CVSS: 5.9EPSS: 0%CPEs: 56EXPL: 0CVE-2012-0390
https://notcve.org/view.php?id=CVE-2012-0390
06 Jan 2012 — The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108. La implementación DTLS en GnuTLS v3.0.10 y anteriores ejecuta codigo de gestion de errores sólo si existe una relación específica entre la longitud de relleno y el tamaño del texto cifrado, l... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 3%CPEs: 21EXPL: 6CVE-2009-3555 – Mozilla NSS - NULL Character CA SSL Certificate Validation Security Bypass
https://notcve.org/view.php?id=CVE-2009-3555
09 Nov 2009 — The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other... • https://www.exploit-db.com/exploits/10071 • CWE-295: Improper Certificate Validation CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 7.5EPSS: 0%CPEs: 121EXPL: 0CVE-2009-2730 – gnutls: incorrect verification of SSL certificate with NUL in name (GNUTLS-SA-2009-4)
https://notcve.org/view.php?id=CVE-2009-2730
12 Aug 2009 — libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. libgnutls en GnuTLS versiones anteriores a v2.8.2 no gestiona adecuadamente un carácter '\0' en el nombre de dominio en los campos de identificación (1) Common Name (C... • http://article.gmane.org/gmane.network.gnutls.general/1733 • CWE-310: Cryptographic Issues •