CVE-2020-11501

HIGH Year: 2020
CVSS v3 Score
7.4
High
CVSS v2 Score
5.8
Medium
Weakness Type
CWE-330
View all →

Vulnerability Description

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.

Related Vulnerabilities

CVE-2017-17704

HIGH
CVSS:7.4(High)

A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and...

CWE-3302017

CVE-2019-19135

HIGH
CVSS:7.4(High)

In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle atta...

CWE-3302019

CVE-2020-25705

HIGH
CVSS:7.4(High)

A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Softw...

CWE-3302020

CVE-2021-20322

HIGH
CVSS:7.4(High)

A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw all...

CWE-3302021

CVE-2023-20185

HIGH
CVSS:7.4(High)

A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersi...

CWE-3302023

CVE-2008-0087

HIGH
CVSS:7.5(High)

The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.

CWE-3302008