Lucene search
K

5 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-49601

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In MbedTLS 3.3.0 before 3.6.4, mbedtlslmsimportpublickey does not check that the input buffer is at least 4 bytes before reading a 32-bit field, allowing a...

6.5CVSS6AI score0.00259EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/08/08 12:0 a.m.10 views

The vulnerability of the mbedtls_lms_import_public_key() function in Mbed TLS software allows a attacker to cause a service failure or disclose protected information.

The vulnerability of the mbedtlslmsimportpublickey function in Mbed TLS involves reading data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause a service failure or expose sensitive information...

4.8CVSS5.7AI score0.00259EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2025/07/04 11:21 p.m.4 views

SUSE CVE-2025-49600

In MbedTLS 3.3.0 before 3.6.4, mbedtlslmsverify may accept invalid signatures if hash computation fails and internal errors go unchecked, enabling LMS Leighton-Micali Signature forgery in a fault scenario. Specifically, unchecked return values in mbedtlslmsverify allow an attacker who can induce ...

4.9CVSS7.5AI score0.00125EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/07/04 11:21 p.m.3 views

SUSE CVE-2025-49601

In MbedTLS 3.3.0 before 3.6.4, mbedtlslmsimportpublickey does not check that the input buffer is at least 4 bytes before reading a 32-bit field, allowing a possible out-of-bounds read on truncated input. Specifically, an out-of-bounds read in mbedtlslmsimportpublickey allows context-dependent...

6.5CVSS6.8AI score0.00259EPSS
Exploits0References3
Snyk
Snyk
added 2025/07/04 3:42 p.m.4 views

Missing Cryptographic Step

Overview Affected versions of this package are vulnerable to Missing Cryptographic Step in the mbedtlslmsverify process when internal errors from the createmerkleleafvalue and createmerkleinternalvalue functions are not checked. An attacker can cause the acceptance of invalid signatures by induci...

4.9CVSS7.1AI score0.00125EPSS
Exploits0References2
Rows per page
Query Builder