Vulnerabilities > ARM > Mbed TLS

DATE CVE VULNERABILITY TITLE RISK
2021-07-19 CVE-2020-36421 Information Exposure Through Discrepancy vulnerability in multiple products
An issue was discovered in Arm Mbed TLS before 2.23.0.
network
low complexity
arm debian CWE-203
5.3
5.3
2021-07-19 CVE-2020-36422 Information Exposure Through Discrepancy vulnerability in multiple products
An issue was discovered in Arm Mbed TLS before 2.23.0.
network
low complexity
arm debian CWE-203
5.3
5.3
2021-07-19 CVE-2020-36423 Cleartext Transmission of Sensitive Information vulnerability in multiple products
An issue was discovered in Arm Mbed TLS before 2.23.0.
network
low complexity
arm debian CWE-319
7.5
7.5
2021-07-19 CVE-2020-36424 Information Exposure Through Discrepancy vulnerability in multiple products
An issue was discovered in Arm Mbed TLS before 2.24.0.
local
high complexity
arm debian CWE-203
4.7
4.7
2021-07-19 CVE-2020-36425 Improper Certificate Validation vulnerability in multiple products
An issue was discovered in Arm Mbed TLS before 2.24.0.
network
low complexity
arm debian CWE-295
5.3
5.3
2021-07-19 CVE-2020-36426 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Arm Mbed TLS before 2.24.0.
network
low complexity
arm debian CWE-125
7.5
7.5
2021-07-14 CVE-2021-24119 Information Exposure Through Discrepancy vulnerability in multiple products
In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
network
low complexity
arm fedoraproject debian CWE-203
4.9
4.9
2020-09-02 CVE-2020-16150 Information Exposure Through Discrepancy vulnerability in multiple products
A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information.
local
low complexity
arm fedoraproject debian CWE-203
5.5
5.5
2020-04-15 CVE-2020-10932 Information Exposure Through Discrepancy vulnerability in multiple products
An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15.
local
high complexity
arm fedoraproject debian CWE-203
4.7
4.7
2020-03-24 CVE-2020-10941 Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.
network
high complexity
arm fedoraproject debian
5.9
5.9