Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-11-28	CVE-2023-5981	Information Exposure Through Discrepancy vulnerability in multiple products A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. network high complexity gnu redhat fedoraproject CWE-203	5.9
2022-08-24	CVE-2021-4209	NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was found in GnuTLS. network low complexity gnu redhat netapp CWE-476	6.5
2020-01-27	CVE-2015-0294	Improper Certificate Validation vulnerability in multiple products GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. network low complexity gnu debian redhat CWE-295	5.0
2019-12-20	CVE-2015-8313	Information Exposure Through Discrepancy vulnerability in multiple products GnuTLS incorrectly validates the first byte of padding in CBC modes network gnu debian CWE-203	4.3
2018-12-03	CVE-2018-16868	Information Exposure Through Discrepancy vulnerability in GNU Gnutls A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. high complexity gnu CWE-203	5.6
2018-08-22	CVE-2018-10846	Covert Timing Channel vulnerability in multiple products A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. local high complexity gnu redhat canonical fedoraproject debian CWE-385	5.6
2018-08-22	CVE-2018-10845	Covert Timing Channel vulnerability in multiple products It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. network high complexity gnu redhat canonical fedoraproject debian CWE-385	5.9
2018-08-22	CVE-2018-10844	Covert Timing Channel vulnerability in multiple products It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. network high complexity gnu redhat canonical fedoraproject debian CWE-385	5.9
2017-06-16	CVE-2017-7507	NULL Pointer Dereference vulnerability in GNU Gnutls GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. network low complexity gnu CWE-476	5.0
2017-04-14	CVE-2017-7869	Out-of-bounds Write vulnerability in GNU Gnutls GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. network low complexity gnu CWE-787	5.0