Export limit exceeded: 357105 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357105 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-8036 | 5 Debian, Fedoraproject, Opensuse and 2 more | 5 Debian Linux, Fedora, Opensuse and 2 more | 2026-06-05 | N/A |
| Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session. NOTE: this identifier was SPLIT from CVE-2015-5291 per ADT3 due to different affected version ranges. | ||||
| CVE-2022-46392 | 3 Arm, Fedoraproject, Trustedfirmware | 3 Mbed Tls, Fedora, Mbed Tls | 2026-06-05 | 5.3 Medium |
| An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller. | ||||
| CVE-2017-14032 | 2 Arm, Trustedfirmware | 2 Mbed Tls, Mbed Tls | 2026-06-05 | N/A |
| ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected. | ||||
| CVE-2017-2784 | 1 Trustedfirmware | 1 Mbed Tls | 2026-06-05 | N/A |
| An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications. | ||||
| CVE-2018-9988 | 3 Arm, Debian, Trustedfirmware | 3 Mbed Tls, Debian Linux, Mbed Tls | 2026-06-05 | 7.5 High |
| ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input. | ||||
| CVE-2018-9989 | 3 Arm, Debian, Trustedfirmware | 3 Mbed Tls, Debian Linux, Mbed Tls | 2026-06-05 | 7.5 High |
| ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input. | ||||
| CVE-2019-16910 | 4 Arm, Debian, Fedoraproject and 1 more | 5 Mbed Crypto, Mbed Tls, Debian Linux and 2 more | 2026-06-05 | 5.3 Medium |
| Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.) | ||||
| CVE-2022-35409 | 3 Arm, Debian, Trustedfirmware | 3 Mbed Tls, Debian Linux, Mbed Tls | 2026-06-05 | 9.1 Critical |
| An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function. | ||||
| CVE-2023-43615 | 4 Arm, Fedoraproject, Mbed and 1 more | 4 Mbed Tls, Fedora, Mbedtls and 1 more | 2026-06-05 | 7.5 High |
| Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow. | ||||
| CVE-2024-23744 | 1 Trustedfirmware | 1 Mbed Tls | 2026-06-05 | 7.5 High |
| An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions. | ||||
| CVE-2024-28755 | 2 Mbed, Trustedfirmware | 2 Mbedtls, Mbed Tls | 2026-06-05 | 6.5 Medium |
| An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL context was reset with the mbedtls_ssl_session_reset() API, the maximum TLS version to be negotiated was not restored to the configured one. An attacker was able to prevent an Mbed TLS server from establishing any TLS 1.3 connection, potentially resulting in a Denial of Service or forced version downgrade from TLS 1.3 to TLS 1.2. | ||||
| CVE-2024-28836 | 1 Trustedfirmware | 1 Mbed Tls | 2026-06-05 | 5.4 Medium |
| An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When negotiating the TLS version on the server side, it can fall back to the TLS 1.2 implementation of the protocol if it is disabled. If the TLS 1.2 implementation was disabled at build time, a TLS 1.2 client could put a TLS 1.3-only server into an infinite loop processing a TLS 1.2 ClientHello, resulting in a denial of service. If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client can successfully establish a TLS 1.2 connection with the server. | ||||
| CVE-2024-28960 | 4 Arm, Fedoraproject, Mbed and 1 more | 6 Mbed Crypto, Mbed Tls, Fedora and 3 more | 2026-06-05 | 8.2 High |
| An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory. | ||||
| CVE-2024-30166 | 2 Arm, Trustedfirmware | 2 Mbed Tls, Mbed Tls | 2026-06-05 | 9.1 Critical |
| In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can cause information disclosure or a denial of service because of a stack buffer over-read (of less than 256 bytes) in a TLS 1.3 server via a TLS 3.1 ClientHello. | ||||
| CVE-2024-45158 | 2 Mbed, Trustedfirmware | 2 Mbedtls, Mbed Tls | 2026-06-05 | 9.8 Critical |
| An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. (This never happens in internal library calls, but can affect applications that call these functions directly.) | ||||
| CVE-2024-49195 | 2 Mbed, Trustedfirmware | 2 Mbedtls, Mbed Tls | 2026-06-05 | 9.8 Critical |
| Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair | ||||
| CVE-2025-27809 | 2 Arm, Trustedfirmware | 2 Mbed Tls, Mbed Tls | 2026-06-05 | 5.4 Medium |
| Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname. | ||||
| CVE-2025-49087 | 2 Mbed, Trustedfirmware | 2 Mbedtls, Mbed Tls | 2026-06-05 | 4 Medium |
| In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS#7 padding mode is used. | ||||
| CVE-2021-44732 | 3 Arm, Debian, Trustedfirmware | 3 Mbed Tls, Debian Linux, Mbed Tls | 2026-06-05 | 9.8 Critical |
| Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure. | ||||
| CVE-2022-46393 | 3 Arm, Fedoraproject, Trustedfirmware | 3 Mbed Tls, Fedora, Mbed Tls | 2026-06-05 | 9.8 Critical |
| An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX. | ||||