Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arm vulnerabilities and exploits
(subscribe to this query)
4.7
CVSSv3
CVE-2023-34970
A local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds or to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already...
Arm Valhall Gpu Kernel Driver R44p0
Arm Mali Gpu Kernel Driver R44p0
7.5
CVSSv3
CVE-2021-45450
In Mbed TLS prior to 2.28.0 and 3.x prior to 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.
Arm Mbed Tls 3.0.0
Arm Mbed Tls
Fedoraproject Fedora 36
Fedoraproject Fedora 37
3.7
CVSSv3
CVE-2023-26084
The armv8_dec_aes_gcm_full() API of Arm AArch64cryptolib prior to 86065c6 fails to the verify the authentication tag of AES-GCM protected data, leading to a man-in-the-middle attack. This occurs because of an improperly initialized variable.
Arm Aarch64cryptolib
5.5
CVSSv3
CVE-2021-27562
In Arm Trusted Firmware M up to and including 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode.
Arm Trusted Firmware M
7.5
CVSSv3
CVE-2018-9989
ARM mbed TLS prior to 2.1.11, prior to 2.7.2, and prior to 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.
Arm Mbed Tls
Arm Mbed Tls 2.8.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
7.5
CVSSv3
CVE-2018-9988
ARM mbed TLS prior to 2.1.11, prior to 2.7.2, and prior to 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.
Arm Mbed Tls
Arm Mbed Tls 2.8.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
7
CVSSv3
CVE-2017-7496
fedora-arm-installer up to and including 1.99.16 is vulnerable to local privilege escalation due to lack of checking the error condition of mount operation failure on unsafely created temporary directories.
Fedoraproject Arm Installer
9.8
CVSSv3
CVE-2021-27431
ARM CMSIS RTOS2 versions before 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or injected code execution.
Arm Cmsis-rtos
5.5
CVSSv3
CVE-2024-23170
An issue exists in Mbed TLS 2.x prior to 2.28.7 and 3.x prior to 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local malicious user to recover the plaintext. It requires the malicious user to send a large number of m...
Arm Mbed Tls
7.8
CVSSv3
CVE-2020-16273
In Arm software implementing the Armv8-M processors (all versions), the stack selection mechanism could be influenced by a stack-underflow attack in v8-M TrustZone based processors. An attacker can cause a change to the stack pointer used by the Secure World from a non-secure app...
Arm Armv8-m Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »