Vulnerabilities > ARM

DATE CVE VULNERABILITY TITLE RISK
2021-07-19 CVE-2020-36421 Information Exposure Through Discrepancy vulnerability in ARM Mbed TLS
An issue was discovered in Arm Mbed TLS before 2.23.0.
network
low complexity
arm CWE-203
5.0
2021-07-19 CVE-2020-36422 Information Exposure Through Discrepancy vulnerability in ARM Mbed TLS
An issue was discovered in Arm Mbed TLS before 2.23.0.
network
low complexity
arm CWE-203
5.0
2021-07-19 CVE-2020-36423 Cleartext Transmission of Sensitive Information vulnerability in ARM Mbed TLS
An issue was discovered in Arm Mbed TLS before 2.23.0.
network
low complexity
arm CWE-319
5.0
2021-07-19 CVE-2020-36424 Information Exposure Through Discrepancy vulnerability in ARM Mbed TLS
An issue was discovered in Arm Mbed TLS before 2.24.0.
local
arm CWE-203
1.9
2021-07-19 CVE-2020-36425 Improper Certificate Validation vulnerability in ARM Mbed TLS
An issue was discovered in Arm Mbed TLS before 2.24.0.
network
arm CWE-295
4.3
2021-07-19 CVE-2020-36426 Out-Of-Bounds Read vulnerability in ARM Mbed TLS
An issue was discovered in Arm Mbed TLS before 2.24.0.
network
low complexity
arm CWE-125
5.0
2021-07-14 CVE-2021-24119 Information Exposure Through Discrepancy vulnerability in ARM Mbed TLS
In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
network
low complexity
arm CWE-203
4.0
2021-06-09 CVE-2021-26313 Exposure of Resource TO Wrong Sphere vulnerability in multiple products
Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.
local
low complexity
xen arm broadcom intel debian CWE-668
2.1
2021-06-09 CVE-2021-26314 Exposure of Resource TO Wrong Sphere vulnerability in multiple products
Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.
local
low complexity
xen arm broadcom intel CWE-668
2.1
2021-05-25 CVE-2021-27562 Out-Of-Bounds Write vulnerability in ARM Trusted Firmware M
In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode.
local
low complexity
arm CWE-787
4.9