CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/03/24 3:16 a.m.•14 views

UBUNTU-CVE-2026-33308

6.8CVSS5.8AI score0.00205EPSS

ATTACKERKB•added 2026/03/24 1:36 a.m.•4 views

CVE-2026-33308

Exploits0References2Affected Software1

Vulnrichment•added 2026/03/24 1:36 a.m.•1 views

CVE-2026-33308 mod_gnutls missing key purpose check in client certificate verification

Cvelist•added 2026/03/24 1:36 a.m.•25 views

CVE-2026-33308 mod_gnutls missing key purpose check in client certificate verification

6.8CVSS0.00205EPSS

OSV•added 2026/03/24 1:36 a.m.•3 views

CVE-2026-33308 mod_gnutls missing key purpose check in client certificate verification

CVE•added 2026/03/24 1:36 a.m.•11 views

CVE-2026-33308

CVE-2026-33308 affects mod_gnutls, a TLS module for Apache HTTPD based on GnuTLS. Prior to 0.13.0, the client-certificate verification code did not enforce the Extended Key Usage EKU key purpose; if an attacker possessed the private key of a valid certificate from a trusted CA but intended for a ...

Exploits0References1Affected Software1

EUVD•added 2026/03/24 1:36 a.m.•6 views

EUVD-2026-14694

Positive Technologies•added 2026/03/24 12:0 a.m.•5 views

PT-2026-27303

Name of the Vulnerable Software and Affected Versions Mod gnutls versions prior to 0.13.0 Description Mod gnutls, a TLS module for Apache HTTPD based on GnuTLS, had an issue where the code for client certificate verification did not validate the key purpose as defined in the Extended Key Usage...

Tenable Nessus•added 2015/01/28 12:0 a.m.•165 views

PolarSSL 'asn1_get_sequence_of' Function Uninitialized Pointer RCE

PolarSSL contains a flaw when parsing ASN.1 sequences from X.509 certificates due to freeing an uninitialized pointer by the function 'asn1getsequenceof' within file 'asn1parse.c'. An unauthenticated, remote attacker, using a specially crafted certificate, can exploit this flaw to cause a denial ...

7.5CVSS6.5AI score0.03246EPSS