Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mbed vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-22905
Buffer Overflow vulnerability in ARM mbed-os v.6.17.0 allows a remote malicious user to execute arbitrary code via a crafted script to the hciTrSerialRxIncoming function.
NA
CVE-2024-30166
In Mbed TLS 3.3.0 up to and including 3.5.2 prior to 3.6.0, a malicious client can cause information disclosure or a denial of service because of a stack buffer over-read (of less than 256 bytes) in a TLS 1.3 server via a TLS 3.1 ClientHello.
NA
CVE-2024-28755
An issue exists in Mbed TLS 3.5.x prior to 3.6.0. When an SSL context was reset with the mbedtls_ssl_session_reset() API, the maximum TLS version to be negotiated was not restored to the configured one. An attacker was able to prevent an Mbed TLS server from establishing any TLS ...
NA
CVE-2024-28836
An issue exists in Mbed TLS 3.5.x prior to 3.6.0. When negotiating the TLS version on the server side, it can fall back to the TLS 1.2 implementation of the protocol if it is disabled. If the TLS 1.2 implementation was disabled at build time, a TLS 1.2 client could put a TLS 1.3-...
NA
CVE-2024-28960
An issue exists in Mbed TLS 2.18.0 up to and including 2.28.x prior to 2.28.8 and 3.x prior to 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.
NA
CVE-2024-23775
Integer Overflow vulnerability in Mbed TLS 2.x prior to 2.28.7 and 3.x prior to 3.5.2, allows malicious users to cause a denial of service (DoS) via mbedtls_x509_set_extension().
Arm Mbed Tls
NA
CVE-2024-23170
An issue exists in Mbed TLS 2.x prior to 2.28.7 and 3.x prior to 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local malicious user to recover the plaintext. It requires the malicious user to send a large number of m...
Arm Mbed Tls
NA
CVE-2024-23744
An issue exists in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions.
Arm Mbed Tls
NA
CVE-2023-52353
An issue exists in Mbed TLS up to and including 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum.
Arm Mbed Tls
NA
CVE-2023-43615
Mbed TLS 2.x prior to 2.28.5 and 3.x prior to 3.5.0 has a Buffer Overflow.
Arm Mbed Tls
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »