Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4455 matches found

Cent OS
Cent OSadded 2009/08/26 9:53 p.m.66 views

gnutls security update

CentOS Errata and Security Advisory CESA-2009:123 Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GnuTLS library provides support for...

7.5CVSS6AI score0.02695EPSS
Exploits0References7
Cent OS
Cent OSadded 2009/08/26 7:50 p.m.67 views

gnutls security update

CentOS Errata and Security Advisory CESA-2009:1232 Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GnuTLS library provides support for...

7.5CVSS6AI score0.02695EPSS
Exploits0References7
RedHat Linux
RedHat Linuxadded 2009/08/26 2:47 p.m.32 views

Moderate: Red Hat Security Advisory: gnutls security update

Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GnuTLS library provides support for cryptographic algorithms and for protocols such as...

7.5CVSS6AI score0.02695EPSS
Exploits0References2
RedHat Linux
RedHat Linuxadded 2009/08/26 2:47 p.m.1 views

gnutls: incorrect verification of SSL certificate with NUL in name (GNUTLS-SA-2009-4)

libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's 1 Common Name CN or 2 Subject Alternative Name SAN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued b...

7.5CVSS6.2AI score0.02695EPSS
Exploits0References4
Oracle linux
Oracle linuxadded 2009/08/26 12:0 a.m.67 views

gnutls security update

1.4.1-3.5 - fix NUL characters in DN and SAN cert fields issue, make sure gnutlsx509crtcheckhostname fails when certificate has no CN or SAN CVE-2009-2730 516231...

7.5CVSS2.7AI score0.02695EPSS
Exploits0
Tenable Nessus
Tenable Nessusadded 2009/08/24 12:0 a.m.30 views

Mandriva Linux Security Advisory : gnutls (MDVSA-2009:210)

A vulnerability have been discovered and corrected in GnuTLS before 2.8.2, which could allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority CVE-2009-2730. This update fixes this vulnerability. %NASLMINLEVEL 70300...

7.5CVSS5.6AI score0.02695EPSS
Exploits0References1
Prion
Prionadded 2009/08/21 5:30 p.m.28 views

Design/Logic Flaw

neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate...

5.8CVSS8.9AI score0.01855EPSS
Exploits4References13Affected Software4
OSV
OSVadded 2009/08/21 5:30 p.m.6 views

CVE-2009-2474

neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate...

5.5AI score
Exploits0References18
Cvelist
Cvelistadded 2009/08/21 5:0 p.m.31 views

CVE-2009-2474

neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate...

6.3AI score0.00595EPSS
Exploits0References13
CVE
CVEadded 2009/08/21 5:0 p.m.100 views

CVE-2009-2474

CVE-2009-2474 affects neon prior to 0.28.6 when using OpenSSL or GnuTLS. The root cause is improper handling of a '\0' character in the domain name in the X.509 certificate CN field, enabling MITM spoofing of SSL servers via a certificate issued by a legitimate CA. Impact per the entry is partial...

5.8CVSS6AI score0.00595EPSS
Exploits0References13Affected Software1
Debian CVE
Debian CVEadded 2009/08/21 5:0 p.m.33 views

CVE-2009-2474

neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate...

5.8CVSS8.4AI score0.00595EPSS
Exploits0
UbuntuCve
UbuntuCveadded 2009/08/21 12:0 a.m.29 views

CVE-2009-2474

neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate...

5.8CVSS6AI score0.00595EPSS
Exploits0References2
securityvulns
securityvulnsadded 2009/08/20 12:0 a.m.55 views

GnuTLS library certificate spoofing

It's possible to spoof cerificate name with NULL byte; weak MD2-hashed signatures are accepted...

7.5CVSS1.6AI score0.02695EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessusadded 2009/08/20 12:0 a.m.37 views

FreeBSD : GnuTLS -- multiple vulnerabilities (b31a1088-460f-11de-a11a-0022156e8794)

SecurityFocus reports : GnuTLS is prone to multiple remote vulnerabilities : - A remote code-execution vulnerability. - A denial-of-service vulnerability. - A signature-generation vulnerability. - A signature-verification vulnerability. An attacker can exploit these issues to potentially execute...

7.5CVSS5.7AI score0.17762EPSS
Exploits9References7
Tenable Nessus
Tenable Nessusadded 2009/08/20 12:0 a.m.33 views

Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : gnutls12, gnutls13, gnutls26 vulnerabilities (USN-809-1)

Moxie Marlinspike and Dan Kaminsky independently discovered that GnuTLS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications...

7.5CVSS6.2AI score0.02695EPSS
Exploits1References4
Tenable Nessus
Tenable Nessusadded 2009/08/20 12:0 a.m.40 views

FreeBSD : GnuTLS -- improper SSL certificate verification (856a6f84-8b30-11de-8062-00e0815b8da8)

GnuTLS reports : By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS into 1 not printing the entire CN/SAN field value when printing a certificate and 2 cause incorrect positive matches when matching a hostname against a certificate. %NASLMINLEVEL 70300 C Tenable Network Security...

7.5CVSS5.5AI score0.02695EPSS
Exploits0References3
securityvulns
securityvulnsadded 2009/08/20 12:0 a.m.74 views

[USN-809-1] GnuTLS vulnerabilities

=========================================================== Ubuntu Security Notice USN-809-1 August 19, 2009 gnutls12, gnutls13, gnutls26 vulnerabilities CVE-2009-2409, CVE-2009-2730, https://launchpad.net/bugs/305264 =========================================================== A security issue...

7.5CVSS6.3AI score0.02695EPSS
Exploits1
Ubuntu
Ubuntuadded 2009/08/19 10:43 p.m.72 views

USN-809-1: GnuTLS vulnerabilities

Moxie Marlinspike and Dan Kaminsky independently discovered that GnuTLS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications...

7.5CVSS6.5AI score0.02695EPSS
Exploits0References1
NVD
NVDadded 2009/08/12 10:30 a.m.19 views

CVE-2009-2730

libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's 1 Common Name CN or 2 Subject Alternative Name SAN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued b...

7.5CVSS5.9AI score0.02695EPSS
Exploits0References13
Prion
Prionadded 2009/08/12 10:30 a.m.17 views

Design/Logic Flaw

libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's 1 Common Name CN or 2 Subject Alternative Name SAN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued b...

7.5CVSS6.4AI score0.02695EPSS
Exploits0References13Affected Software1
Rows per page
Query Builder