Vulnerabilities (CVE)

Vendor filter

Arm Subscribe

Filter

26 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-3639 9 Arm, Intel, Mitel and 6 more 50 Cortex-a, Atom C, Atom E and 47 more 2019-05-23 4.9
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user...
CVE-2018-3665 7 Arm, Intel, Canonical and 4 more 15 Cortex-a, Core I3, Core I5 and 12 more 2019-05-14 4.7
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
CVE-2018-3693 6 Arm, Intel, Netapp and 3 more 37 Cortex-a, Cortex-r, Atom C and 34 more 2019-05-10 4.7
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.
CVE-2017-18187 2 Arm, Debian 2 Mbed Tls, Debian Linux 2019-04-26 7.5
In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c.
CVE-2017-5754 2 Arm, Intel 25 Cortex-a, Atom C, Atom E and 22 more 2019-04-23 4.7
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
CVE-2017-5753 2 Arm, Intel 26 Cortex-a, Atom C, Atom E and 23 more 2019-04-23 4.7
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVE-2018-1000061 1 Arm 1 Mbed Tls 2019-03-25 7.5
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2018-9988 2 Arm, Debian 2 Mbed Tls, Debian Linux 2019-02-27 5.0
ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.
CVE-2018-9989 2 Arm, Debian 2 Mbed Tls, Debian Linux 2019-02-26 5.0
ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.
CVE-2018-19608 1 Arm 1 Mbed Tls 2019-02-05 1.9
Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.
CVE-2018-19440 1 Arm 1 Trusted Firmware-a 2019-02-01 5.0
ARM Trusted Firmware-A allows information disclosure.
CVE-2017-15031 1 Arm 1 Arm-trusted-firmware 2019-01-24 5.0
In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information.
CVE-2017-5715 2 Arm, Intel 25 Cortex-a, Atom C, Atom E and 22 more 2018-11-30 4.7
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVE-2018-3640 2 Arm, Intel 19 Cortex-a, Atom C, Atom E and 16 more 2018-10-31 4.7
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka...
CVE-2018-0488 1 Arm 1 Mbed Tls 2018-10-21 7.5
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet...
CVE-2018-0487 1 Arm 1 Mbed Tls 2018-10-21 7.5
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature...
CVE-2018-0497 2 Arm, Debian 2 Mbed Tls, Debian Linux 2018-09-28 4.3
ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix...
CVE-2018-0498 2 Arm, Debian 2 Mbed Tls, Debian Linux 2018-09-28 1.9
ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack.
CVE-2018-9056 2 Arm, Intel 25 Cortex-a, Atom C, Atom E and 22 more 2018-04-24 4.7
Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch predictor, as demonstrated by a pattern...
CVE-2017-14032 1 Arm 1 Mbed Tls 2017-11-08 6.8
ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as...