Lucene search
K

290 matches found

RedHat Linux
RedHat Linux
added 4 days ago8 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.22.4 bug fix and security update

Red Hat OpenShift Container Platform release 4.22.4 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.22. Red Hat Product Security has rated this update as having a...

9.8CVSS6AI score0.0105EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/29 2:54 a.m.4 views

gnutls: gnutls: Authentication Bypass via NUL Character in Username

A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...

9.8CVSS5.8AI score0.0105EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/29 2:54 a.m.8 views

Important: Red Hat Security Advisory: gnutls and libtasn1 security update

An update for multiple packages is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

9.8CVSS7AI score0.01335EPSS
Exploits2References14
RedHat Linux
RedHat Linux
added 2026/06/25 6:37 p.m.5 views

gnutls: gnutls: Authentication Bypass via NUL Character in Username

A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...

9.8CVSS5.8AI score0.0105EPSS
Exploits0References5
Redos
Redos
added 2026/06/25 12:0 a.m.4 views

ROS-20260625-73-0002

The vulnerability in gnutls is related to errors in processing parameter values related to input data length. Exploiting this vulnerability can allow a remote attacker to cause service failures...

7.5CVSS5.9AI score0.01263EPSS
Exploits0
Redos
Redos
added 2026/06/25 12:0 a.m.4 views

ROS-20260625-73-0004

The vulnerability in gnutls is related to the unlimited distribution of resources. Exploiting this vulnerability could allow a remote attacker to cause service failures...

7.5CVSS5.9AI score0.01335EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/16 4:53 p.m.4 views

gnutls: gnutls: Memory corruption due to off-by-one error in PKCS#12 bag handling

A flaw was found in gnutls. An off-by-one error exists in the PKCS12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of...

5.3CVSS5.5AI score0.00727EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/16 4:53 p.m.4 views

gnutls: gnutls: Authentication Bypass via NUL Character in Username

A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...

9.8CVSS5.4AI score0.0105EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/16 4:53 p.m.12 views

gnutls: gnutls: Information disclosure via heap overread in RSA key exchange

A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure...

8.2CVSS5.5AI score0.00727EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.14 views

TencentOS Server 4: gnutls (TSSA-2026:0431)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0431 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

8.2CVSS5.6AI score0.00423EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.14 views

EulerOS Virtualization 2.13.0 : gnutls (EulerOS-SA-2026-2168)

According to the versions of the gnutls packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in GnuTLS. This vulnerability allows a denial of service DoS by excessive CPU Central Processing Unit and memory...

5.3CVSS6.8AI score0.00638EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.13 views

EulerOS Virtualization 2.12.1 : gnutls (EulerOS-SA-2026-2076)

According to the versions of the gnutls packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in GnuTLS. This vulnerability allows a denial of service DoS by excessive CPU Central Processing Unit and memory...

5.3CVSS5.5AI score0.00638EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

GnuTLS 信息泄露漏洞

GnuTLS is an open-source, free security communication library developed by GnuTLS that enables the implementation of SSL, TLS, and DTLS protocols. There is a security vulnerability in gnutls, which stems from the fact that the PKCS7 padding check does not occur at a constant time during decryptio...

3.7CVSS5.9AI score0.00379EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/26 6:51 a.m.10 views

gnutls: gnutls: Security bypass due to incorrect name constraint handling

A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities CAs only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate...

7.4CVSS5.8AI score0.00475EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2026/05/22 12:0 a.m.3 views

The vulnerability of the compare_strings() function in the GnuTLS library allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the comparestrings function in the GnuTLS library is related to shortcomings in the mechanism for handling register-dependent data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

7.4CVSS5.8AI score0.00566EPSS
Exploits1References9Affected Software5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in gnutls28

A vulnerability was identified: the response times for malformed ciphertexts in RSA-PSK ClientKeyExchange differ from those of ciphertexts with correct PKCS1 v1.5 padding...

5.9CVSS6.5AI score0.01257EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 3:48 p.m.6 views

Undefined Behavior for Input to API

Overview Affected versions of this package are vulnerable to Undefined Behavior for Input to API in the comparator function responsible for ordering Datagram Transport Layer Security DTLS packets by sequence numbers. An attacker can cause unstable packet ordering or undefined behavior by sending...

8.7CVSS5.8AI score0.01335EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/07 3:38 p.m.16 views

EUVD-2026-28386

A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities CAs only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate...

7.4CVSS5.8AI score0.00475EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/07 3:27 p.m.10 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation via incorrect handling of name constraints during certificate validation. An attacker can bypass critical certificate validation checks by presenting a certificate chain where permitted name constraints a...

9.1CVSS5.8AI score0.00475EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/07 12:31 p.m.13 views

EUVD-2026-28354

A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...

7.1CVSS5.8AI score0.0105EPSS
Exploits0References3
Rows per page
Query Builder