Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arm vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-34830
An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged user to make improper GPU processing operations to gain access to already freed memory.
Arm Utgard Gpu Kernel Driver R12p0
Arm Utgard Gpu Kernel Driver R11p0
445
VMScore
CVE-2021-45450
In Mbed TLS prior to 2.28.0 and 3.x prior to 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application.
Arm Mbed Tls 3.0.0
Arm Mbed Tls
Fedoraproject Fedora 36
Fedoraproject Fedora 37
NA
CVE-2023-26084
The armv8_dec_aes_gcm_full() API of Arm AArch64cryptolib prior to 86065c6 fails to the verify the authentication tag of AES-GCM protected data, leading to a man-in-the-middle attack. This occurs because of an improperly initialized variable.
Arm Aarch64cryptolib
436
VMScore
CVE-2021-27562
In Arm Trusted Firmware M up to and including 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode.
Arm Trusted Firmware M
445
VMScore
CVE-2018-9988
ARM mbed TLS prior to 2.1.11, prior to 2.7.2, and prior to 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.
Arm Mbed Tls
Arm Mbed Tls 2.8.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
445
VMScore
CVE-2018-9989
ARM mbed TLS prior to 2.1.11, prior to 2.7.2, and prior to 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.
Arm Mbed Tls
Arm Mbed Tls 2.8.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
383
VMScore
CVE-2020-36477
An issue exists in Mbed TLS prior to 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certificate name is mishandled: when the subjecAltName extension is present, the expected name i...
Arm Mbed Tls
NA
CVE-2024-23775
Integer Overflow vulnerability in Mbed TLS 2.x prior to 2.28.7 and 3.x prior to 3.5.2, allows malicious users to cause a denial of service (DoS) via mbedtls_x509_set_extension().
Arm Mbed Tls
668
VMScore
CVE-2021-27431
ARM CMSIS RTOS2 versions before 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or injected code execution.
Arm Cmsis-rtos
668
VMScore
CVE-2021-27435
ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
Arm Mbed 6.3.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »