Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mbed vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-36423
An issue exists in Arm Mbed TLS prior to 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator.
Arm Mbed Tls
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2020-36426
An issue exists in Arm Mbed TLS prior to 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte).
Arm Mbed Tls
Debian Debian Linux 10.0
5.3
CVSSv3
CVE-2020-36422
An issue exists in Arm Mbed TLS prior to 2.23.0. A side channel allows recovery of an ECC private key, related to mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbedtls_ecp_mul, and mbedtls_ecp_mul_restartable.
Arm Mbed Tls
Debian Debian Linux 10.0
5.3
CVSSv3
CVE-2020-36425
An issue exists in Arm Mbed TLS prior to 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock.
Arm Mbed Tls
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2021-43666
A Denial of Service vulnerability exists in mbed TLS 3.0.0 and previous versions in the mbedtls_pkcs12_derivation function when an input password's length is 0.
Arm Mbed Tls
Debian Debian Linux 10.0
9.1
CVSSv3
CVE-2022-35409
An issue exists in Mbed TLS prior to 2.28.1 and 3.x prior to 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly...
Arm Mbed Tls
Debian Debian Linux 10.0
9.8
CVSSv3
CVE-2022-46393
An issue exists in Mbed TLS prior to 2.28.2 and 3.x prior to 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
Arm Mbed Tls
Fedoraproject Fedora 36
Fedoraproject Fedora 37
7.5
CVSSv3
CVE-2021-45451
In Mbed TLS prior to 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.
Arm Mbed Tls
Fedoraproject Fedora 36
Fedoraproject Fedora 37
5.3
CVSSv3
CVE-2022-46392
An issue exists in Mbed TLS prior to 2.28.2 and 3.x prior to 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim perform...
Arm Mbed Tls
Fedoraproject Fedora 36
Fedoraproject Fedora 37
7.5
CVSSv3
CVE-2020-36476
An issue exists in Mbed TLS prior to 2.24.0 (and prior to 2.16.8 LTS and prior to 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.
Arm Mbed Tls
Debian Debian Linux 9.0
Debian Debian Linux 10.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »