CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

7.5CVSS6.8AI score0.00628EPSS

Siemens SIMATIC S7-1500 Double Free (CVE-2022-2509)

A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutlspkcs7verify function. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Tenable Nessus•added 2025/11/13 12:0 a.m.•3 views

Siemens SIMATIC S7-1500 Exposure of Sensitive Information to an Unauthorized Actor (CVE-2024-28834)

A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLSPRIVKEYFLAGREPRODUCIBLE flag, it can result in a noticeable step in nonce...

5.3CVSS6.6AI score0.02116EPSS

Exploits0References3

Tenable Nessus•added 2025/11/13 12:0 a.m.•1 views

Siemens SIMATIC S7-1500 and Ruggedcom ROX Devices Inefficient Algorithmic Complexity (CVE-2024-12243)

A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially...

5.3CVSS6.6AI score0.01227EPSS

7.4CVSS6.8AI score0.11487EPSS

Siemens SIMATIC S7-1500 Use of Insufficiently Random Values (CVE-2020-11501)

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 2018-07-16 because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks...

5CVSS6.6AI score0.00043EPSS

Siemens SIMATIC S7-1500 Uncaught Exception (CVE-2024-28835)

A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the certtool --verify-chain command. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Exploits0References3

9.8CVSS6.6AI score0.01195EPSS

Siemens SIMATIC S7-1500 Use After Free (CVE-2021-20231)

A flaw was found in gnutls. A use after free issue in client sending keyshare extension may lead to memory corruption and other consequences. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

Exploits1References4

Tenable Nessus•added 2025/11/13 12:0 a.m.•6 views

Siemens SIMATIC S7-1500 Improper Certificate Validation (CVE-2025-32989)

A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency CT Signed Certificate Timestamp SCT extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension OID...

5.3CVSS6.3AI score0.00113EPSS

Exploits0References3

9.8CVSS6.6AI score0.00844EPSS

Siemens SIMATIC S7-1500 Use After Free (CVE-2021-20232)

A flaw was found in gnutls. A use after free issue in clientsendparams in lib/ext/presharedkey.c may lead to memory corruption and other potential consequences. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 809...

7.4CVSS6.8AI score0.03615EPSS

Siemens SIMATIC S7-1500 Observable Discrepancy (CVE-2023-0361)

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to...

Exploits1References6

IBM Security Bulletins•added 2025/11/12 7:0 a.m.•7 views

Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana within Instana Agent container image build 1.0.308 Vulnerability Details CVEID:CVE-2025-32990 DESCRIPTION: A heap-buffer-overflow off-by-one flaw was found in the GnuTLS software in the template parsing logic withi...

8.2CVSS5.9AI score0.00292EPSS

Exploits3Affected Software1

8.2CVSS6.4AI score0.00292EPSS

EulerOS 2.0 SP10 : gnutls (EulerOS-SA-2025-2413)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject...

OpenVAS•added 2025/11/12 12:0 a.m.•1 views

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2025-2413)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS7.3AI score0.00292EPSS

8.2CVSS6.3AI score0.00228EPSS

EulerOS 2.0 SP12 : gnutls (EulerOS-SA-2025-2326)

8.2CVSS6.3AI score0.00228EPSS

EulerOS 2.0 SP12 : gnutls (EulerOS-SA-2025-2357)

OpenVAS•added 2025/11/12 12:0 a.m.•2 views

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2025-2357)

8.2CVSS7.1AI score0.00228EPSS

OpenVAS•added 2025/11/12 12:0 a.m.•2 views

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2025-2326)

8.2CVSS7.1AI score0.00228EPSS

OpenVAS•added 2025/11/12 12:0 a.m.•1 views

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2025-2385)

8.2CVSS7.3AI score0.00292EPSS

8.2CVSS6.4AI score0.00292EPSS

EulerOS 2.0 SP10 : gnutls (EulerOS-SA-2025-2385)