3.6.5

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-16	CVE-2024-0567	Improper Verification of Cryptographic Signature vulnerability in GNU Gnutls A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. network low complexity gnu CWE-347	7.5
2024-01-16	CVE-2024-0553	Information Exposure Through Discrepancy vulnerability in multiple products A vulnerability was found in GnuTLS. network low complexity gnu fedoraproject redhat CWE-203	7.5
2022-08-24	CVE-2021-4209	NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was found in GnuTLS. network low complexity gnu redhat netapp CWE-476	6.5
2022-08-01	CVE-2022-2509	Double Free vulnerability in multiple products A vulnerability found in gnutls. network low complexity gnu redhat fedoraproject debian CWE-415	7.5
2020-09-04	CVE-2020-24659	NULL Pointer Dereference vulnerability in multiple products An issue was discovered in GnuTLS before 3.6.15. network low complexity gnu fedoraproject opensuse canonical CWE-476	7.5
2020-06-04	CVE-2020-13777	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). network high complexity gnu fedoraproject canonical debian CWE-327	7.4
2020-04-03	CVE-2020-11501	Use of Insufficiently Random Values vulnerability in multiple products GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. network high complexity gnu debian opensuse canonical fedoraproject CWE-330	7.4
2019-04-01	CVE-2019-3836	Access of Uninitialized Pointer vulnerability in multiple products It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages. network low complexity gnu fedoraproject opensuse CWE-824	7.5
2019-03-27	CVE-2019-3829	Use After Free vulnerability in multiple products A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. network low complexity gnu fedoraproject CWE-416	7.5
2018-08-22	CVE-2018-10846	Covert Timing Channel vulnerability in multiple products A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. local high complexity gnu redhat canonical fedoraproject debian CWE-385	5.6