Lucene search
K

117 matches found

OSV
OSV
added 2017/04/14 4:59 a.m.1 views

DEBIAN-CVE-2017-7869

GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdkpktread function in opencdk/read-packet.c. This issue which is a subset of the vendor's GNUTLS-SA-2017-3 report is fixed in 3.5.10...

7.5CVSS7.7AI score0.02839EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2017/03/21 8:23 a.m.5 views

gnutls: Stack overflow in cdk_pk_get_keyid

Stack-based buffer overflow in the cdkpkgetkeyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate...

9.8CVSS7.7AI score0.07071EPSS
Exploits0References4
CNVD
CNVD
added 2017/01/13 12:0 a.m.2 views

Multiple Buffer Overflow Vulnerabilities in GnuTLS

GnuTLS is a free secure communications library for implementing SSL, TLS and DTLS protocols. A buffer overflow-based vulnerability exists in GnuTLS that could be exploited by a remote attacker to submit a specially crafted request to crash an application linking to this library...

7.5CVSS8.9AI score0.08009EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2016/02/24 5:26 p.m.33 views

USN-2913-4: GnuTLS update

USN-2913-1 removed 1024-bit RSA CA certificates from the ca-certificates package. This update adds support for alternate certificate chains to the GnuTLS package to properly handle the removal. Original advisory details: The ca-certificates package contained outdated CA certificates. This update...

5.4AI score
Exploits0References1
OSV
OSV
added 2015/11/30 12:0 a.m.4 views

UBUNTU-CVE-2015-8313

GnuTLS incorrectly validates the first byte of padding in CBC modes...

5.9CVSS6.2AI score0.01685EPSS
Exploits0References4
OSV
OSV
added 2015/09/02 2:59 p.m.1 views

DEBIAN-CVE-2015-3308

Double free vulnerability in lib/x509/x509ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point...

7.5CVSS7.7AI score0.03921EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2014/06/10 12:23 p.m.3 views

gnutls: gnutls_x509_dn_oid_name NULL pointer dereference

The gnutlsx509dnoidname function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN...

5CVSS5.9AI score0.06783EPSS
Exploits0References4
OSV
OSV
added 2014/06/03 2:55 p.m.2 views

DEBIAN-CVE-2014-3466

Buffer overflow in the readserverhello function in lib/gnutlshandshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service memory corruption or possibly execute arbitrary code via a long session id in a ServerHello message...

6.8CVSS8.2AI score0.11221EPSS
Exploits1References1
OSV
OSV
added 2014/06/02 1:17 p.m.8 views

USN-2229-1 gnutls26 vulnerability

Joonas Kuorilehto discovered that GnuTLS incorrectly handled Server Hello messages. A malicious remote server or a machine-in-the-middle could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code...

6.8CVSS7.5AI score0.11221EPSS
Exploits1References2
OSV
OSV
added 2014/06/02 12:0 a.m.12 views

DLA-0001-1 gnutls26 - security update

Bulletin has no description...

6.8CVSS7.5AI score0.11221EPSS
Exploits1
Debian
Debian
added 2014/06/01 8:38 a.m.35 views

[SECURITY] [DSA 2944-1] gnutls26 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2944-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 01, 2014 http://www.debian.org/security/faq -...

6.8CVSS6.1AI score0.11221EPSS
Exploits1
OSV
OSV
added 2014/06/01 12:0 a.m.30 views

DSA-2944-1 gnutls26 - security update

Bulletin has no description...

6.8CVSS6.6AI score0.11221EPSS
Exploits1
OpenVAS
OpenVAS
added 2014/05/31 12:0 a.m.19 views

Debian: Security Advisory (DSA-2944-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.3AI score0.11221EPSS
Exploits1References3
OSV
OSV
added 2013/11/20 2:12 p.m.4 views

UBUNTU-CVE-2013-4466

Buffer overflow in the danequerytlsa function in the DANE library libdane in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service memory corruption via a response with more than four DANE entries...

5CVSS5.9AI score0.01978EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2012/04/11 12:0 a.m.23 views

Fedora Update for libtasn1 FEDORA-2012-4342

Check for the Version of libtasn1 OpenVAS Vulnerability Test Fedora Update for libtasn1 FEDORA-2012-4342 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

5CVSS7.2AI score0.0446EPSS
Exploits1References2
OSV
OSV
added 2012/01/06 1:55 a.m.3 views

DEBIAN-CVE-2012-0390

The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related...

4.3CVSS9.2AI score0.0123EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2010/03/25 9:11 a.m.5 views

TLS: MITM attacks via session renegotiation

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...

9.8CVSS6.9AI score0.87264EPSS
Exploits14References4
Tenable Nessus
Tenable Nessus
added 2009/12/01 12:0 a.m.31 views

Fedora 11 : cups-1.4.2-7.fc11 (2009-10891)

Updated to 1.4.2 including XSS security fix CVE-2009-2820. Fixed improper reference counting in abstract file descriptors handling interface CVE-2009-3553. Fixed admin.cgi crash when modifying a class. Fix cups-lpd to create unique temporary data files. Pass through serial parameters correctly in...

7.5CVSS7.3AI score0.0578EPSS
Exploits6References5
RedHat Linux
RedHat Linux
added 2009/11/11 10:0 p.m.5 views

TLS: MITM attacks via session renegotiation

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services IIS 7.0, modssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services NSS 3.12.4 and earlier, multiple Cis...

9.8CVSS6.9AI score0.87264EPSS
Exploits14References4
RedHat Linux
RedHat Linux
added 2009/08/12 2:31 p.m.8 views

deprecate MD2 in SSL cert validation (Kaminsky)

The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...

5.1CVSS6.6AI score0.04506EPSS
Exploits0References4
Rows per page
Query Builder