Filtered by vendor Arm
Subscribe
Total
196 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-25835 | 2 Arm, Linaro | 2 Mbed Tls, Tf-psa-crypto | 2026-06-01 | N/A | 7.7 HIGH |
| Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG). | |||||
| CVE-2018-3639 | 12 Arm, Canonical, Debian and 9 more | 321 Cortex-a, Ubuntu Linux, Debian Linux and 318 more | 2026-05-29 | 2.1 LOW | 5.5 MEDIUM |
| Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. | |||||
| CVE-2017-5754 | 2 Arm, Intel | 209 Cortex-a, Atom C, Atom E and 206 more | 2026-05-28 | 4.7 MEDIUM | 5.6 MEDIUM |
| Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. | |||||
| CVE-2017-5753 | 13 Arm, Canonical, Debian and 10 more | 387 Cortex-a12, Cortex-a12 Firmware, Cortex-a15 and 384 more | 2026-05-28 | 4.7 MEDIUM | 5.6 MEDIUM |
| Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | |||||
| CVE-2017-7564 | 1 Arm | 1 Arm Trusted Firmware | 2026-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attackers to cause a denial of service (secure world panic) via vectors involving debug exceptions and debug registers. | |||||
| CVE-2017-9607 | 1 Arm | 1 Arm-trusted-firmware | 2026-05-13 | 5.1 MEDIUM | 7.0 HIGH |
| The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism, cause a denial of service, or possibly have unspecified other impact via a crafted AArch32 image, which triggers an integer overflow. | |||||
| CVE-2017-7563 | 1 Arm | 1 Arm Trusted Firmware | 2026-05-13 | 6.8 MEDIUM | 8.1 HIGH |
| In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. This issue occurs because of inconsistency in the number of execute-never bits (one bit versus two bits). | |||||
| CVE-2017-14032 | 1 Arm | 1 Mbed Tls | 2026-05-13 | 6.8 MEDIUM | 8.1 HIGH |
| ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected. | |||||
| CVE-2017-2784 | 1 Arm | 1 Mbed Tls | 2026-05-13 | 6.8 MEDIUM | 8.1 HIGH |
| An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications. | |||||
| CVE-2015-8036 | 5 Arm, Debian, Fedoraproject and 2 more | 5 Mbed Tls, Debian Linux, Fedora and 2 more | 2026-05-06 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session. NOTE: this identifier was SPLIT from CVE-2015-5291 per ADT3 due to different affected version ranges. | |||||
| CVE-2015-5291 | 5 Arm, Debian, Fedoraproject and 2 more | 6 Mbed Tls, Debian Linux, Fedora and 3 more | 2026-05-06 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0. | |||||
| CVE-2026-0995 | 1 Arm | 2 C1-pro, C1-pro Firmware | 2026-04-20 | N/A | 3.6 LOW |
| An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME. | |||||
| CVE-2026-34876 | 1 Arm | 1 Mbed Tls | 2026-04-07 | N/A | 7.5 HIGH |
| An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by missing validation of the tag_len parameter against the size of the internal 16-byte authentication buffer. The issue affects the public multipart CCM API in Mbed TLS 3.x, where mbedtls_ccm_finish() can be invoked directly by applications. In Mbed TLS 4.x versions prior to the fix, the same missing validation exists in the internal implementation; however, the function is not exposed as part of the public API. Exploitation requires application-level invocation of the multipart CCM API. | |||||
| CVE-2026-34873 | 1 Arm | 1 Mbed Tls | 2026-04-07 | N/A | 9.1 CRITICAL |
| An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session. | |||||
| CVE-2026-34877 | 1 Arm | 1 Mbed Tls | 2026-04-06 | N/A | 9.8 CRITICAL |
| An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is caused by Incorrect Use of Privileged APIs. | |||||
| CVE-2026-34871 | 1 Arm | 2 Mbed Tls, Tf-psa-crypto | 2026-04-06 | N/A | 6.7 MEDIUM |
| An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG). | |||||
| CVE-2026-25833 | 1 Arm | 1 Mbed Tls | 2026-04-06 | N/A | 7.5 HIGH |
| Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function | |||||
| CVE-2026-34875 | 1 Arm | 2 Mbed Tls, Tf-psa-crypto | 2026-04-06 | N/A | 9.8 CRITICAL |
| An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys. | |||||
| CVE-2026-25834 | 1 Arm | 1 Mbed Tls | 2026-04-06 | N/A | 6.5 MEDIUM |
| Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade. | |||||
| CVE-2026-34874 | 1 Arm | 1 Mbed Tls | 2026-04-03 | N/A | 7.5 HIGH |
| An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0. | |||||