Vulnerabilities > ARM > Mbed TLS > 1.3.16

DATE CVE VULNERABILITY TITLE RISK
2021-08-23 CVE-2020-36477 Improper Certificate Validation vulnerability in ARM Mbed TLS
An issue was discovered in Mbed TLS before 2.24.0.
network
high complexity
arm CWE-295
5.9
5.9
2021-08-23 CVE-2020-36478 Improper Certificate Validation vulnerability in multiple products
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS).
network
low complexity
arm siemens debian CWE-295
7.5
7.5
2021-07-19 CVE-2020-36421 Information Exposure Through Discrepancy vulnerability in multiple products
An issue was discovered in Arm Mbed TLS before 2.23.0.
network
low complexity
arm debian CWE-203
5.3
5.3
2021-07-19 CVE-2020-36422 Information Exposure Through Discrepancy vulnerability in multiple products
An issue was discovered in Arm Mbed TLS before 2.23.0.
network
low complexity
arm debian CWE-203
5.3
5.3
2021-07-19 CVE-2020-36423 Cleartext Transmission of Sensitive Information vulnerability in multiple products
An issue was discovered in Arm Mbed TLS before 2.23.0.
network
low complexity
arm debian CWE-319
7.5
7.5
2021-07-19 CVE-2020-36424 Information Exposure Through Discrepancy vulnerability in multiple products
An issue was discovered in Arm Mbed TLS before 2.24.0.
local
high complexity
arm debian CWE-203
4.7
4.7
2021-07-19 CVE-2020-36425 Improper Certificate Validation vulnerability in multiple products
An issue was discovered in Arm Mbed TLS before 2.24.0.
network
low complexity
arm debian CWE-295
5.3
5.3
2021-07-19 CVE-2020-36426 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Arm Mbed TLS before 2.24.0.
network
low complexity
arm debian CWE-125
7.5
7.5
2021-07-14 CVE-2021-24119 Information Exposure Through Discrepancy vulnerability in multiple products
In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
network
low complexity
arm fedoraproject debian CWE-203
4.9
4.9
2020-09-02 CVE-2020-16150 Information Exposure Through Discrepancy vulnerability in multiple products
A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information.
local
low complexity
arm fedoraproject debian CWE-203
5.5
5.5