|
51
|
-
4.0
|
MEDIUM
|
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the pr…
|
CWE-310
Cryptographic Issues
|
CVE-2013-1619
|
cpe:2.3:a:gnu:gnutls:3.1.6:* cpe:2.3:a:gnu:gnutls:3.1.5:* cpe:2.3:a:gnu:gnutls:3.1.4:* cpe:2.3:a:gnu:gnutls:3.…
|
|
|
|
|
2024-11-21 10:50
2013-02-9
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
52
|
-
5.0
|
MEDIUM
|
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (he…
|
CWE-310
Cryptographic Issues
|
CVE-2012-1573
|
cpe:2.3:a:gnu:gnutls:3.0:* cpe:2.3:a:gnu:gnutls:3.0.9:* cpe:2.3:a:gnu:gnutls:3.0.8:* cpe:2.3:a:gnu:gnutls:3.0.…
|
|
2.12.16
|
|
|
2024-11-21 10:37
2012-03-27
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
53
|
-
5.0
|
MEDIUM
|
The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remo…
|
CWE-189
Numeric Errors
|
CVE-2012-1569
|
cpe:2.3:a:gnu:gnutls:3.0:* cpe:2.3:a:gnu:gnutls:3.0.9:* cpe:2.3:a:gnu:gnutls:3.0.8:* cpe:2.3:a:gnu:gnutls:3.0.…
|
|
3.0.15
|
|
|
2024-11-21 10:37
2012-03-27
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
54
|
-
7.5
|
HIGH
|
Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certifi…
|
CWE-399
Resource Management Errors
|
CVE-2012-1663
|
cpe:2.3:a:gnu:gnutls:3.0:* cpe:2.3:a:gnu:gnutls:3.0.9:* cpe:2.3:a:gnu:gnutls:3.0.8:* cpe:2.3:a:gnu:gnutls:3.0.…
|
|
3.0.13
|
|
|
2024-11-21 10:37
2012-03-14
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
55
|
-
4.3
|
MEDIUM
|
The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it eas…
|
CWE-310
Cryptographic Issues
|
CVE-2012-0390
|
cpe:2.3:a:gnu:gnutls:3.0.9:* cpe:2.3:a:gnu:gnutls:3.0.8:* cpe:2.3:a:gnu:gnutls:3.0.7:* cpe:2.3:a:gnu:gnutls:3.…
|
|
3.0.10
|
|
|
2024-11-21 10:34
2012-01-6
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
56
|
-
4.3
|
MEDIUM
|
Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumptio…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2011-4128
|
cpe:2.3:a:gnu:gnutls:3.0.6:* cpe:2.3:a:gnu:gnutls:3.0.5:* cpe:2.3:a:gnu:gnutls:3.0.4:* cpe:2.3:a:gnu:gnutls:3.…
|
|
|
|
|
2024-11-21 10:31
2011-12-9
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
57
|
-
5.0
|
MEDIUM
|
The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a …
|
CWE-310
Cryptographic Issues
|
CVE-2006-7239
|
cpe:2.3:a:gnu:gnutls:1.4.0:* cpe:2.3:a:gnu:gnutls:1.3.5:* cpe:2.3:a:gnu:gnutls:1.3.4:* cpe:2.3:a:gnu:gnutls:1.…
|
|
1.4.1
|
|
|
2023-02-13 11:17
2010-05-25
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
58
|
-
7.5
|
HIGH
|
The gnutls_x509_crt_get_serial function in the GnuTLS library before 1.2.1, when running on big-endian, 64-bit platforms, calls the asn1_read_value with a pointer to the wrong data type and the wrong…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2010-0731
|
cpe:2.3:a:gnu:gnutls:1.1.23:* cpe:2.3:a:gnu:gnutls:1.1.22:* cpe:2.3:a:gnu:gnutls:1.1.21:* cpe:2.3:a:gnu:gnutls…
|
|
1.2.0
|
|
|
2017-09-19 10:30
2010-03-27
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
59
|
-
5.8
|
MEDIUM
|
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9…
|
CWE-295
Improper Certificate Validation
|
CVE-2009-3555
|
cpe:2.3:a:gnu:gnutls:*:*
|
|
2.8.5
|
|
|
2026-04-23 09:35
2009-11-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
60
|
-
7.5
|
HIGH
|
libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, …
|
CWE-310
Cryptographic Issues
|
CVE-2009-2730
|
cpe:2.3:a:gnu:gnutls:2.8.0:* cpe:2.3:a:gnu:gnutls:2.6.6:* cpe:2.3:a:gnu:gnutls:2.6.5:* cpe:2.3:a:gnu:gnutls:2.…
|
|
2.8.1
|
|
|
2026-04-23 09:35
2009-08-12
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|