Vulnerabilities (CVE)

Vendor filter

Arm Subscribe

Filter

27 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-16910 2 Arm, Fedoraproject 2 Mbed Tls, Fedora 2019-10-03 2.6
Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs...
CVE-2018-0498 2 Arm, Debian 2 Mbed Tls, Debian Linux 2019-10-03 1.9
ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack.
CVE-2018-3693 6 Arm, Intel, Netapp and 3 more 37 Cortex-a, Cortex-r, Atom C and 34 more 2019-10-03 4.7
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.
CVE-2017-7563 1 Arm 1 Arm Trusted Firmware 2019-10-03 6.8
In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. This issue occurs because of inconsistency in the number of execute-never bits (one bit...
CVE-2018-0497 2 Arm, Debian 2 Mbed Tls, Debian Linux 2019-10-03 4.3
ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix...
CVE-2018-9989 2 Arm, Debian 2 Mbed Tls, Debian Linux 2019-10-03 5.0
ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.
CVE-2018-3639 9 Arm, Intel, Mitel and 6 more 50 Cortex-a, Atom C, Atom E and 47 more 2019-05-23 4.9
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user...
CVE-2018-3665 7 Arm, Intel, Canonical and 4 more 15 Cortex-a, Core I3, Core I5 and 12 more 2019-05-14 4.7
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
CVE-2017-18187 2 Arm, Debian 2 Mbed Tls, Debian Linux 2019-04-26 7.5
In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an integer overflow in PSK identity parsing in the ssl_parse_client_psk_identity() function in library/ssl_srv.c.
CVE-2017-5754 2 Arm, Intel 25 Cortex-a, Atom C, Atom E and 22 more 2019-04-23 4.7
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
CVE-2017-5753 2 Arm, Intel 26 Cortex-a, Atom C, Atom E and 23 more 2019-04-23 4.7
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVE-2018-1000061 1 Arm 1 Mbed Tls 2019-03-25 7.5
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2018-9988 2 Arm, Debian 2 Mbed Tls, Debian Linux 2019-02-27 5.0
ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.
CVE-2018-19608 1 Arm 1 Mbed Tls 2019-02-05 1.9
Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.
CVE-2018-19440 1 Arm 1 Trusted Firmware-a 2019-02-01 5.0
ARM Trusted Firmware-A allows information disclosure.
CVE-2017-15031 1 Arm 1 Arm-trusted-firmware 2019-01-24 5.0
In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information.
CVE-2017-5715 2 Arm, Intel 25 Cortex-a, Atom C, Atom E and 22 more 2018-11-30 4.7
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVE-2018-3640 2 Arm, Intel 19 Cortex-a, Atom C, Atom E and 16 more 2018-10-31 4.7
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka...
CVE-2018-0488 1 Arm 1 Mbed Tls 2018-10-21 7.5
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet...
CVE-2018-0487 1 Arm 1 Mbed Tls 2018-10-21 7.5
ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature...