Vulnerabilities > ARM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-13 | CVE-2018-0488 | Out-of-bounds Write vulnerability in multiple products ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session. | 7.5 |
| 2018-02-13 | CVE-2018-0487 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session. | 7.5 |
| 2018-01-04 | CVE-2017-5754 | Information Exposure vulnerability in multiple products Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. | 4.7 |
| 2018-01-04 | CVE-2017-5753 | Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | 4.7 |
| 2018-01-04 | CVE-2017-5715 | Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | 1.9 |
| 2017-09-20 | CVE-2017-9607 | Integer Overflow or Wraparound vulnerability in ARM Arm-Trusted-Firmware The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism, cause a denial of service, or possibly have unspecified other impact via a crafted AArch32 image, which triggers an integer overflow. | 5.1 |
| 2017-08-30 | CVE-2017-14032 | Improper Authentication vulnerability in ARM Mbed TLS ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. | 6.8 |
| 2017-06-07 | CVE-2017-7564 | Improper Input Validation vulnerability in ARM Trusted Firmware In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attackers to cause a denial of service (secure world panic) via vectors involving debug exceptions and debug registers. | 5.0 |
| 2017-06-07 | CVE-2017-7563 | Incorrect Permission Assignment for Critical Resource vulnerability in ARM Trusted Firmware In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. | 6.8 |
| 2017-04-20 | CVE-2017-2784 | Improper Certificate Validation vulnerability in ARM Mbed TLS An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. | 6.8 |