Search CVE reports


Toggle filters

41 – 50 of 50 results


CVE-2014-0092

Medium priority

Some fixes available 6 of 9

lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a...

2 affected packages

gnutls26, gnutls28

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls26 Not in release
gnutls28 Not affected
Show less packages

CVE-2014-1959

Medium priority

Some fixes available 5 of 8

lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a...

2 affected packages

gnutls26, gnutls28

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls26 Not in release
gnutls28 Not affected
Show less packages

CVE-2013-4487

Medium priority
Ignored

Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four...

1 affected package

gnutls28

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls28
Show less packages

CVE-2013-4466

Medium priority
Ignored

Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more...

2 affected packages

gnutls26, gnutls28

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls26
gnutls28
Show less packages

CVE-2007-6755

Low priority
Ignored

The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might...

10 affected packages

bouncycastle, gnutls26, gnutls28, libgcrypt11, mbedtls...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
bouncycastle Not affected Not affected
gnutls26 Not in release Not in release
gnutls28 Not affected Not affected
libgcrypt11 Not in release Not in release
mbedtls Not affected Not affected
nss Not affected Not affected
openssl Not affected Not affected
openssl098 Not in release Not in release
polarssl Not in release Not in release
python-crypto Not affected Not affected
Show all 10 packages Show less packages

CVE-2013-2116

Medium priority

Some fixes available 6 of 7

The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an...

2 affected packages

gnutls26, gnutls28

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls26
gnutls28
Show less packages

CVE-2013-1619

Medium priority

Some fixes available 5 of 8

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC...

3 affected packages

gnutls13, gnutls26, gnutls28

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls13 Not in release
gnutls26 Not in release
gnutls28 Not affected
Show less packages

CVE-2012-1573

Medium priority

Some fixes available 11 of 12

gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption...

3 affected packages

gnutls13, gnutls26, gnutls28

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls13 Not in release
gnutls26 Not in release
gnutls28 Not affected
Show less packages

CVE-2012-1663

Low priority
Ignored

Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.

3 affected packages

gnutls13, gnutls26, gnutls28

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls13 Not in release
gnutls26 Not in release
gnutls28 Not affected
Show less packages

CVE-2012-0390

Medium priority
Ignored

The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to...

3 affected packages

gnutls13, gnutls26, gnutls28

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gnutls13
gnutls26
gnutls28
Show less packages