSSv2
CVE-2017-5334
Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS prior to 3.3.26 and 3.5.x prior to 3.5.8 allows remote malicious users to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information ...
Opensuse Leap 42.1
Opensuse Leap 42.2
Gnu Gnutls 3.5.3
Gnu Gnutls 3.5.4
Gnu Gnutls 3.5.5
Gnu Gnutls 3.5.6
Gnu Gnutls 3.5.1
Gnu Gnutls 3.5.2
Gnu Gnutls
Gnu Gnutls 3.5.7
Gnu Gnutls 3.5.0
NA
CVE-2023-25824
Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 (including) did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU ...
Mod Gnutls Project Mod Gnutls
5
CVSSv2
CVE-2009-5144
mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote malicious users to spoof clients via a crafted certificate.
Mod Gnutls Project Mod Gnutls -
NA
CVE-2024-0567
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or malicious user...
Gnu Gnutls
5
CVSSv2
CVE-2017-7507
GnuTLS version 3.5.12 and previous versions is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.
Gnu Gnutls
4.3
CVSSv2
CVE-2014-8155
GnuTLS prior to 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle malicious users to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.
Gnu Gnutls
3.3
CVSSv2
CVE-2018-16868
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in som...
Gnu Gnutls
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »