Lucene search
+L

6 matches found

Debian CVE
Debian CVE
added 2026/04/02 12:0 a.m.8 views

CVE-2026-34877

An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...

9.8CVSS5.8AI score0.00426EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/03/24 12:0 a.m.4 views

PT-2025-12764

Name of the Vulnerable Software and Affected Versions Mbed TLS versions 2.x through 2.28.9 Mbed TLS versions 3.x through 3.6.2 Description The issue allows servers with trusted certificates for arbitrary hostnames to be accepted by the client unless the TLS client application calls mbedtls ssl se...

5.4CVSS6.1AI score0.00274EPSS
Exploits0References56
OSV
OSV
added 2024/03/29 6:15 a.m.4 views

ALPINE-CVE-2024-28960

An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory...

8.2CVSS7AI score0.0084EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/01/10 12:0 a.m.6 views

PT-2024-1658 · Mbed Tls +3 · Mbed Tls +3

Name of the Vulnerable Software and Affected Versions: Mbed TLS versions 2.x before 2.28.7 Mbed TLS versions 3.x before 3.5.2 Description: A timing side channel in RSA private operations could allow a local attacker to recover the plaintext by sending a large number of messages for decryption, as...

9.8CVSS6.4AI score0.02569EPSS
Exploits6References79
SUSE CVE
SUSE CVE
added 2023/02/15 4:34 a.m.4 views

SUSE CVE-2018-0487

ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service buffer overflow via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session...

9.8CVSS9.6AI score0.03317EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/07/15 2:15 p.m.4 views

CVE-2022-35409

An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information...

9.1CVSS7.3AI score0.02118EPSS
Exploits1References4
Rows per page
Query Builder