Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnutls vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-2091
The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and previous versions does not validate client certificates when "GnuTLSClientVerify require" is set, which allows remote malicious users to spoof clients via a crafted certificate.
Apache Mod-gnutls
NA
CVE-2014-1959
lib/x509/verify.c in GnuTLS prior to 3.1.21 and 3.2.x prior to 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote malicious users to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.
Gnu Gnutls 3.1.12
Gnu Gnutls 3.1.13
Gnu Gnutls 3.1.14
Gnu Gnutls 3.1.6
Gnu Gnutls 3.1.7
Gnu Gnutls 3.1.15
Gnu Gnutls 3.1.16
Gnu Gnutls 3.1.8
Gnu Gnutls 3.1.9
Gnu Gnutls 3.1.10
Gnu Gnutls 3.1.11
Gnu Gnutls 3.1.4
Gnu Gnutls 3.1.5
Gnu Gnutls 3.1.18
Gnu Gnutls 3.1.17
Gnu Gnutls 3.1.0
Gnu Gnutls 3.1.1
Gnu Gnutls 3.1.2
Gnu Gnutls 3.1.3
Gnu Gnutls
Gnu Gnutls 3.1.19
Gnu Gnutls 3.2.7
NA
CVE-2009-5138
GnuTLS prior to 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote malicious users to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new...
Gnu Gnutls 2.7.3
Gnu Gnutls 2.7.2
Gnu Gnutls 2.7.4
Gnu Gnutls 2.7.1
Gnu Gnutls 2.7.0
Gnu Gnutls
NA
CVE-2013-6422
The GnuTLS backend in libcurl 7.21.4 up to and including 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote malicious users to spoof server...
Debian Debian Linux 7.0
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 13.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 13.04
Haxx Libcurl 7.30.0
Haxx Libcurl 7.28.0
Haxx Libcurl 7.23.1
Haxx Libcurl 7.21.4
Haxx Libcurl 7.27.0
Haxx Libcurl 7.26.0
Haxx Libcurl 7.25.0
Haxx Libcurl 7.24.0
Haxx Libcurl 7.33.0
Haxx Libcurl 7.32.0
Haxx Libcurl 7.21.5
Haxx Libcurl 7.21.6
Haxx Libcurl 7.21.7
Haxx Libcurl 7.31.0
Haxx Libcurl 7.29.0
Haxx Libcurl 7.28.1
Haxx Libcurl 7.23.0
NA
CVE-2013-4487
Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x prior to 3.1.16 and 3.2.x prior to 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incom...
Gnu Gnutls 3.2.4
Gnu Gnutls 3.2.5
Gnu Gnutls 3.2.1
Gnu Gnutls 3.2.3
Gnu Gnutls 3.2.0
Gnu Gnutls 3.2.2
Gnu Gnutls 3.1.13
Gnu Gnutls 3.1.14
Gnu Gnutls 3.1.15
Gnu Gnutls 3.1.2
Gnu Gnutls 3.1.0
Gnu Gnutls 3.1.7
Gnu Gnutls 3.1.8
Gnu Gnutls 3.1.9
Gnu Gnutls 3.1.1
Gnu Gnutls 3.1.11
Gnu Gnutls 3.1.4
Gnu Gnutls 3.1.6
Gnu Gnutls 3.1.10
Gnu Gnutls 3.1.12
Gnu Gnutls 3.1.3
Gnu Gnutls 3.1.5
NA
CVE-2013-4466
Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x prior to 3.1.15 and 3.2.x prior to 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries.
Gnu Gnutls 3.1.2
Gnu Gnutls 3.1.3
Gnu Gnutls 3.1.4
Gnu Gnutls 3.1.5
Gnu Gnutls 3.2.0
Gnu Gnutls 3.2.2
Gnu Gnutls 3.1.13
Gnu Gnutls 3.1.0
Gnu Gnutls 3.1.7
Gnu Gnutls 3.2.1
Gnu Gnutls 3.2.3
Gnu Gnutls 3.1.12
Gnu Gnutls 3.1.14
Gnu Gnutls 3.1.1
Gnu Gnutls 3.1.6
Gnu Gnutls 3.1.8
Gnu Gnutls 3.2.4
Gnu Gnutls 3.1.9
Gnu Gnutls 3.1.10
Gnu Gnutls 3.1.11
NA
CVE-2013-1619
The TLS implementation in GnuTLS prior to 2.12.23, 3.0.x prior to 3.0.28, and 3.1.x prior to 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote malicious users to c...
Gnu Gnutls 2.12.2
Gnu Gnutls 2.12.3
Gnu Gnutls 2.6.4
Gnu Gnutls 2.6.5
Gnu Gnutls 2.6.1
Gnu Gnutls 2.12.17
Gnu Gnutls 2.12.9
Gnu Gnutls 2.12.10
Gnu Gnutls 2.8.4
Gnu Gnutls 2.8.5
Gnu Gnutls 2.10.5
Gnu Gnutls 2.12.4
Gnu Gnutls 2.12.5
Gnu Gnutls 2.4.2
Gnu Gnutls 2.4.1
Gnu Gnutls 2.7.4
Gnu Gnutls 2.12.15
Gnu Gnutls 2.3.11
Gnu Gnutls 2.12.11
Gnu Gnutls 2.12.12
Gnu Gnutls 2.8.6
Gnu Gnutls 2.10.0
NA
CVE-2012-1569
The asn1_get_length_der function in decoding.c in GNU Libtasn1 prior to 2.12, as used in GnuTLS prior to 3.0.16 and other products, does not properly handle certain large length values, which allows remote malicious users to cause a denial of service (heap memory corruption and a...
Gnu Libtasn1 2.10
Gnu Libtasn1 2.3
Gnu Libtasn1 2.2
Gnu Libtasn1 1.3
Gnu Libtasn1 1.2
Gnu Libtasn1 0.3.6
Gnu Libtasn1 0.3.5
Gnu Libtasn1 0.2.17
Gnu Libtasn1 0.2.16
Gnu Libtasn1 0.2.15
Gnu Libtasn1 0.2.8
Gnu Libtasn1 0.2.7
Gnu Libtasn1 0.2.0
Gnu Libtasn1 0.1.2
Gnu Gnutls 1.0.20
Gnu Gnutls 1.0.21
Gnu Libtasn1 2.5
Gnu Libtasn1 2.4
Gnu Libtasn1 1.5
Gnu Libtasn1 1.4
Gnu Libtasn1 0.3.8
Gnu Libtasn1 0.3.7
NA
CVE-2012-1573
gnutls_cipher.c in libgnutls in GnuTLS prior to 2.12.17 and 3.x prior to 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote malicious users to cause a denial of service (heap memory corruption and application crash) via a crafted record, as de...
Gnu Gnutls 2.12.15
Gnu Gnutls 2.3.5
Gnu Gnutls 2.10.2
Gnu Gnutls 2.0.0
Gnu Gnutls 2.8.3
Gnu Gnutls 2.3.4
Gnu Gnutls 2.12.2
Gnu Gnutls 2.7.4
Gnu Gnutls 2.6.1
Gnu Gnutls 2.2.4
Gnu Gnutls 2.1.0
Gnu Gnutls 2.3.1
Gnu Gnutls 2.12.7
Gnu Gnutls 2.12.5
Gnu Gnutls 2.2.5
Gnu Gnutls 2.1.1
Gnu Gnutls 2.3.8
Gnu Gnutls 2.8.5
Gnu Gnutls 2.1.7
Gnu Gnutls 2.10.4
Gnu Gnutls 2.1.4
Gnu Gnutls 2.6.0
NA
CVE-2012-1663
Double free vulnerability in libgnutls in GnuTLS prior to 3.0.14 allows remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.
Gnu Gnutls 1.1.21
Gnu Gnutls 1.2.10
Gnu Gnutls 1.2.3
Gnu Gnutls 1.2.8
Gnu Gnutls 1.2.9
Gnu Gnutls 1.4.1
Gnu Gnutls 1.0.22
Gnu Gnutls 1.0.16
Gnu Gnutls 2.4.1
Gnu Gnutls 1.1.15
Gnu Gnutls 1.0.24
Gnu Gnutls 1.4.5
Gnu Gnutls 2.10.5
Gnu Gnutls 1.1.13
Gnu Gnutls 1.7.18
Gnu Gnutls 2.0.3
Gnu Gnutls 1.4.3
Gnu Gnutls 1.5.2
Gnu Gnutls 2.1.0
Gnu Gnutls 1.5.5
Gnu Gnutls 2.1.5
Gnu Gnutls 2.1.8
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »