Vulnerabilities > ARM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-18 | CVE-2020-12885 | Infinite Loop vulnerability in ARM Mbed OS 5.15.3 An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.15.3. | 7.5 |
| 2019-11-04 | CVE-2019-17210 | Improper Input Validation vulnerability in ARM Mbed-Mqtt and Mbed-Os A denial-of-service issue was discovered in the MQTT library in Arm Mbed OS 2017-11-02. | 7.5 |
| 2018-12-18 | CVE-2017-15031 | Information Exposure vulnerability in ARM Arm-Trusted-Firmware In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information. | 7.5 |
| 2018-06-26 | CVE-2018-1000520 | Improper Certificate Validation vulnerability in ARM Mbed TLS ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. | 7.5 |
| 2018-04-10 | CVE-2018-9989 | Out-of-bounds Read vulnerability in multiple products ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input. | 7.5 |
| 2018-04-10 | CVE-2018-9988 | Out-of-bounds Read vulnerability in multiple products ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input. | 7.5 |
| 2017-09-20 | CVE-2017-9607 | Integer Overflow or Wraparound vulnerability in ARM Arm-Trusted-Firmware The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism, cause a denial of service, or possibly have unspecified other impact via a crafted AArch32 image, which triggers an integer overflow. | 7.0 |
| 2017-08-30 | CVE-2017-14032 | Improper Authentication vulnerability in ARM Mbed TLS ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. | 8.1 |
| 2017-06-07 | CVE-2017-7564 | Improper Input Validation vulnerability in ARM Trusted Firmware In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attackers to cause a denial of service (secure world panic) via vectors involving debug exceptions and debug registers. | 7.5 |
| 2017-06-07 | CVE-2017-7563 | Incorrect Permission Assignment for Critical Resource vulnerability in ARM Trusted Firmware In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. | 8.1 |