Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
polarssl polarssl vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2011-4574
PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor's high resolution timer (the RDTSC instruction). This instruction can be virtualized, and some virtual machine hosts have chos...
Polarssl Polarssl
9.8
CVSSv3
CVE-2017-18187
In ARM mbed TLS prior to 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c.
Arm Mbed Tls
Debian Debian Linux 9.0
Debian Debian Linux 8.0
9.8
CVSSv3
CVE-2018-0487
ARM mbed TLS prior to 1.3.22, prior to 2.1.10, and prior to 2.7.0 allows remote malicious users to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTL...
Arm Mbed Tls
Debian Debian Linux 8.0
Debian Debian Linux 9.0
9.8
CVSSv3
CVE-2018-0488
ARM mbed TLS prior to 1.3.22, prior to 2.1.10, and prior to 2.7.0, when the truncated HMAC extension and CBC are used, allows remote malicious users to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS sess...
Arm Mbed Tls
Debian Debian Linux 9.0
Debian Debian Linux 8.0
8.1
CVSSv3
CVE-2017-14032
ARM mbed TLS prior to 1.3.21 and 2.x prior to 2.1.9, if optional authentication is configured, allows remote malicious users to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases ...
Arm Mbed Tls 1.3.12
Arm Mbed Tls 1.3.13
Arm Mbed Tls 1.3.21
Arm Mbed Tls 2.1.9
Arm Mbed Tls 1.3.10
Arm Mbed Tls 1.3.11
Arm Mbed Tls 1.3.18
Arm Mbed Tls 1.3.19
Arm Mbed Tls 2.4.2
Arm Mbed Tls 2.5.1
Arm Mbed Tls 2.1.2
Arm Mbed Tls 2.1.3
Arm Mbed Tls 2.6.2
Arm Mbed Tls 2.1.7
Arm Mbed Tls 2.1.4
Arm Mbed Tls 2.1.5
Arm Mbed Tls 1.3.16
Arm Mbed Tls 1.3.17
Arm Mbed Tls 2.3.0
Arm Mbed Tls 2.4.0
Arm Mbed Tls 2.1.0
Arm Mbed Tls 2.1.1
7.5
CVSSv3
CVE-2014-0160
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 prior to 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote malicious users to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrat...
Openssl Openssl
Filezilla-project Filezilla Server
Siemens Application Processing Engine Firmware 2.0
Siemens Cp 1543-1 Firmware 1.1
Siemens Simatic S7-1500 Firmware 1.5
Siemens Simatic S7-1500t Firmware 1.5
Siemens Elan-8.2
Siemens Wincc Open Architecture 3.12
Intellian V100 Firmware 1.20
Intellian V100 Firmware 1.21
Intellian V100 Firmware 1.24
Intellian V60 Firmware 1.15
Intellian V60 Firmware 1.25
Mitel Micollab 6.0
Mitel Micollab 7.0
Mitel Micollab 7.1
Mitel Micollab 7.2
Mitel Micollab 7.3.0.104
Mitel Micollab 7.3
Mitel Mivoice 1.1.3.3
Mitel Mivoice 1.2.0.11
Mitel Mivoice 1.3.2.2
4 EDB exploits
2 Nmap scripts
309 Github repositories
4 Articles
7.4
CVSSv3
CVE-2012-2130
A Security Bypass vulnerability exists in PolarSSL 0.99pre4 up to and including 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys.
Polarssl Polarssl 0.99
Polarssl Polarssl
Debian Debian Linux 8.0
Fedoraproject Fedora 17
NA
CVE-2015-8036
Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x prior to 1.3.14 and 2.x prior to 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, wh...
Arm Mbed Tls
Polarssl Polarssl
Fedoraproject Fedora 21
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Opensuse Opensuse 13.2
NA
CVE-2015-5291
Heap-based buffer overflow in PolarSSL 1.x prior to 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x prior to 1.3.14 and 2.x prior to 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server...
Arm Mbed Tls
Polarssl Polarssl
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Opensuse Leap 42.1
Fedoraproject Fedora 21
Fedoraproject Fedora 22
Fedoraproject Fedora 23
Opensuse Opensuse 13.2
NA
CVE-2014-9744
Memory leak in PolarSSL prior to 1.3.9 allows remote malicious users to cause a denial of service (memory consumption) via a large number of ClientHello messages. NOTE: this identifier was SPLIT from CVE-2014-8628 per ADT3 due to different affected versions.
Opensuse Opensuse 13.2
Polarssl Polarssl
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »