Vulnerabilities > Linaro > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-15 | CVE-2023-41325 | Double Free vulnerability in Linaro Op-Tee 3.20.0/3.21.0/3.22.0 OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. | 6.7 |
| 2022-11-18 | CVE-2022-44641 | XML Entity Expansion vulnerability in multiple products In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service. | 6.5 |
| 2021-12-07 | CVE-2021-44149 | Unspecified vulnerability in Linaro Op-Tee An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. | 4.6 |
| 2021-05-21 | CVE-2021-32032 | Memory Leak vulnerability in Linaro Trusted Firmware-M In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated cryptographic library from freeing internal resources, causing a memory leak. | 5.0 |
| 2020-11-18 | CVE-2020-13799 | Authentication Bypass by Capture-replay vulnerability in multiple products Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe. | 4.6 |
| 2019-07-15 | CVE-2019-1010294 | Numeric Errors vulnerability in Linaro Op-Tee Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. | 5.0 |
| 2018-06-19 | CVE-2018-12565 | Improper Input Validation vulnerability in multiple products An issue was discovered in Linaro LAVA before 2018.5.post1. | 6.5 |
| 2018-06-19 | CVE-2018-12564 | Improper Input Validation vulnerability in multiple products An issue was discovered in Linaro LAVA before 2018.5.post1. | 4.0 |
| 2018-06-19 | CVE-2018-12563 | Improper Input Validation vulnerability in Linaro Lava An issue was discovered in Linaro LAVA before 2018.5.post1. | 4.0 |
| 2018-01-02 | CVE-2017-1000413 | Information Exposure vulnerability in Linaro Op-Tee Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable a timing attack in the Montgomery parts of libMPA in OP-TEE resulting in a compromised private RSA key. | 4.3 |