Vulnerabilities > ARM > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-06-07 | CVE-2017-7564 | Improper Input Validation vulnerability in ARM Trusted Firmware In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attackers to cause a denial of service (secure world panic) via vectors involving debug exceptions and debug registers. | 5.0 |
2017-06-07 | CVE-2017-7563 | Incorrect Permission Assignment for Critical Resource vulnerability in ARM Trusted Firmware In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. | 6.8 |
2017-04-20 | CVE-2017-2784 | Improper Certificate Validation vulnerability in ARM Mbed TLS An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. | 6.8 |
2015-11-02 | CVE-2015-8036 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session. | 6.8 |
2015-11-02 | CVE-2015-5291 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. | 6.8 |