Vulnerabilities > Linaro > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-15 | CVE-2023-41325 | Unspecified vulnerability in Linaro Op-Tee 3.20.0/3.21.0/3.22.0 OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. | 6.7 |
| 2022-12-19 | CVE-2022-47549 | Improper Verification of Cryptographic Signature vulnerability in Linaro Op-Tee An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature verification and install malicious trusted applications via electromagnetic fault injections. | 6.4 |
| 2022-11-18 | CVE-2022-44641 | XML Entity Expansion vulnerability in multiple products In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service. | 6.5 |
| 2020-11-18 | CVE-2020-13799 | Authentication Bypass by Capture-replay vulnerability in multiple products Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe. | 6.8 |
| 2018-06-19 | CVE-2018-12564 | Improper Input Validation vulnerability in multiple products An issue was discovered in Linaro LAVA before 2018.5.post1. | 6.5 |
| 2018-06-19 | CVE-2018-12563 | Improper Input Validation vulnerability in Linaro Lava An issue was discovered in Linaro LAVA before 2018.5.post1. | 6.5 |
| 2018-06-15 | CVE-2018-12437 | Information Exposure vulnerability in multiple products LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. | 4.9 |
| 2018-01-02 | CVE-2017-1000413 | Information Exposure vulnerability in Linaro Op-Tee Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable a timing attack in the Montgomery parts of libMPA in OP-TEE resulting in a compromised private RSA key. | 5.9 |