Vulnerabilities > GNU > Gnutls
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-16 | CVE-2024-0567 | Improper Verification of Cryptographic Signature vulnerability in multiple products A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. | 7.5 |
| 2024-01-16 | CVE-2024-0553 | Information Exposure Through Discrepancy vulnerability in multiple products A vulnerability was found in GnuTLS. | 7.5 |
| 2023-11-28 | CVE-2023-5981 | Information Exposure Through Discrepancy vulnerability in multiple products A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. | 5.9 |
| 2023-02-15 | CVE-2023-0361 | Information Exposure Through Discrepancy vulnerability in multiple products A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. | 7.4 |
| 2022-08-24 | CVE-2021-4209 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was found in GnuTLS. | 6.5 |
| 2022-08-01 | CVE-2022-2509 | Double Free vulnerability in multiple products A vulnerability found in gnutls. | 7.5 |
| 2021-03-12 | CVE-2021-20232 | Use After Free vulnerability in multiple products A flaw was found in gnutls. | 9.8 |
| 2021-03-12 | CVE-2021-20231 | Use After Free vulnerability in multiple products A flaw was found in gnutls. | 9.8 |
| 2020-09-04 | CVE-2020-24659 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in GnuTLS before 3.6.15. | 7.5 |
| 2020-06-04 | CVE-2020-13777 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). | 7.4 |