Export limit exceeded: 356018 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (356018 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-3611 | 1 Honeywell | 12 Iq3, Iq412, Iq412 Firmware and 9 more | 2026-06-05 | 10 Critical |
| The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System Guest (level 100) context, granting read/write privileges to any party able to reach the HTTP interface. Authentication controls are only enforced after a web user is created via U.htm, which dynamically enables the user module. Because this function is accessible prior to authentication, a remote user can create a new account with administrative read/write permissions enabling the user module and imposing authentication under attacker-controlled credentials. This action can effectively lock legitimate operators out of local and web-based configuration and administration. | ||||
| CVE-2026-48112 | 2026-06-05 | 6.5 Medium | ||
| 7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap out-of-bounds read in 7-Zip Ar handler BSD SYMDEF parser. A 4-byte heap out-of-bounds read exists in the Unix ar archive parser in 7-Zip. When parsing a BSD-style __.SYMDEF symbol table, the ParseLibSymbols function reads a 32-bit namesSize field via Get32 at a position that can equal the buffer size, reading 4 bytes past the end of the heap allocation. This reads uninitialized heap data under the default allocator. Version 26.01 patches the issue. | ||||
| CVE-2017-14032 | 2 Arm, Trustedfirmware | 2 Mbed Tls, Mbed Tls | 2026-06-05 | N/A |
| ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected. | ||||
| CVE-2024-28960 | 4 Arm, Fedoraproject, Mbed and 1 more | 6 Mbed Crypto, Mbed Tls, Fedora and 3 more | 2026-06-05 | 8.2 High |
| An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory. | ||||
| CVE-2024-30166 | 2 Arm, Trustedfirmware | 2 Mbed Tls, Mbed Tls | 2026-06-05 | 9.1 Critical |
| In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can cause information disclosure or a denial of service because of a stack buffer over-read (of less than 256 bytes) in a TLS 1.3 server via a TLS 3.1 ClientHello. | ||||
| CVE-2024-45157 | 1 Trustedfirmware | 1 Mbed Tls | 2026-06-05 | 5.1 Medium |
| An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled. | ||||
| CVE-2025-27809 | 2 Arm, Trustedfirmware | 2 Mbed Tls, Mbed Tls | 2026-06-05 | 5.4 Medium |
| Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname. | ||||
| CVE-2025-49087 | 2 Mbed, Trustedfirmware | 2 Mbedtls, Mbed Tls | 2026-06-05 | 4 Medium |
| In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS#7 padding mode is used. | ||||
| CVE-2021-44732 | 3 Arm, Debian, Trustedfirmware | 3 Mbed Tls, Debian Linux, Mbed Tls | 2026-06-05 | 9.8 Critical |
| Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure. | ||||
| CVE-2023-45199 | 2 Mbed, Trustedfirmware | 2 Mbedtls, Mbed Tls | 2026-06-05 | 9.8 Critical |
| Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution. | ||||
| CVE-2018-9989 | 3 Arm, Debian, Trustedfirmware | 3 Mbed Tls, Debian Linux, Mbed Tls | 2026-06-05 | 7.5 High |
| ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input. | ||||
| CVE-2022-46393 | 3 Arm, Fedoraproject, Trustedfirmware | 3 Mbed Tls, Fedora, Mbed Tls | 2026-06-05 | 9.8 Critical |
| An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX. | ||||
| CVE-2023-43615 | 4 Arm, Fedoraproject, Mbed and 1 more | 4 Mbed Tls, Fedora, Mbedtls and 1 more | 2026-06-05 | 7.5 High |
| Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow. | ||||
| CVE-2015-5291 | 5 Debian, Fedoraproject, Opensuse and 2 more | 6 Debian Linux, Fedora, Leap and 3 more | 2026-06-05 | N/A |
| Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0. | ||||
| CVE-2015-8036 | 5 Debian, Fedoraproject, Opensuse and 2 more | 5 Debian Linux, Fedora, Opensuse and 2 more | 2026-06-05 | N/A |
| Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session. NOTE: this identifier was SPLIT from CVE-2015-5291 per ADT3 due to different affected version ranges. | ||||
| CVE-2017-2784 | 1 Trustedfirmware | 1 Mbed Tls | 2026-06-05 | N/A |
| An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications. | ||||
| CVE-2018-19608 | 2 Arm, Trustedfirmware | 2 Mbed Tls, Mbed Tls | 2026-06-05 | N/A |
| Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites. | ||||
| CVE-2018-9988 | 3 Arm, Debian, Trustedfirmware | 3 Mbed Tls, Debian Linux, Mbed Tls | 2026-06-05 | 7.5 High |
| ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input. | ||||
| CVE-2019-16910 | 4 Arm, Debian, Fedoraproject and 1 more | 5 Mbed Crypto, Mbed Tls, Debian Linux and 2 more | 2026-06-05 | 5.3 Medium |
| Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.) | ||||
| CVE-2020-10932 | 4 Arm, Debian, Fedoraproject and 1 more | 4 Mbed Tls, Debian Linux, Fedora and 1 more | 2026-06-05 | 4.7 Medium |
| An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via several measurements; and (3) using a lattice attack to get from there to the long-term ECDSA private key used for the signatures. Typically an attacker would have sufficient access when attacking an SGX enclave and controlling the untrusted OS. | ||||