Search CVE reports
11 – 19 of 19 results
CVE-2009-1417
Low prioritygnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid,...
4 affected packages
gnutls11, gnutls12, gnutls13, gnutls26
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnutls11 | — | — | — | — | — |
| gnutls12 | — | — | — | — | — |
| gnutls13 | — | — | — | — | — |
| gnutls26 | — | — | — | — | — |
CVE-2009-1416
Medium prioritylib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified...
4 affected packages
gnutls11, gnutls12, gnutls13, gnutls26
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnutls11 | — | — | — | — | — |
| gnutls12 | — | — | — | — | — |
| gnutls13 | — | — | — | — | — |
| gnutls26 | — | — | — | — | — |
CVE-2009-1415
Medium prioritylib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via...
4 affected packages
gnutls11, gnutls12, gnutls13, gnutls26
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnutls11 | — | — | — | — | — |
| gnutls12 | — | — | — | — | — |
| gnutls13 | — | — | — | — | — |
| gnutls26 | — | — | — | — | — |
CVE-2008-4989
Medium prioritySome fixes available 4 of 5
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows...
4 affected packages
gnutls11, gnutls12, gnutls13, gnutls26
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnutls11 | — | — | — | — | — |
| gnutls12 | — | — | — | — | — |
| gnutls13 | — | — | — | — | — |
| gnutls26 | — | — | — | — | — |
CVE-2008-2377
Low priorityUse-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly...
3 affected packages
gnutls12, gnutls13, gnutls26
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnutls12 | — | — | — | — | — |
| gnutls13 | — | — | — | — | — |
| gnutls26 | — | — | — | — | — |
CVE-2008-1950
Medium priorityInteger signedness error in the _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4 allows remote attackers to cause a denial of service (buffer over-read and crash) via a certain...
3 affected packages
gnutls12, gnutls13, gnutls26
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnutls12 | — | — | — | — | — |
| gnutls13 | — | — | — | — | — |
| gnutls26 | — | — | — | — | — |
CVE-2008-1949
Medium priorityThe _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows...
3 affected packages
gnutls12, gnutls13, gnutls26
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnutls12 | — | — | — | — | — |
| gnutls13 | — | — | — | — | — |
| gnutls26 | — | — | — | — | — |
CVE-2008-1948
Medium priorityThe _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension...
3 affected packages
gnutls12, gnutls13, gnutls26
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnutls12 | — | — | — | — | — |
| gnutls13 | — | — | — | — | — |
| gnutls26 | — | — | — | — | — |
CVE-2006-4790
Unknown priorityverify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5...
3 affected packages
gnutls11, gnutls12, gnutls13
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnutls11 | — | — | — | — | — |
| gnutls12 | — | — | — | — | — |
| gnutls13 | — | — | — | — | — |