Lucene search
K

275 matches found

OSV
OSV
added 2025/11/21 3:59 p.m.4 views

JLSEC-2025-218 An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0

An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information...

9.1CVSS6.9AI score0.01831EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/11/21 12:0 a.m.9 views

PT-2025-47818

Name of the Vulnerable Software and Affected Versions wolfSSL version 5.8.2 Description A flaw exists in the TLS 1.3 KeyShareEntry parsing within wolfSSL. This issue allows a remote, unauthenticated attacker to trigger a denial-of-service condition. The attack involves sending a specially crafted...

6.3CVSS6.3AI score0.004EPSS
Exploits0References9
FreeBSD
FreeBSD
added 2025/11/20 12:0 a.m.10 views

wolfssl -- multiple issues

wolfSSL blog reports: This release includes multiple fixes across TLS 1.2, TLS 1.3, X25519, XChaCha20-Poly1305, and PSK processing. Highlights include: A timing-side-channel issue in X25519 specifically affecting Xtensa-based ESP32 devices. Low-memory X25519 implementations are now the default fo...

8.2CVSS7.1AI score0.004EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/17 6:41 a.m.8 views

CVE-2025-55084

In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check innxsecuretlsprocclienthellosupportedversionsextension in the extension version field...

6.9CVSS6.9AI score0.00301EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/16 10:48 a.m.5 views

CVE-2025-55081

In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the nxsecuretlsprocessclienthello function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method length. In case of an attacker-crafted message with values outside o...

9.1CVSS6.8AI score0.00337EPSS
Exploits0References1
NVD
NVD
added 2025/10/16 7:15 a.m.4 views

CVE-2025-55084

In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check innxsecuretlsprocclienthellosupportedversionsextension in the extension version field...

6.9CVSS0.00301EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/16 6:29 a.m.5 views

EUVD-2025-34716

In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check innxsecuretlsprocclienthellosupportedversionsextension in the extension version field...

6.9CVSS6.4AI score0.00301EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/16 12:0 a.m.6 views

Eclipse ThreadX NetX Duo 安全漏洞

Eclipse ThreadX NetX Duo is an IPv4 and IPv6 dual network stack for Eclipse ThreadX open source. A security vulnerability exists in Eclipse ThreadX NetX Duo versions prior to 6.4.4 that stems from the nxsecuretlsprocclienthellosupportedversionsextension in the Eclipse Foundation ThreadX component...

6.9CVSS6.8AI score0.00301EPSS
Exploits0References1
Redos
Redos
added 2025/10/16 12:0 a.m.9 views

ROS-20251016-04

Vulnerability of X509VERIFYPARAMadd0policy function of OpenSSL library is related to errors in the procedure of of certificate authentication. Exploitation of the vulnerability could allow an attacker acting remotely to perform a "man-in-the-middle" type of attack. remotely to perform a...

9.8CVSS9.4AI score0.87816EPSS
Exploits4
NVD
NVD
added 2025/10/15 11:15 a.m.7 views

CVE-2025-55081

In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the nxsecuretlsprocessclienthello function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method length. In case of an attacker-crafted message with values outside o...

9.1CVSS0.00337EPSS
Exploits0References1
OSV
OSV
added 2025/10/15 11:15 a.m.5 views

CVE-2025-55081

In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the nxsecuretlsprocessclienthello function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method length. In case of an attacker-crafted message with values outside o...

9.1CVSS6.9AI score
Exploits0References1
OSV
OSV
added 2025/10/15 11:15 a.m.6 views

CVE-2025-55082

In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in nxsecuretlsprocessclienthello because of a missing validation of PSK length provided in the user message...

5.3CVSS6.8AI score
Exploits0References1
Cvelist
Cvelist
added 2025/10/15 11:3 a.m.9 views

CVE-2025-55082 Potential out of bound read and info leak in_nx_secure_tls_psk_identity_find()

In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in nxsecuretlsprocessclienthello because of a missing validation of PSK length provided in the user message...

6.9CVSS0.00229EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/15 10:46 a.m.6 views

EUVD-2025-34608

In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the nxsecuretlsprocessclienthello function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method length. In case of an attacker-crafted message with values outside o...

6.9CVSS6.3AI score0.00337EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.13 views

Eclipse ThreadX NetX Duo 安全漏洞

Eclipse ThreadX NetX Duo is an IPv4 and IPv6 dual network stack for Eclipse ThreadX open source. A security vulnerability exists in Eclipse ThreadX NetX Duo versions prior to 6.4.4, which stems from a lack of validation of the cipher suite length and compression method length in SSL/TLS client...

9.1CVSS6.6AI score0.00337EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2014-9550

Malware in sbrugna...

7.8CVSS6.2AI score0.02036EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2015-6860

Malware in sbrugna...

7.5CVSS7.4AI score0.0272EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2014-3512

Malware in sbrugna...

4.3CVSS7AI score0.13327EPSS
Exploits0References73
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-7929

Malware in sbrugna...

6.8CVSS6.9AI score0.03629EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-4358

Malware in sbrugna...

5.9CVSS6.1AI score0.01496EPSS
Exploits0References10
Rows per page
Query Builder