Vulnerabilities > ARM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-24 | CVE-2020-24658 | Allocation of Resources Without Limits or Throttling vulnerability in ARM Compiler Arm Compiler 5 through 5.06u6 has an error in a stack protection feature designed to help spot stack-based buffer overflows in local arrays. | 7.8 |
| 2020-11-12 | CVE-2020-16273 | Integer Underflow (Wrap or Wraparound) vulnerability in ARM Armv8-M Firmware In Arm software implementing the Armv8-M processors (all versions), the stack selection mechanism could be influenced by a stack-underflow attack in v8-M TrustZone based processors. | 7.8 |
| 2020-06-18 | CVE-2020-12887 | Memory Leak vulnerability in ARM Mbed-Coap 5.1.5 Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 when using the Arm mbed-coap library 5.1.5. | 7.5 |
| 2020-06-18 | CVE-2020-12885 | Infinite Loop vulnerability in ARM Mbed OS 5.15.3 An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.15.3. | 7.5 |
| 2019-11-04 | CVE-2019-17210 | Improper Input Validation vulnerability in ARM Mbed-Mqtt and Mbed-Os A denial-of-service issue was discovered in the MQTT library in Arm Mbed OS 2017-11-02. | 7.5 |
| 2018-12-18 | CVE-2017-15031 | Information Exposure vulnerability in ARM Arm-Trusted-Firmware In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information. | 7.5 |
| 2018-06-26 | CVE-2018-1000520 | Improper Certificate Validation vulnerability in ARM Mbed TLS ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. | 7.5 |
| 2018-04-10 | CVE-2018-9989 | Out-of-bounds Read vulnerability in multiple products ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input. | 7.5 |
| 2018-04-10 | CVE-2018-9988 | Out-of-bounds Read vulnerability in multiple products ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input. | 7.5 |
| 2017-09-20 | CVE-2017-9607 | Integer Overflow or Wraparound vulnerability in ARM Arm-Trusted-Firmware The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism, cause a denial of service, or possibly have unspecified other impact via a crafted AArch32 image, which triggers an integer overflow. | 7.0 |