Gnutls

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-03	CVE-2020-11501	Use of Insufficiently Random Values vulnerability in multiple products GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. network high complexity gnu debian opensuse canonical fedoraproject CWE-330	7.4
2020-01-27	CVE-2015-0294	Improper Certificate Validation vulnerability in multiple products GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. network low complexity gnu debian redhat CWE-295	7.5
2019-12-20	CVE-2015-8313	Information Exposure Through Discrepancy vulnerability in multiple products GnuTLS incorrectly validates the first byte of padding in CBC modes network high complexity gnu debian CWE-203	5.9
2019-04-01	CVE-2019-3836	Access of Uninitialized Pointer vulnerability in multiple products It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages. network low complexity gnu fedoraproject opensuse CWE-824	7.5
2019-03-27	CVE-2019-3829	Use After Free vulnerability in multiple products A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. network low complexity gnu fedoraproject CWE-416	7.5
2018-12-03	CVE-2018-16868	Information Exposure Through Discrepancy vulnerability in GNU Gnutls A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. high complexity gnu CWE-203	5.6
2018-08-22	CVE-2018-10846	Covert Timing Channel vulnerability in multiple products A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. local high complexity gnu redhat canonical fedoraproject debian CWE-385	5.6
2018-08-22	CVE-2018-10845	Covert Timing Channel vulnerability in multiple products It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. network high complexity gnu redhat canonical fedoraproject debian CWE-385	5.9
2018-08-22	CVE-2018-10844	Covert Timing Channel vulnerability in multiple products It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. network high complexity gnu redhat canonical fedoraproject debian CWE-385	5.9
2017-08-08	CVE-2016-4456	Improper Input Validation vulnerability in GNU Gnutls 3.4.12 The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem. network low complexity gnu CWE-20	7.5