254 matches found
CVE-2025-55082
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in nxsecuretlsprocessclienthello because of a missing validation of PSK length provided in the user message...
EUVD-2025-34607
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in nxsecuretlsprocessclienthello because of a missing validation of PSK length provided in the user message...
CVE-2025-55082 Potential out of bound read and info leak in_nx_secure_tls_psk_identity_find()
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in nxsecuretlsprocessclienthello because of a missing validation of PSK length provided in the user message...
CVE-2025-55082
NetX Duo (Eclipse Foundation ThreadX) before 6.4.4 is affected by an out-of-bounds read in _nx_secure_tls_process_clienthello() due to missing validation of PSK length in the user message. This is described across multiple sources (NVD, Red Hat, OSV, CVE lists, CNNVD). The impact is a potential i...
CVE-2025-55081 Potential out of bound read in _nx_secure_tls_process_clienthello()
In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the nxsecuretlsprocessclienthello function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method length. In case of an attacker-crafted message with values outside o...
CVE-2025-55081
CVE-2025-55081 affects Eclipse Foundation NextX Duo (ThreadX module) prior to version 6.4.4. The vulnerability is in the _nx_secure_tls_process_clienthello() function, which omits length verification for certain SSL/TLS client_hello fields (ciphersuite length and compression method length). Attac...
EUVD-2006-4897
Malware in sbrugna...
EUVD-2025-26617
Malicious code in bioql PyPI...
EUVD-2024-20124
Malicious code in bioql PyPI...
EUVD-2024-51961
Malicious code in bioql PyPI...
EUVD-2022-41718
Malicious code in bioql PyPI...
CVE-2025-52494
Adacore Ada Web Server AWS before 25.2 is vulnerable to a denial-of-service DoS condition due to improper handling of SSL handshakes during connection initialization. When a client initiates an HTTPS connection, the server performs the SSL handshake before assigning the connection to a processing...
CVE-2025-52494
The CVE-2025-52494 entry describes a DoS flaw in Adacore Ada Web Server (AWS) prior to 25.2: during SSL/TLS handshake, there is no specific timeout and the server waits indefinitely for a malformed TLS ClientHello, tying up a worker thread and allowing exhaustion of threads up to the server’s lim...
CVE-2025-52494
Adacore Ada Web Server AWS before 25.2 is vulnerable to a denial-of-service DoS condition due to improper handling of SSL handshakes during connection initialization. When a client initiates an HTTPS connection, the server performs the SSL handshake before assigning the connection to a processing...
PT-2025-35816
Name of the Vulnerable Software and Affected Versions: Adacore Ada Web Server AWS versions prior to 25.2 Description: The Adacore Ada Web Server AWS is susceptible to a denial-of-service DoS condition resulting from improper handling of SSL handshakes during connection initialization. The server...
CVE-2025-52494
Adacore Ada Web Server AWS before 25.2 is vulnerable to a denial-of-service DoS condition due to improper handling of SSL handshakes during connection initialization. When a client initiates an HTTPS connection, the server performs the SSL handshake before assigning the connection to a processing...
SUSE-SU-2025:20563-1 Security update for gnutls
This update for gnutls fixes the following issues: - CVE-2025-32988: Fixed double-free due to incorrect ownership handling bsc1246232 - CVE-2025-32989: Fixed heap buffer overread during X.509 certificate parsing bsc1246233 - CVE-2025-32990: Fixed 1-byte heap buffer overflow when parsing templates...
Security update for gnutls
This update for gnutls fixes the following issues: CVE-2025-32988: Fixed double-free due to incorrect ownership handling bsc1246232 CVE-2025-32989: Fixed heap buffer overread during X.509 certificate parsing bsc1246233 CVE-2025-32990: Fixed 1-byte heap buffer overflow when parsing templates with...
Linux Distros Unpatched Vulnerability : CVE-2024-23744
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions. CVE-2024-23744 Note...
Linux Distros Unpatched Vulnerability : CVE-2024-30166
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can cause information disclosure or a denial of service because of a stack buffer over-read of...