Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
linaro vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2017-1000412
Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable to the bellcore attack in the LibTomCrypt code resulting in compromised private RSA key.
Linaro Op-tee
6.4
CVSSv2
CVE-2019-25052
In Linaro OP-TEE prior to 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information.
Linaro Op-tee
7.5
CVSSv2
CVE-2019-1010293
Linaro/OP-TEE OP-TEE 3.3.0 and previous versions is affected by: Boundary crossing. The impact is: Memory corruption of the TEE itself. The component is: optee_os. The fixed version is: 3.4.0 and later.
Linaro Op-tee
5
CVSSv2
CVE-2019-1010294
Linaro/OP-TEE OP-TEE 3.3.0 and previous versions is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: optee_os. The fixed version is: 3.4.0 and later.
Linaro Op-tee
10
CVSSv2
CVE-2019-1010296
Linaro/OP-TEE OP-TEE 3.3.0 and previous versions is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.
Linaro Op-tee
4.3
CVSSv2
CVE-2017-1000413
Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable a timing attack in the Montgomery parts of libMPA in OP-TEE resulting in a compromised private RSA key.
Linaro Op-tee
5
CVSSv2
CVE-2021-32032
In Trusted Firmware-M up to and including 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated cryptographic library from freeing internal resources, causing a memory leak.
Linaro Trusted Firmware-m
1.9
CVSSv2
CVE-2018-12437
LibTomCrypt up to and including 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same p...
Libtom Libtomcrypt
Linaro Op-tee
6.5
CVSSv2
CVE-2018-12565
An issue exists in Linaro LAVA prior to 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur.
Linaro Lava
Debian Debian Linux 9.0
4
CVSSv2
CVE-2018-12564
An issue exists in Linaro LAVA prior to 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml.
Linaro Lava
Debian Debian Linux 8.0
Debian Debian Linux 9.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »