Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arm vulnerabilities and exploits
(subscribe to this query)
4.7
CVSSv3
CVE-2023-34970
A local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds or to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already...
Arm Valhall Gpu Kernel Driver R44p0
Arm Mali Gpu Kernel Driver R44p0
7.5
CVSSv3
CVE-2021-45450
In Mbed TLS prior to 2.28.0 and 3.x prior to 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.
Arm Mbed Tls 3.0.0
Arm Mbed Tls
Fedoraproject Fedora 36
Fedoraproject Fedora 37
5.5
CVSSv3
CVE-2021-27562
In Arm Trusted Firmware M up to and including 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode.
Arm Trusted Firmware M
3.7
CVSSv3
CVE-2023-26084
The armv8_dec_aes_gcm_full() API of Arm AArch64cryptolib prior to 86065c6 fails to the verify the authentication tag of AES-GCM protected data, leading to a man-in-the-middle attack. This occurs because of an improperly initialized variable.
Arm Aarch64cryptolib
7.5
CVSSv3
CVE-2018-9988
ARM mbed TLS prior to 2.1.11, prior to 2.7.2, and prior to 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.
Arm Mbed Tls
Arm Mbed Tls 2.8.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
7.5
CVSSv3
CVE-2018-9989
ARM mbed TLS prior to 2.1.11, prior to 2.7.2, and prior to 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.
Arm Mbed Tls
Arm Mbed Tls 2.8.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
9.8
CVSSv3
CVE-2021-27431
ARM CMSIS RTOS2 versions before 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or injected code execution.
Arm Cmsis-rtos
9.8
CVSSv3
CVE-2021-27435
ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
Arm Mbed 6.3.0
7.5
CVSSv3
CVE-2023-52353
An issue exists in Mbed TLS up to and including 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum.
Arm Mbed Tls
5.9
CVSSv3
CVE-2020-36477
An issue exists in Mbed TLS prior to 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certificate name is mishandled: when the subjecAltName extension is present, the expected name i...
Arm Mbed Tls
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »