| Reporter | Title | Published | Views | Family All 414 |
|---|---|---|---|---|
| Security Bulletin: Multiple vulnerabilities in IBM MQ Operator and Queue manager container images | 19 Jun 202608:05 | – | ibm | |
| Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates | 2 Jul 202610:48 | – | ibm | |
| Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image | 29 Jun 202603:07 | – | ibm | |
| CVE-2026-42009 | 18 May 202612:44 | – | attackerkb | |
| CVE-2026-42014 | 16 Jun 202600:49 | – | attackerkb | |
| CVE-2026-3833 | 30 Apr 202617:37 | – | attackerkb | |
| CVE-2026-42010 | 7 May 202612:00 | – | attackerkb | |
| CVE-2026-42013 | 26 May 202621:29 | – | attackerkb | |
| CVE-2026-33845 | 30 Apr 202617:41 | – | attackerkb | |
| CVE-2026-5260 | 26 May 202621:29 | – | attackerkb |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(326133);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/07/10");
script_cve_id(
"CVE-2026-3833",
"CVE-2026-5260",
"CVE-2026-33845",
"CVE-2026-33846",
"CVE-2026-42009",
"CVE-2026-42010",
"CVE-2026-42013",
"CVE-2026-42014"
);
script_xref(name:"IAVA", value:"2026-A-0405");
script_name(english:"EulerOS 2.0 SP12 : gnutls (EulerOS-SA-2026-2590)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by
the following vulnerabilities :
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The
issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based
solely on handshake type, without validating that the message_length field remains consistent across all
fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with
conflicting message_length values, causing the implementation to allocate a buffer based on a smaller
initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because
the merge operation does not enforce proper bounds checking against the allocated buffer size, this
results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without
authentication via the DTLS handshake path and can lead to application crashes or potential memory
corruption.(CVE-2026-33846)
A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset,
leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is
remotely exploitable and may cause information disclosure or denial of service.(CVE-2026-33845)
A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons
of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within
`excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf
certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass
where a certificate that should be rejected is instead accepted. This could result in unauthorized access
or information disclosure.(CVE-2026-3833)
A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer
Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by
sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to
unstable packet ordering or undefined behavior, resulting in a denial of service.(CVE-2026-42009)
A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest-Shamir-Adleman - Pre-Shared Key)
wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could
exploit this by sending a specially crafted username, leading to an authentication bypass. This
vulnerability allows an attacker to gain unauthorized access by circumventing the authentication
process.(CVE-2026-42010)
This ID has been reserved by a CNA(CVE-2026-42014)
A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN)
could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This
could allow a remote attacker to bypass proper certificate validation, potentially leading to spoofing or
man-in-the-middle attacks.(CVE-2026-42013)
A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an
RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap
overread. This memory corruption vulnerability could lead to information disclosure.(CVE-2026-5260)
Tenable has extracted the preceding description block directly from the EulerOS gnutls security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2026-2590
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?05ec7877");
script_set_attribute(attribute:"solution", value:
"Update the affected gnutls packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-42010");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2026/04/30");
script_set_attribute(attribute:"patch_publication_date", value:"2026/07/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/07/10");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gnutls");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gnutls-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gnutls-help");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gnutls-utils");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (_release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP12");
var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(12)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP12");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP12", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
var flag = 0;
var pkgs = [
"gnutls-3.7.2-6.h21.eulerosv2r12",
"gnutls-devel-3.7.2-6.h21.eulerosv2r12",
"gnutls-help-3.7.2-6.h21.eulerosv2r12",
"gnutls-utils-3.7.2-6.h21.eulerosv2r12"
];
foreach (var pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"12", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnutls");
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation