Lucene search
K

254 matches found

NVD
NVD
added 2025/10/15 11:15 a.m.4 views

CVE-2025-55082

In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in nxsecuretlsprocessclienthello because of a missing validation of PSK length provided in the user message...

6.9CVSS0.00234EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/15 11:3 a.m.7 views

EUVD-2025-34607

In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in nxsecuretlsprocessclienthello because of a missing validation of PSK length provided in the user message...

6.9CVSS6.2AI score0.00234EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/15 11:3 a.m.3 views

CVE-2025-55082 Potential out of bound read and info leak in_nx_secure_tls_psk_identity_find()

In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in nxsecuretlsprocessclienthello because of a missing validation of PSK length provided in the user message...

6.9CVSS6.3AI score0.00234EPSS
Exploits0References1
CVE
CVE
added 2025/10/15 11:3 a.m.19 views

CVE-2025-55082

NetX Duo (Eclipse Foundation ThreadX) before 6.4.4 is affected by an out-of-bounds read in _nx_secure_tls_process_clienthello() due to missing validation of PSK length in the user message. This is described across multiple sources (NVD, Red Hat, OSV, CVE lists, CNNVD). The impact is a potential i...

6.9CVSS6.3AI score0.00234EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/15 10:46 a.m.3 views

CVE-2025-55081 Potential out of bound read in _nx_secure_tls_process_clienthello()

In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the nxsecuretlsprocessclienthello function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method length. In case of an attacker-crafted message with values outside o...

6.9CVSS6.5AI score0.00345EPSS
Exploits0References1
CVE
CVE
added 2025/10/15 10:46 a.m.20 views

CVE-2025-55081

CVE-2025-55081 affects Eclipse Foundation NextX Duo (ThreadX module) prior to version 6.4.4. The vulnerability is in the _nx_secure_tls_process_clienthello() function, which omits length verification for certain SSL/TLS client_hello fields (ciphersuite length and compression method length). Attac...

9.1CVSS6.5AI score0.00345EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2006-4897

Malware in sbrugna...

5CVSS6.4AI score0.03511EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-26617

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00331EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-20124

Malicious code in bioql PyPI...

9.1CVSS6.6AI score0.00582EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-51961

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00468EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2022-41718

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.04343EPSS
Exploits2References6
NVD
NVD
added 2025/09/03 6:15 p.m.12 views

CVE-2025-52494

Adacore Ada Web Server AWS before 25.2 is vulnerable to a denial-of-service DoS condition due to improper handling of SSL handshakes during connection initialization. When a client initiates an HTTPS connection, the server performs the SSL handshake before assigning the connection to a processing...

7.5CVSS0.00331EPSS
Exploits0References2
CVE
CVE
added 2025/09/03 12:0 a.m.20 views

CVE-2025-52494

The CVE-2025-52494 entry describes a DoS flaw in Adacore Ada Web Server (AWS) prior to 25.2: during SSL/TLS handshake, there is no specific timeout and the server waits indefinitely for a malformed TLS ClientHello, tying up a worker thread and allowing exhaustion of threads up to the server’s lim...

7.5CVSS6.3AI score0.00331EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/03 12:0 a.m.6 views

CVE-2025-52494

Adacore Ada Web Server AWS before 25.2 is vulnerable to a denial-of-service DoS condition due to improper handling of SSL handshakes during connection initialization. When a client initiates an HTTPS connection, the server performs the SSL handshake before assigning the connection to a processing...

6.3AI score0.00331EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/03 12:0 a.m.8 views

PT-2025-35816

Name of the Vulnerable Software and Affected Versions: Adacore Ada Web Server AWS versions prior to 25.2 Description: The Adacore Ada Web Server AWS is susceptible to a denial-of-service DoS condition resulting from improper handling of SSL handshakes during connection initialization. The server...

7.5CVSS6.4AI score0.00331EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/09/03 12:0 a.m.9 views

CVE-2025-52494

Adacore Ada Web Server AWS before 25.2 is vulnerable to a denial-of-service DoS condition due to improper handling of SSL handshakes during connection initialization. When a client initiates an HTTPS connection, the server performs the SSL handshake before assigning the connection to a processing...

0.00331EPSS
Exploits0References2
OSV
OSV
added 2025/08/20 11:55 a.m.4 views

SUSE-SU-2025:20563-1 Security update for gnutls

This update for gnutls fixes the following issues: - CVE-2025-32988: Fixed double-free due to incorrect ownership handling bsc1246232 - CVE-2025-32989: Fixed heap buffer overread during X.509 certificate parsing bsc1246233 - CVE-2025-32990: Fixed 1-byte heap buffer overflow when parsing templates...

8.2CVSS6.8AI score0.01185EPSS
Exploits0References9
SUSE Linux
SUSE Linux
added 2025/08/20 11:49 a.m.3 views

Security update for gnutls

This update for gnutls fixes the following issues: CVE-2025-32988: Fixed double-free due to incorrect ownership handling bsc1246232 CVE-2025-32989: Fixed heap buffer overread during X.509 certificate parsing bsc1246233 CVE-2025-32990: Fixed 1-byte heap buffer overflow when parsing templates with...

9.2CVSS6.9AI score0.01185EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-23744

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions. CVE-2024-23744 Note...

7.5CVSS7.2AI score0.00685EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2024-30166

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can cause information disclosure or a denial of service because of a stack buffer over-read of...

9.1CVSS6AI score0.0073EPSS
Exploits0References2
Rows per page
Query Builder