Search CVE reports

Toggle filters

41 – 50 of 55 results

CVE-2015-0294

Low priority

Some fixes available 13 of 15

GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.

2 affected packages

gnutls26, gnutls28

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
gnutls26 Not in release
gnutls28 Fixed
Show less packages

CVE-2014-8155

Low priority
Fixed

GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2)...

2 affected packages

gnutls26, gnutls28

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
gnutls26
gnutls28
Show less packages

CVE-2014-8564

Medium priority

Some fixes available 10 of 11

The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1)...

2 affected packages

gnutls26, gnutls28

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
gnutls26 Not in release
gnutls28 Fixed
Show less packages

CVE-2014-3465

Medium priority
Ignored

The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related...

2 affected packages

gnutls26, gnutls28

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
gnutls26 Not in release
gnutls28 Not affected
Show less packages

CVE-2014-3466

Medium priority

Some fixes available 7 of 8

Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or...

2 affected packages

gnutls28, gnutls26

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
gnutls28
gnutls26
Show less packages

CVE-2014-0092

Medium priority

Some fixes available 6 of 9

lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a...

2 affected packages

gnutls26, gnutls28

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
gnutls26
gnutls28
Show less packages

CVE-2014-1959

Medium priority

Some fixes available 5 of 8

lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a...

2 affected packages

gnutls26, gnutls28

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
gnutls26
gnutls28
Show less packages

CVE-2013-4487

Medium priority
Ignored

Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four...

1 affected package

gnutls28

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
gnutls28
Show less packages

CVE-2013-4466

Medium priority
Ignored

Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more...

2 affected packages

gnutls26, gnutls28

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
gnutls26
gnutls28
Show less packages

CVE-2007-6755

Low priority
Ignored

The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might...

10 affected packages

openssl, mbedtls, openssl098, bouncycastle, gnutls26...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openssl Not affected
mbedtls Not affected
openssl098 Not in release
bouncycastle Not affected
gnutls26 Not in release
gnutls28 Not affected
libgcrypt11 Not in release
nss Not affected
polarssl Not in release
python-crypto Not affected
Show all 10 packages Show less packages
  1. Previous page
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. Next page
Export to JSON