Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arm vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2020-16273
In Arm software implementing the Armv8-M processors (all versions), the stack selection mechanism could be influenced by a stack-underflow attack in v8-M TrustZone based processors. An attacker can cause a change to the stack pointer used by the Secure World from a non-secure app...
Arm Armv8-m Firmware
4.7
CVSSv3
CVE-2021-36647
Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions prior to 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted opera...
Arm Mbed Tls
1 Github repository
5.9
CVSSv3
CVE-2020-36477
An issue exists in Mbed TLS prior to 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certificate name is mishandled: when the subjecAltName extension is present, the expected name i...
Arm Mbed Tls
9.8
CVSSv3
CVE-2021-27435
ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
Arm Mbed 6.3.0
7.5
CVSSv3
CVE-2023-52353
An issue exists in Mbed TLS up to and including 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes the new maximum.
Arm Mbed Tls
7
CVSSv3
CVE-2017-7496
fedora-arm-installer up to and including 1.99.16 is vulnerable to local privilege escalation due to lack of checking the error condition of mount operation failure on unsafely created temporary directories.
Fedoraproject Arm Installer
7.5
CVSSv3
CVE-2024-23744
An issue exists in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions.
Arm Mbed Tls
7.5
CVSSv3
CVE-2024-23775
Integer Overflow vulnerability in Mbed TLS 2.x prior to 2.28.7 and 3.x prior to 3.5.2, allows malicious users to cause a denial of service (DoS) via mbedtls_x509_set_extension().
Arm Mbed Tls
9.8
CVSSv3
CVE-2021-27431
ARM CMSIS RTOS2 versions before 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or injected code execution.
Arm Cmsis-rtos
5.9
CVSSv3
CVE-2020-10941
Arm Mbed TLS prior to 2.16.5 allows malicious users to obtain sensitive information (an RSA private key) by measuring cache usage during an import.
Arm Mbed Crypto
Arm Mbed Tls
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 10.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »