Vulnerabilities > ARM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-19 | CVE-2020-36422 | Information Exposure Through Discrepancy vulnerability in multiple products An issue was discovered in Arm Mbed TLS before 2.23.0. | 5.3 |
| 2021-07-19 | CVE-2020-36424 | Information Exposure Through Discrepancy vulnerability in multiple products An issue was discovered in Arm Mbed TLS before 2.24.0. | 4.7 |
| 2021-07-19 | CVE-2020-36425 | Improper Certificate Validation vulnerability in multiple products An issue was discovered in Arm Mbed TLS before 2.24.0. | 5.3 |
| 2021-07-14 | CVE-2021-24119 | Information Exposure Through Discrepancy vulnerability in multiple products In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX. | 4.9 |
| 2021-06-09 | CVE-2021-26313 | Information Exposure Through Discrepancy vulnerability in multiple products Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage. | 5.5 |
| 2021-06-09 | CVE-2021-26314 | Information Exposure Through Discrepancy vulnerability in multiple products Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage. | 5.5 |
| 2021-05-25 | CVE-2021-27562 | Out-of-bounds Write vulnerability in ARM Trusted Firmware M In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode. | 5.5 |
| 2020-09-02 | CVE-2020-16150 | Information Exposure Through Discrepancy vulnerability in multiple products A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. | 5.5 |
| 2020-06-08 | CVE-2020-13844 | Information Exposure Through Discrepancy vulnerability in multiple products Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation." | 5.5 |
| 2020-04-15 | CVE-2020-10932 | Information Exposure Through Discrepancy vulnerability in multiple products An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. | 4.7 |