Vulnerabilities > GNU > Gnutls > 3.1.26

DATE CVE VULNERABILITY TITLE RISK
2024-01-16 CVE-2024-0567 Improper Verification of Cryptographic Signature vulnerability in GNU Gnutls
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust.
network
low complexity
gnu CWE-347
7.5
2024-01-16 CVE-2024-0553 Information Exposure Through Discrepancy vulnerability in multiple products
A vulnerability was found in GnuTLS.
network
low complexity
gnu fedoraproject redhat CWE-203
7.5
2022-08-24 CVE-2021-4209 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference flaw was found in GnuTLS.
network
low complexity
gnu redhat netapp CWE-476
6.5
2022-08-01 CVE-2022-2509 Double Free vulnerability in multiple products
A vulnerability found in gnutls.
network
low complexity
gnu redhat fedoraproject debian CWE-415
7.5
2020-09-04 CVE-2020-24659 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in GnuTLS before 3.6.15.
network
low complexity
gnu fedoraproject opensuse canonical CWE-476
7.5
2020-01-27 CVE-2015-0294 Improper Certificate Validation vulnerability in multiple products
GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.
network
low complexity
gnu debian redhat CWE-295
5.0
2018-12-03 CVE-2018-16868 Information Exposure Through Discrepancy vulnerability in GNU Gnutls
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data.
high complexity
gnu CWE-203
5.6
2018-08-22 CVE-2018-10846 Covert Timing Channel vulnerability in multiple products
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found.
5.6
2018-08-22 CVE-2018-10845 Covert Timing Channel vulnerability in multiple products
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack.
network
high complexity
gnu redhat canonical fedoraproject debian CWE-385
5.9
2018-08-22 CVE-2018-10844 Covert Timing Channel vulnerability in multiple products
It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack.
network
high complexity
gnu redhat canonical fedoraproject debian CWE-385
5.9