Vulnerabilities > ARM > High

DATE CVE VULNERABILITY TITLE RISK
2022-03-24 CVE-2021-43666 A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0.
network
low complexity
arm debian
7.5
7.5
2022-03-03 CVE-2022-22706 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in ARM Bifrost, Midgard and Valhall
Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages.
local
low complexity
arm CWE-119
7.8
7.8
2022-02-28 CVE-2021-43086 Out-of-bounds Write vulnerability in ARM Adaptive Scalable Texture Compression Encoder 3.2.0
ARM astcenc 3.2.0 is vulnerable to Buffer Overflow.
network
low complexity
arm CWE-787
7.5
7.5
2022-01-14 CVE-2021-44828 Out-of-bounds Write vulnerability in ARM products
Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0 through r34p0, and Valhall r19p0 through r34p0) allows a non-privileged user to achieve write access to read-only memory, and possibly obtain root privileges, corrupt memory, and modify the memory of other processes.
local
low complexity
arm CWE-787
7.8
7.8
2021-12-21 CVE-2021-45450 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.
network
low complexity
arm fedoraproject CWE-327
7.5
7.5
2021-12-21 CVE-2021-45451 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.
network
low complexity
arm fedoraproject CWE-327
7.5
7.5
2021-08-23 CVE-2020-36475 Incorrect Calculation of Buffer Size vulnerability in multiple products
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS).
network
low complexity
arm siemens debian CWE-131
7.5
7.5
2021-08-23 CVE-2020-36476 Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products
An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS).
network
low complexity
arm debian CWE-212
7.5
7.5
2021-08-23 CVE-2020-36478 Improper Certificate Validation vulnerability in multiple products
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS).
network
low complexity
arm siemens debian CWE-295
7.5
7.5
2021-07-19 CVE-2020-36423 Cleartext Transmission of Sensitive Information vulnerability in multiple products
An issue was discovered in Arm Mbed TLS before 2.23.0.
network
low complexity
arm debian CWE-319
7.5
7.5