Lucene search
K

490 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-49601

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In MbedTLS 3.3.0 before 3.6.4, mbedtlslmsimportpublickey does not check that the input buffer is at least 4 bytes before reading a 32-bit field, allowing a...

6.5CVSS6AI score0.00259EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/08/08 12:0 a.m.10 views

The vulnerability of the mbedtls_lms_import_public_key() function in Mbed TLS software allows a attacker to cause a service failure or disclose protected information.

The vulnerability of the mbedtlslmsimportpublickey function in Mbed TLS involves reading data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause a service failure or expose sensitive information...

4.8CVSS5.7AI score0.00259EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/08/08 12:0 a.m.9 views

The vulnerability of the mbedtls_x509_string_to_names function in Mbed TLS software allows a attacker to execute arbitrary code.

The vulnerability of the mbedtlsx509stringtonames function in Mbed TLS is related to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

8.9CVSS8AI score0.0199EPSS
Exploits2References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2025/08/08 12:0 a.m.9 views

The vulnerability of the mbedtls_aesni_has_support() function in the Mbed TLS software allows a attacker to compromise the integrity and confidentiality of the protected information.

The vulnerability of the mbedtlsaesnihassupport function in Mbed TLS is related to compiler optimization. Exploiting this vulnerability could allow an attacker to compromise the integrity and confidentiality of the protected information...

7.8CVSS5.7AI score0.00189EPSS
Exploits1References3Affected Software2
Tenable Nessus
Tenable Nessus
added 2025/08/06 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-49600

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In MbedTLS 3.3.0 before 3.6.4, mbedtlslmsverify may accept invalid signatures if hash computation fails and internal errors go unchecked, enabling LMS...

4.9CVSS6AI score0.00125EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2025/07/22 12:34 a.m.248 views

Exploit for Use After Free in Arm Mbed_Tls

CVE-2025-47917 Exploit Use-After-Free in mbedTLS Author...

9.8CVSS9.7AI score0.0199EPSS
Exploits2
Snyk
Snyk
added 2025/07/20 7:42 p.m.1 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the mbedtlsx509stringtonames function. An attacker can potentially achieve code execution, information disclosure, or cause a denial of service by triggering use of memory after it has been freed, such as by manipulati...

9.8CVSS7.1AI score0.0199EPSS
Exploits2References2
Snyk
Snyk
added 2025/07/20 6:47 p.m.3 views

Covert Timing Channel

Overview Affected versions of this package are vulnerable to Covert Timing Channel in block cipher padding removal. An attacker can recover plaintext data by exploiting timing discrepancies during decryption when PKCS7 padding mode is used. Remediation Upgrade mbedtls to version 3.6.4 or higher...

6.3CVSS6.9AI score0.00395EPSS
Exploits1References2
Snyk
Snyk
added 2025/07/20 6:43 p.m.2 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the mbedtlsasn1storenameddata function. An attacker can cause a crash and denial of service by providing input that results in a NULL pointer with a non-zero length value. Note: This only affects application...

7.5CVSS6.8AI score0.00461EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/07/07 12:0 a.m.5 views

Fedora: Security Advisory (FEDORA-2025-d3585d3323)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/07/06 12:10 a.m.8 views

CVE-2025-49600

A flaw was found in mbedtls. The mbedtlslmsverify function may accept forged Leighton-Micali signatures when hash computation fails and internal error conditions are not properly checked. This flaw allows an attacker with physical access to create invalid signatures. This issue occurs because...

4.9CVSS6.1AI score0.00125EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/07/06 12:10 a.m.9 views

CVE-2025-49601

A flaw was found in mbedtls. The mbedtlslmsimportpublickey function fails to validate input buffer size before reading a 32-bit field, potentially leading to an out-of-bounds read when processing truncated input. This flaw allows a network-based attacker to trigger this condition by providing a...

6.5CVSS6.3AI score0.00259EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/07/06 12:0 a.m.4 views

Fedora 42 : mbedtls (2025-d3585d3323)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-d3585d3323 advisory. - Update to 3.6.4 Release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.4 Tenable has extracted the preceding description block directl...

5.6AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/07/04 11:21 p.m.4 views

SUSE CVE-2025-49600

In MbedTLS 3.3.0 before 3.6.4, mbedtlslmsverify may accept invalid signatures if hash computation fails and internal errors go unchecked, enabling LMS Leighton-Micali Signature forgery in a fault scenario. Specifically, unchecked return values in mbedtlslmsverify allow an attacker who can induce ...

4.9CVSS7.5AI score0.00125EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/07/04 11:21 p.m.3 views

SUSE CVE-2025-49601

In MbedTLS 3.3.0 before 3.6.4, mbedtlslmsimportpublickey does not check that the input buffer is at least 4 bytes before reading a 32-bit field, allowing a possible out-of-bounds read on truncated input. Specifically, an out-of-bounds read in mbedtlslmsimportpublickey allows context-dependent...

6.5CVSS6.8AI score0.00259EPSS
Exploits0References3
Snyk
Snyk
added 2025/07/04 3:44 p.m.0 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the mbedtlslmsimportpublickey function. An attacker can cause a crash or disclose limited adjacent memory by providing a truncated LMS public-key buffer that is less than four bytes in length. Workaround For the...

6.5CVSS7AI score0.00259EPSS
Exploits0References2
Snyk
Snyk
added 2025/07/04 3:42 p.m.4 views

Missing Cryptographic Step

Overview Affected versions of this package are vulnerable to Missing Cryptographic Step in the mbedtlslmsverify process when internal errors from the createmerkleleafvalue and createmerkleinternalvalue functions are not checked. An attacker can cause the acceptance of invalid signatures by induci...

4.9CVSS7.1AI score0.00125EPSS
Exploits0References2
OSV
OSV
added 2025/07/04 3:15 p.m.7 views

ALPINE-CVE-2025-49600

In MbedTLS 3.3.0 before 3.6.4, mbedtlslmsverify may accept invalid signatures if hash computation fails and internal errors go unchecked, enabling LMS Leighton-Micali Signature forgery in a fault scenario. Specifically, unchecked return values in mbedtlslmsverify allow an attacker who can induce ...

4.9CVSS7.4AI score0.00125EPSS
Exploits0References1
OSV
OSV
added 2025/07/04 3:15 p.m.3 views

DEBIAN-CVE-2025-49600

In MbedTLS 3.3.0 before 3.6.4, mbedtlslmsverify may accept invalid signatures if hash computation fails and internal errors go unchecked, enabling LMS Leighton-Micali Signature forgery in a fault scenario. Specifically, unchecked return values in mbedtlslmsverify allow an attacker who can induce ...

4.9CVSS5.6AI score0.00125EPSS
Exploits0References1
NVD
NVD
added 2025/07/04 3:15 p.m.5 views

CVE-2025-49600

In MbedTLS 3.3.0 before 3.6.4, mbedtlslmsverify may accept invalid signatures if hash computation fails and internal errors go unchecked, enabling LMS Leighton-Micali Signature forgery in a fault scenario. Specifically, unchecked return values in mbedtlslmsverify allow an attacker who can induce ...

4.9CVSS0.00125EPSS
Exploits0References1
Rows per page
Query Builder