Lucene search
K

73 matches found

Cvelist
Cvelist
added 2012/03/13 10:0 p.m.21 views

CVE-2012-1663

Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted certificate list...

7.2AI score0.05236EPSS
Exploits4References3
Debian CVE
Debian CVE
added 2012/03/13 10:0 p.m.32 views

CVE-2012-1663

Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted certificate list...

7.5CVSS7.2AI score0.05236EPSS
Exploits4
CVE
CVE
added 2012/03/13 10:0 p.m.57 views

CVE-2012-1663

CVE-2012-1663 describes a double-free vulnerability in libgnutls (GnuTLS) before 3.0.14, allowing remote attackers to cause a denial of service (application crash) or potentially other impact via a crafted certificate list. Public references show exploits and advisories: exploitation activity exi...

7.5CVSS7.4AI score0.05236EPSS
Exploits4References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2011/05/05 12:0 a.m.51 views

openSUSE Security Update : gnutls (openSUSE-SU-2010:1025-1)

The SSL-renegotiation 'authentication gap' has been fixed in gnutls. CVE-2009-3555 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update gnutls-3388. The text...

9.8CVSS7.8AI score0.87264EPSS
Exploits14References3
Tenable Nessus
Tenable Nessus
added 2011/05/05 12:0 a.m.47 views

openSUSE Security Update : gnutls (openSUSE-SU-2010:1025-2)

This update fixes the safe renegotiation testing code which was missing in the previous update for CVE-2009-3555. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update gnutls-3647. The text...

9.8CVSS7.7AI score0.87264EPSS
Exploits14References3
Tenable Nessus
Tenable Nessus
added 2010/02/15 12:0 a.m.25 views

openSUSE Security Update : gnutls (gnutls-1938)

gnutls did not properly handle embedded '\0' characters in x509 certificates. Attackers using specially crafted certificates could exploit that to conduct man-in-the-middle attacks CVE-2009-2730. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

7.5CVSS5.5AI score0.02151EPSS
Exploits0References2
NVD
NVD
added 2009/08/12 10:30 a.m.21 views

CVE-2009-2730

libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's 1 Common Name CN or 2 Subject Alternative Name SAN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued b...

7.5CVSS5.9AI score0.02151EPSS
Exploits0References13
Prion
Prion
added 2009/08/12 10:30 a.m.19 views

Design/Logic Flaw

libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's 1 Common Name CN or 2 Subject Alternative Name SAN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued b...

7.5CVSS6.4AI score0.02151EPSS
Exploits0References13Affected Software1
Cvelist
Cvelist
added 2009/08/12 10:0 a.m.25 views

CVE-2009-2730

libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's 1 Common Name CN or 2 Subject Alternative Name SAN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued b...

5.6AI score0.02151EPSS
Exploits0References13
CVE
CVE
added 2009/08/12 10:0 a.m.107 views

CVE-2009-2730

CVE-2009-2730 affects GnuTLS libgnutls where a NULL character in a domain name (CN or SAN) of an X.509 certificate is not handled correctly, enabling MITM spoofing of SSL servers if a crafted cert from a trusted CA is issued. Affected product/version: libgnutls in GnuTLS prior to 2.8.2. Impact: p...

7.5CVSS5.5AI score0.02151EPSS
Exploits0References13Affected Software1
UbuntuCve
UbuntuCve
added 2009/08/12 12:0 a.m.31 views

CVE-2009-2730

libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's 1 Common Name CN or 2 Subject Alternative Name SAN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued b...

7.5CVSS6.4AI score0.02151EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2009/05/19 12:0 a.m.34 views

Mandriva Linux Security Advisory : gnutls (MDVSA-2009:116)

Multiple vulnerabilities has been found and corrected in gnutls : lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service application crash and possibly have unspecified other impact via a...

7.5CVSS5.7AI score0.07922EPSS
Exploits9References3
UbuntuCve
UbuntuCve
added 2009/04/30 8:30 p.m.32 views

CVE-2009-1415

lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service application crash and possibly have unspecified other impact via a malformed DSA key that triggers a 1 free of an uninitialized pointe...

4.3CVSS5.9AI score0.07922EPSS
Exploits5References3
NVD
NVD
added 2009/04/30 8:30 p.m.19 views

CVE-2009-1415

lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service application crash and possibly have unspecified other impact via a malformed DSA key that triggers a 1 free of an uninitialized pointe...

4.3CVSS7AI score0.07922EPSS
Exploits5References13
Prion
Prion
added 2009/04/30 8:30 p.m.18 views

Double free

lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service application crash and possibly have unspecified other impact via a malformed DSA key that triggers a 1 free of an uninitialized pointe...

4.3CVSS7.6AI score0.07922EPSS
Exploits5References13Affected Software1
Cvelist
Cvelist
added 2009/04/30 8:0 p.m.27 views

CVE-2009-1416

lib/gnutlspk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key...

6.5AI score0.03901EPSS
Exploits5References9
Cvelist
Cvelist
added 2009/04/30 8:0 p.m.27 views

CVE-2009-1415

lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service application crash and possibly have unspecified other impact via a malformed DSA key that triggers a 1 free of an uninitialized pointe...

6.9AI score0.07922EPSS
Exploits5References13
CVE
CVE
added 2009/04/30 8:0 p.m.66 views

CVE-2009-1415

CVE-2009-1415 affects GnuTLS up to version 2.6.5 (fixed in 2.6.6). The flaw resides in lib/pk-libgcrypt.c within libgnutls, which mishandles invalid DSA signatures. A malformed DSA key can trigger a denial of service (application crash) and may cause additional impact, including a free of an unin...

4.3CVSS7AI score0.07922EPSS
Exploits5References13Affected Software1
CVE
CVE
added 2009/04/30 8:0 p.m.61 views

CVE-2009-1416

GnuTLS CVE-2009-1416 affects GnuTLS 2.5.0–2.6.5: libgnutls/libgnutls_pk.c generates RSA keys and stores them in DSA structures, enabling remote attackers to spoof certificate signatures or cause unspecified impact via an invalid DSA key. Connected documents reference CVE IDs and advisories; no im...

7.5CVSS6.6AI score0.03901EPSS
Exploits5References9Affected Software1
exploitpack
exploitpack
added 2009/04/30 12:0 a.m.23 views

GnuTLS 2.6.x - libgnutls libgnutls_pk.c DSA Key Storage Remote Spoofing

GnuTLS 2.6.x - libgnutls libgnutlspk.c DSA Key Storage Remote Spoofing // source: https://www.securityfocus.com/bid/34783/info GnuTLS is prone to multiple remote vulnerabilities: - A remote code-execution vulnerability - A denial-of-service vulnerability - A signature-generation vulnerability - A...

7.5CVSS0.3AI score0.03901EPSS
Exploits5
Rows per page
Query Builder