Vulnerabilities > GNU > Gnutls > High

DATE CVE VULNERABILITY TITLE RISK
2024-01-16 CVE-2024-0567 Improper Verification of Cryptographic Signature vulnerability in GNU Gnutls
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust.
network
low complexity
gnu CWE-347
7.5
7.5
2024-01-16 CVE-2024-0553 Information Exposure Through Discrepancy vulnerability in multiple products
A vulnerability was found in GnuTLS.
network
low complexity
gnu fedoraproject redhat CWE-203
7.5
7.5
2023-02-15 CVE-2023-0361 Information Exposure Through Discrepancy vulnerability in multiple products
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS.
network
high complexity
gnu redhat debian fedoraproject netapp CWE-203
7.4
7.4
2022-08-01 CVE-2022-2509 Double Free vulnerability in multiple products
A vulnerability found in gnutls.
network
low complexity
gnu redhat fedoraproject debian CWE-415
7.5
7.5
2020-09-04 CVE-2020-24659 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in GnuTLS before 3.6.15.
network
low complexity
gnu fedoraproject opensuse canonical CWE-476
7.5
7.5
2020-06-04 CVE-2020-13777 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3).
network
high complexity
gnu fedoraproject canonical debian CWE-327
7.4
7.4
2020-04-03 CVE-2020-11501 Use of Insufficiently Random Values vulnerability in multiple products
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS.
network
high complexity
gnu debian opensuse canonical fedoraproject CWE-330
7.4
7.4
2019-04-01 CVE-2019-3836 Access of Uninitialized Pointer vulnerability in multiple products
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
network
low complexity
gnu fedoraproject opensuse CWE-824
7.5
7.5
2019-03-27 CVE-2019-3829 Use After Free vulnerability in multiple products
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7.
network
low complexity
gnu fedoraproject CWE-416
7.5
7.5
2017-03-24 CVE-2017-5337 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.
network
low complexity
opensuse gnu CWE-119
7.5
7.5