Writeup Exploits

60,708 exploits tracked across all sources.

Sort: Activity Stars
CVE-2014-8155 WRITEUP
GnuTLS < 2.9.10 - Certificate Validation Bypass via Invalid CA Certificate Dates
GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.
CVE-2024-0567 WRITEUP HIGH
GnuTLS >=3.7.0 <3.8.3 - Denial of Service via Certificate Chain Validation
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.
CVSS 7.5
CVE-2024-0553 WRITEUP HIGH
GnuTLS - Timing Side-Channel Attack
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
CVSS 7.5
CVE-2023-0361 WRITEUP HIGH
GnuTLS - Timing Side-Channel in RSA ClientKeyExchange Handling
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.
CVSS 7.4
CVE-2021-4209 WRITEUP MEDIUM
GnuTLS < 3.7.3 - Denial of Service via Zero-Length Input to Hash Update
A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.
CVSS 6.5
CVE-2021-4209 WRITEUP MEDIUM
GnuTLS < 3.7.3 - Denial of Service via Zero-Length Input to Hash Update
A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.
CVSS 6.5
CVE-2020-24659 WRITEUP HIGH
GnuTLS <3.6.15 - NULL Pointer Dereference
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.
CVSS 7.5
CVE-2020-11501 WRITEUP HIGH
GnuTLS <3.6.13 - Cryptographic Error
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.
CVSS 7.4
CVE-2019-3836 WRITEUP MEDIUM
gnutls 3.6.3-3.6.6 - Denial of Service via Post-Handshake Message Handling
It was discovered in gnutls before version 3.6.7 upstream that there is an uninitialized pointer access in gnutls versions 3.6.3 or later which can be triggered by certain post-handshake messages.
CVSS 5.9
CVE-2019-3829 WRITEUP MEDIUM
GnuTLS 3.5.8-3.6.6 - Memory Corruption via Certificate Verification API
A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected.
CVSS 5.3
CVE-2018-10846 WRITEUP MEDIUM
GnuTLS < 3.6.12 - Plain Text Recovery via Cache-Based Side Channel
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.
CVSS 5.6
CVE-2018-10845 WRITEUP MEDIUM
GnuTLS < 3.6.12 - Timing Side-Channel Attack via HMAC-SHA-384
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.
CVSS 5.9
CVE-2018-10844 WRITEUP MEDIUM
GnuTLS < 3.6.12 - Timing Side-Channel Attack via HMAC-SHA-256
It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.
CVSS 5.9
CVE-2017-7869 WRITEUP HIGH
GnuTLS < 3.5.9 - Out-of-bounds Write via cdk_pkt_read Integer Overflow
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10.
CVSS 7.5
CVE-2017-5337 WRITEUP CRITICAL
GnuTLS <3.3.26, <3.5.8 - Buffer Overflow
Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.
CVSS 9.8
CVE-2017-5336 WRITEUP CRITICAL
GnuTLS <3.3.26, <3.5.8 - Buffer Overflow
Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.
CVSS 9.8
CVE-2017-5335 WRITEUP HIGH
GnuTLS <3.3.26, <3.5.8 - DoS
The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.
CVSS 7.5
CVE-2017-5334 WRITEUP CRITICAL
GnuTLS <3.3.26, <3.5.8 - Use After Free
Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.
CVSS 9.8
CVE-2016-7444 WRITEUP HIGH
GnuTLS < 3.4.15 and 3.5.x < 3.5.4 - Certificate Validation Bypass via OCSP Response Serial Length
The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.
CVSS 7.5
CVE-2015-0294 WRITEUP HIGH
GnuTLS < 3.3.13 - Improper Certificate Validation
GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.
CVSS 7.5
CVE-2017-8778 WRITEUP MEDIUM
GitLab < 8.14.9, 8.15.x < 8.15.6, 8.16.x < 8.16.5 - Stored Cross-Site Scripting via SVG Attachment or Avatar
GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.
CVSS 6.1
CVE-2018-12088 WRITEUP HIGH
S3QL <2.27 - Info Disclosure
S3QL before 2.27 mishandles checksumming, and consequently allows replay attacks in which an attacker who controls the backend can present old versions of the filesystem metadata database as up-to-date, temporarily inject zero-valued bytes into files, or temporarily hide parts of files. This is related to the checksum_basic_mapping function.
CVSS 7.5
CVE-2018-16051 WRITEUP MEDIUM
GitLab 8.10.0-11.0.5, 11.1.0-11.1.4, 11.2.0-11.2.1 - Exposure of Sensitive Information via Orphaned Upload Files
An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Orphaned Upload Files Exposure.
CVSS 6.5
CVE-2018-16050 WRITEUP MEDIUM
GitLab 11.1.x < 11.1.5 and 11.2.x < 11.2.2 - Stored Cross-Site Scripting in Merge Request Changes View
An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.5 and 11.2.x before 11.2.2. There is Persistent XSS in the Merge Request Changes View.
CVSS 6.1
CVE-2018-16049 WRITEUP CRITICAL
GitLab 8.10.0-11.0.5, 11.1.0-11.1.4, 11.2.0-11.2.1 - Sensitive Data Disclosure in Sidekiq Logs
An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Sensitive Data Disclosure in Sidekiq Logs through an Error Message.
CVSS 9.8
By Source
All 60,708 Writeup 60,708 Exploitdb 50,017 Nomisec 22,008 Metasploit 3,235 Github 3,035 Vulncheck_xdb 909 Inthewild 514 Gitlab 461 Gitee 415 Patchapalooza 312
By Language
text 31,348 python 6,251 ruby 5,925 c 3,601 perl 2,849 html 2,057 php 1,327 bash 460 java 364 c++ 253 javascript 221 shell 106 go 65 postscript 25 xml 24