gnutls (SUSE:Linux Enterprise Module for Basesystem 15) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Basesystem 15 package gnutls, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (8)
CVE-2017-10790 — CVSS 7.5 (high): The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input…
CVE-2019-3836 — CVSS 5.9 (medium): It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later…
CVE-2018-10845 — CVSS 5.9 (medium): It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use…
CVE-2018-10844 — CVSS 5.9 (medium): It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use…
CVE-2018-16868 — CVSS 5.6 (medium): A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1…
CVE-2018-10846 — CVSS 5.6 (medium): A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker…
CVE-2019-3880 — CVSS 5.4 (medium): A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could…
CVE-2019-3829 — CVSS 5.3 (medium): A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate…