Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arm vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2020-36421
An issue exists in Arm Mbed TLS prior to 2.23.0. Because of a side channel in modular exponentiation, an RSA private key used in a secure enclave could be disclosed.
Arm Mbed Tls
Debian Debian Linux 10.0
5.3
CVSSv3
CVE-2020-36422
An issue exists in Arm Mbed TLS prior to 2.23.0. A side channel allows recovery of an ECC private key, related to mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbedtls_ecp_mul, and mbedtls_ecp_mul_restartable.
Arm Mbed Tls
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2020-36423
An issue exists in Arm Mbed TLS prior to 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator.
Arm Mbed Tls
Debian Debian Linux 10.0
4.7
CVSSv3
CVE-2020-36424
An issue exists in Arm Mbed TLS prior to 2.24.0. An attacker can recover a private key (for RSA or static Diffie-Hellman) via a side-channel attack against generation of base blinding/unblinding values.
Arm Mbed Tls
Debian Debian Linux 10.0
5.3
CVSSv3
CVE-2020-36425
An issue exists in Arm Mbed TLS prior to 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock.
Arm Mbed Tls
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2020-36426
An issue exists in Arm Mbed TLS prior to 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte).
Arm Mbed Tls
Debian Debian Linux 10.0
9.1
CVSSv3
CVE-2022-35409
An issue exists in Mbed TLS prior to 2.28.1 and 3.x prior to 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly...
Arm Mbed Tls
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2021-45451
In Mbed TLS prior to 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.
Arm Mbed Tls
Fedoraproject Fedora 36
Fedoraproject Fedora 37
5.3
CVSSv3
CVE-2022-46392
An issue exists in Mbed TLS prior to 2.28.2 and 3.x prior to 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim perform...
Arm Mbed Tls
Fedoraproject Fedora 36
Fedoraproject Fedora 37
9.8
CVSSv3
CVE-2022-46393
An issue exists in Mbed TLS prior to 2.28.2 and 3.x prior to 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
Arm Mbed Tls
Fedoraproject Fedora 36
Fedoraproject Fedora 37
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
8
9
10
NEXT »