Lucene search
K

12 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2023-25742

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox 110,...

6.5CVSS7AI score0.00648EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/07/06 12:10 a.m.9 views

CVE-2025-49601

A flaw was found in mbedtls. The mbedtlslmsimportpublickey function fails to validate input buffer size before reading a 32-bit field, potentially leading to an out-of-bounds read when processing truncated input. This flaw allows a network-based attacker to trigger this condition by providing a...

6.5CVSS6.3AI score0.00259EPSS
Exploits0References2
OSV
OSV
added 2025/07/04 3:15 p.m.5 views

ALPINE-CVE-2025-49601

In MbedTLS 3.3.0 before 3.6.4, mbedtlslmsimportpublickey does not check that the input buffer is at least 4 bytes before reading a 32-bit field, allowing a possible out-of-bounds read on truncated input. Specifically, an out-of-bounds read in mbedtlslmsimportpublickey allows context-dependent...

6.5CVSS6.8AI score0.00259EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/04 12:0 a.m.4 views

CVE-2025-49601

In MbedTLS 3.3.0 before 3.6.4, mbedtlslmsimportpublickey does not check that the input buffer is at least 4 bytes before reading a 32-bit field, allowing a possible out-of-bounds read on truncated input. Specifically, an out-of-bounds read in mbedtlslmsimportpublickey allows context-dependent...

4.8CVSS7.1AI score0.00259EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/07/04 12:0 a.m.5 views

CVE-2025-49601

In MbedTLS 3.3.0 before 3.6.4, mbedtlslmsimportpublickey does not check that the input buffer is at least 4 bytes before reading a 32-bit field, allowing a possible out-of-bounds read on truncated input. Specifically, an out-of-bounds read in mbedtlslmsimportpublickey allows context-dependent...

6.5CVSS5.6AI score0.00259EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/07/04 12:0 a.m.3 views

CVE-2025-49601

In MbedTLS 3.3.0 before 3.6.4, mbedtlslmsimportpublickey does not check that the input buffer is at least 4 bytes before reading a 32-bit field, allowing a possible out-of-bounds read on truncated input. Specifically, an out-of-bounds read in mbedtlslmsimportpublickey allows context-dependent...

6.5CVSS6.5AI score0.00259EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/06/30 12:0 a.m.3 views

PT-2025-28013

Name of the Vulnerable Software and Affected Versions: MbedTLS versions 3.3.0 through 3.6.3 Description: The issue arises from the function mbedtls lms import public key not checking if the input buffer is at least 4 bytes before reading a 32-bit field. This allows for a possible out-of-bounds re...

6.5CVSS6AI score0.00259EPSS
Exploits0References41
BDU FSTEC
BDU FSTEC
added 2023/03/17 12:0 a.m.3 views

The vulnerabilities of Mozilla Firefox, Mozilla Firefox ESR, and the email client Mozilla Thunderbird involve errors during the import of the SPKI RSA public key as an ECDSA P-256. These vulnerabilities allow attackers to cause crashes in the browser tabs.

The vulnerabilities of Mozilla Firefox, Mozilla Firefox ESR, and the Mozilla Thunderbird email client are related to errors during the import of the SPKI RSA public key as an ECDSA P-256. Exploiting these vulnerabilities can allow a remote attacker to cause failures in the browser tabs...

7.5CVSS6.5AI score0.00648EPSS
Exploits0References12Affected Software8
RedHat Linux
RedHat Linux
added 2023/02/20 12:21 p.m.5 views

Mozilla: Web Crypto ImportKey crashes tab

The Mozilla Foundation Security Advisory describes this flaw as: When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash...

6.5CVSS7.3AI score0.00648EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/02/20 12:14 p.m.4 views

Mozilla: Web Crypto ImportKey crashes tab

The Mozilla Foundation Security Advisory describes this flaw as: When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash...

6.5CVSS7.3AI score0.00648EPSS
Exploits0References6
OSV
OSV
added 2023/02/15 12:0 a.m.3 views

UBUNTU-CVE-2023-25742

When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

6.5CVSS7.1AI score0.00648EPSS
Exploits0References6
CVE
CVE
added 2019/07/09 8:49 p.m.128 views

CVE-2019-9150

CVE-2019-9150 affects the Mailvelope extension prior to 3.3.0. The vulnerability arises because the extension does not require user interaction to import public keys shown on the web page, enabling trickery to hide a key import or obfuscate which key was imported. Impact is limited to the affecte...

5.3CVSS5.2AI score0.01379EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder