CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 5 days ago•3 views

gnutls: gnutls: Authentication Bypass via NUL Character in Username

A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...

9.8CVSS5.4AI score0.00862EPSS

RedHat Linux•added 5 days ago•9 views

gnutls: gnutls: Information disclosure via heap overread in RSA key exchange

A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure...

8.2CVSS5.5AI score0.00768EPSS

Tenable Nessus•added 2026/06/08 12:0 a.m.•10 views

TencentOS Server 4: gnutls (TSSA-2026:0431)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0431 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

8.2CVSS5.6AI score0.004EPSS

Tenable Nessus•added 2026/06/06 12:0 a.m.•6 views

EulerOS Virtualization 2.12.1 : gnutls (EulerOS-SA-2026-2076)

According to the versions of the gnutls packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in GnuTLS. This vulnerability allows a denial of service DoS by excessive CPU Central Processing Unit and memory...

5.3CVSS5.5AI score0.00638EPSS

Exploits1References2

Tenable Nessus•added 2026/06/06 12:0 a.m.•9 views

EulerOS Virtualization 2.13.0 : gnutls (EulerOS-SA-2026-2168)

5.3CVSS6.8AI score0.00638EPSS

Exploits1References3

CNNVD•added 2026/06/01 12:0 a.m.•8 views

GnuTLS 安全漏洞

GnuTLS is an open-source, free security communication library developed by GnuTLS that enables the implementation of SSL, TLS, and DTLS protocols. There is a security vulnerability in gnutls, which stems from the fact that the PKCS7 padding check does not occur at a constant time during decryptio...

3.7CVSS5.4AI score0.00519EPSS

RedHat Linux•added 2026/05/26 6:51 a.m.•7 views

gnutls: gnutls: Security bypass due to incorrect name constraint handling

A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities CAs only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate...

7.4CVSS5.8AI score0.00386EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в gnutls28

A vulnerability was identified: the response times for malformed ciphertexts in RSA-PSK ClientKeyExchange differ from those of ciphertexts with correct PKCS1 v1.5 padding...

5.9CVSS6.5AI score0.01257EPSS

Snyk•added 2026/05/18 3:48 p.m.•3 views

Undefined Behavior for Input to API

Overview Affected versions of this package are vulnerable to Undefined Behavior for Input to API in the comparator function responsible for ordering Datagram Transport Layer Security DTLS packets by sequence numbers. An attacker can cause unstable packet ordering or undefined behavior by sending...

8.7CVSS5.8AI score0.0082EPSS

EUVD•added 2026/05/07 3:38 p.m.•9 views

EUVD-2026-28386

7.4CVSS5.8AI score0.00386EPSS

Snyk•added 2026/05/07 3:27 p.m.•6 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation via incorrect handling of name constraints during certificate validation. An attacker can bypass critical certificate validation checks by presenting a certificate chain where permitted name constraints a...

9.1CVSS5.8AI score0.00386EPSS

EUVD•added 2026/05/07 12:31 p.m.•7 views

EUVD-2026-28354

7.1CVSS5.8AI score0.00862EPSS

ATTACKERKB•added 2026/05/07 12:0 p.m.•6 views

CVE-2026-42010

9.8CVSS5.8AI score0.00862EPSS

Exploits0References7

CNNVD•added 2026/05/07 12:0 a.m.•5 views

GnuTLS 信任管理问题漏洞

GnuTLS is an open-source, free security communication library developed by GnuTLS. GnuTLS has a trust management vulnerability. This vulnerability arises when the previous certificate issuer only had exclusion from name constraints, and the allowed name constraints were incorrectly ignored. This...

7.4CVSS5.8AI score0.00386EPSS

Exploits0References1

RedHat Linux•added 2026/05/05 5:47 p.m.•11 views

Important: Red Hat Security Advisory: updated RHEL-8 based Middleware Containers container images

Updated RHEL-8 based Middleware Containers container images are now available The RHEL-8 based Middleware Containers container images have been updated to address the following security advisory: RHSA-2026:11077 RHSA-2026:7667 RHSA-2026:8534 RHSA-2026:9745 see References Security Fixes: rsync:...

9.8CVSS7.4AI score0.01962EPSS

Exploits1References17

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux – Vulnerability in gnutls28

A flaw was discovered in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a speciall...

5.3CVSS6.7AI score0.01193EPSS

Tenable Nessus•added 2026/05/03 12:0 a.m.•5 views

Slackware Linux 15.0 / current gnutls Vulnerability (SSA:2026-122-02)

The version of gnutls installed on the remote host is prior to 3.8.13. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-122-02 advisory. New gnutls packages are available for Slackware 15.0 and -current to fix a security issue. Tenable has extracted the preceding...

7.5CVSS5.8AI score0.00992EPSS