Vulnerabilities > ARM

DATE CVE VULNERABILITY TITLE RISK
2020-06-18 CVE-2020-12886 Out-of-bounds Read vulnerability in ARM Mbed OS 5.15.3
A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3.
network
low complexity
arm CWE-125
critical
 9.1
9.1
2020-06-18 CVE-2020-12885 Infinite Loop vulnerability in ARM Mbed OS 5.15.3
An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.15.3.
network
low complexity
arm CWE-835
7.5
7.5
2020-06-18 CVE-2020-12884 Out-of-bounds Read vulnerability in ARM Mbed OS 5.15.3
A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3.
network
low complexity
arm CWE-125
critical
 9.1
9.1
2020-06-18 CVE-2020-12883 Out-of-bounds Read vulnerability in ARM Mbed OS 5.15.3
Buffer over-reads were discovered in the CoAP library in Arm Mbed OS 5.15.3.
network
low complexity
arm CWE-125
critical
 9.1
9.1
2020-06-08 CVE-2020-13844 Information Exposure Through Discrepancy vulnerability in multiple products
Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation."
local
low complexity
arm opensuse CWE-203
5.5
5.5
2020-04-15 CVE-2020-10932 Information Exposure Through Discrepancy vulnerability in multiple products
An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15.
local
high complexity
arm fedoraproject debian CWE-203
4.7
4.7
2020-03-24 CVE-2020-10941 Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.
network
high complexity
arm fedoraproject debian
5.9
5.9
2020-01-23 CVE-2019-18222 Information Exposure Through Discrepancy vulnerability in multiple products
The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.
local
high complexity
arm fedoraproject debian CWE-203
4.7
4.7
2019-11-04 CVE-2019-17210 Improper Input Validation vulnerability in ARM Mbed-Mqtt and Mbed-Os
A denial-of-service issue was discovered in the MQTT library in Arm Mbed OS 2017-11-02.
network
low complexity
arm CWE-20
7.5
7.5
2019-09-26 CVE-2019-16910 Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times.
network
high complexity
arm fedoraproject debian
5.3
5.3