4445 matches found
CVE-2026-3833 Gnutls: gnutls: policy bypass due to case-sensitive nameconstraints comparison
A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of nameConstraints labels, specifically for dNSName DNS or rfc822Name email constraints within excludedSubtrees or permittedSubtrees. A remote attacker can exploit this by crafting a leaf...
CVE-2026-3833
A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of nameConstraints labels, specifically for dNSName DNS or rfc822Name email constraints within excludedSubtrees or permittedSubtrees. A remote attacker can exploit this by crafting a leaf...
EUVD-2026-26403
A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of nameConstraints labels, specifically for dNSName DNS or rfc822Name email constraints within excludedSubtrees or permittedSubtrees. A remote attacker can exploit this by crafting a leaf...
CVE-2026-33845
A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service. Mitigati...
CVE-2026-3833 Gnutls: gnutls: policy bypass due to case-sensitive nameconstraints comparison
A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of nameConstraints labels, specifically for dNSName DNS or rfc822Name email constraints within excludedSubtrees or permittedSubtrees. A remote attacker can exploit this by crafting a leaf...
CVE-2026-3833
A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of nameConstraints labels, specifically for dNSName DNS or rfc822Name email constraints within excludedSubtrees or permittedSubtrees. A remote attacker can exploit this by crafting a leaf...
Linux Distros Unpatched Vulnerability : CVE-2026-42010
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in gnutls. Servers configured with RSA-PSK RivestShamirAdleman Pre-Shared Key wrongfully matched usernames containing a NUL character with...
Linux Distros Unpatched Vulnerability : CVE-2026-42012
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource...
PT-2026-37380
Name of the Vulnerable Software and Affected Versions gnutls versions prior to 3.8.13-1.1 Description No detailed information was provided regarding the nature of the security issues fixed in this package. Recommendations Update to version 3.8.13-1.1...
PT-2026-36792
Name of the Vulnerable Software and Affected Versions GnuTLS affected versions not specified Description A heap buffer overflow exists in the DTLS handshake fragment reassembly logic. The issue occurs in the merge handshake packet function, where incoming handshake fragments are matched and merge...
PT-2026-36149
Name of the Vulnerable Software and Affected Versions GnuTLS affected versions not specified Description A flaw in DTLS handshake parsing allows malformed fragments with zero length and non-zero offset to cause an integer underflow during reassembly. This leads to an out-of-bounds read, which is...
PT-2026-37434
Name of the Vulnerable Software and Affected Versions gnutls versions prior to 3.8.13-1.1 Description No detailed information was provided regarding the nature of the security issues fixed in this package. Recommendations Update to version 3.8.13-1.1...
PT-2026-37379
Name of the Vulnerable Software and Affected Versions gnutls versions prior to 3.8.13-1.1 Description No detailed information was provided regarding the nature of the security issues fixed in this package. Recommendations Update to version 3.8.13-1.1...
PT-2026-37381
Name of the Vulnerable Software and Affected Versions gnutls versions prior to 3.8.13-1.1 Description No detailed information was provided regarding the nature of the security issues fixed in this package. Recommendations Update to version 3.8.13-1.1...
PT-2026-37433
Name of the Vulnerable Software and Affected Versions gnutls versions prior to 3.8.13-1.1 Description No detailed information was provided regarding the nature of the security issues fixed in this package. Recommendations Update to version 3.8.13-1.1...
PT-2026-37376
Name of the Vulnerable Software and Affected Versions gnutls versions prior to 3.8.13-1.1 Description An issue was identified in the gnutls package that has been addressed in a security update. Recommendations Update to version 3.8.13-1.1...
PT-2026-37382
Name of the Vulnerable Software and Affected Versions gnutls versions prior to 3.8.13-1.1 Description No detailed information was provided regarding the nature of the security issues fixed in this package. Recommendations Update to version 3.8.13-1.1...
PT-2026-37378
Name of the Vulnerable Software and Affected Versions gnutls versions prior to 3.8.13-1.1 Description A flaw exists where permitted name constraints are incorrectly ignored when previous Certificate Authorities CAs only have excluded name constraints. A remote attacker can exploit this to bypass...
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free in the gnutlspkcs11tokensetpin function. An attacker can execute arbitrary code or cause a denial of service by triggering a use-after-free condition. Remediation A fix was pushed into the master branch but not yet...
Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary Multiple components with known vulnerabilities were addressed in IBM QRadar SIEM 7.5.0 UP15 IF02 Vulnerability Details CVEID:CVE-2025-14831 DESCRIPTION: A flaw was found in GnuTLS. This vulnerability allows a denial of service DoS by excessive CPU Central Processing Unit and memory...