CVE-2025-27810

Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays...

CVE-2025-27810

Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays...

Mbed TLS 安全漏洞

Mbed TLS is an open source, portable, easy to use, readable and flexible SSL library from Mbed TLS Open Source. A security vulnerability exists in Mbed TLS versions prior to 2.28.10 and 3.x versions prior to 3.6.3, which stems from the use of uninitialized stack memory under certain circumstances...

CVE-2025-27810

Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays...

CVE-2025-27810

Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays...

PT-2025-12765

Name of the Vulnerable Software and Affected Versions Mbed TLS versions 2.28.9 and earlier, 3.x versions prior to 3.6.3 Description The issue arises when Mbed TLS, in certain cases of failed memory allocation or hardware errors, utilizes uninitialized stack memory to compose the TLS Finished...

EulerOS 2.0 SP12 : dhcp (EulerOS-SA-2025-1291)

According to the versions of the dhcp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only...

CVE-2025-21835

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fmidi: fix MIDI Streaming descriptor lengths While the MIDI jacks are configured correctly, and the MIDIStreaming endpoint descriptors are filled with the correct information, bNumEmbMIDIJack and bLength are set...

Linux Distros Unpatched Vulnerability : CVE-2017-14156

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The atyfbioctl function in drivers/video/fbdev/aty/atyfbbase.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows...

Linux Distros Unpatched Vulnerability : CVE-2016-4486

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The rtnlfilllinkifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users t...

Linux Distros Unpatched Vulnerability : CVE-2018-20023

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker ...

Linux Distros Unpatched Vulnerability : CVE-2018-20855

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Linux kernel before 4.18.7. In createqpcommon in drivers/infiniband/hw/mlx5/qp.c, mlx5ibcreateqpresp was never initialized,...

Linux Distros Unpatched Vulnerability : CVE-2013-7264

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The l2tpiprecvmsg function in net/l2tp/l2tpip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structu...

Linux Distros Unpatched Vulnerability : CVE-2012-3368

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstance...

Linux Distros Unpatched Vulnerability : CVE-2016-9756

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment CS in certain error cases, which allows local users to obtain...

Linux Distros Unpatched Vulnerability : CVE-2018-18064

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between...

Linux Distros Unpatched Vulnerability : CVE-2011-1080

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The doreplace function in net/bridge/netfilter/ebtables.c in the Linux kernel before 2.6.39 does not ensure that a certain name field ends with a '\0' character...

Linux Distros Unpatched Vulnerability : CVE-2011-1078

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The scosockgetsockoptold function in net/bluetooth/sco.c in the Linux kernel before 2.6.39 does not initialize a certain structure, which allows local users to...

CVE-2023-31331

Improper access control in the DRTM firmware could allow a privileged attacker to perform multiple driver initializations, resulting in stack memory corruption that could potentially lead to loss of integrity or availability...

CVE-2023-31331

Improper access control in the DRTM firmware could allow a privileged attacker to perform multiple driver initializations, resulting in stack memory corruption that could potentially lead to loss of integrity or availability...