Vulnerabilities > ARM > Mbed TLS > 2.22.0

DATE CVE VULNERABILITY TITLE RISK
2021-12-21 CVE-2021-45451 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.
network
low complexity
arm fedoraproject CWE-327
7.5
7.5
2021-12-20 CVE-2021-44732 Double Free vulnerability in multiple products
Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.
network
low complexity
arm debian CWE-415
critical
 9.8
9.8
2021-08-23 CVE-2020-36475 Incorrect Calculation of Buffer Size vulnerability in multiple products
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS).
network
low complexity
arm siemens debian CWE-131
7.5
7.5
2021-08-23 CVE-2020-36476 Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products
An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS).
network
low complexity
arm debian CWE-212
7.5
7.5
2021-08-23 CVE-2020-36477 Improper Certificate Validation vulnerability in ARM Mbed TLS
An issue was discovered in Mbed TLS before 2.24.0.
network
high complexity
arm CWE-295
5.9
5.9
2021-08-23 CVE-2020-36478 Improper Certificate Validation vulnerability in multiple products
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS).
network
low complexity
arm siemens debian CWE-295
7.5
7.5
2021-07-19 CVE-2020-36421 Information Exposure Through Discrepancy vulnerability in multiple products
An issue was discovered in Arm Mbed TLS before 2.23.0.
network
low complexity
arm debian CWE-203
5.3
5.3
2021-07-19 CVE-2020-36422 Information Exposure Through Discrepancy vulnerability in multiple products
An issue was discovered in Arm Mbed TLS before 2.23.0.
network
low complexity
arm debian CWE-203
5.3
5.3
2021-07-19 CVE-2020-36423 Cleartext Transmission of Sensitive Information vulnerability in multiple products
An issue was discovered in Arm Mbed TLS before 2.23.0.
network
low complexity
arm debian CWE-319
7.5
7.5
2021-07-19 CVE-2020-36424 Information Exposure Through Discrepancy vulnerability in multiple products
An issue was discovered in Arm Mbed TLS before 2.24.0.
local
high complexity
arm debian CWE-203
4.7
4.7